bin/dnssec/dnssec-dsfromkey.docbook

	dnssec-dsfromkey.docbook revision 0c27b3fe77ac1d5094ba3521e8142d9e7973133f
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews<!--
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews - Copyright (C) 2008-2012, 2014-2016  Internet Systems Consortium, Inc. ("ISC")
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews -
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews - This Source Code Form is subject to the terms of the Mozilla Public
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews - License, v. 2.0. If a copy of the MPL was not distributed with this
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews - file, You can obtain one at http://mozilla.org/MPL/2.0/.
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews-->
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<!-- Converted by db4-upgrade version 1.0 -->
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="man.dnssec-dsfromkey">
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt  <info>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt    <date>2012-05-02</date>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt  </info>
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews  <refentryinfo>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt    <corpname>ISC</corpname>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt    <corpauthor>Internet Systems Consortium, Inc.</corpauthor>
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews  </refentryinfo>
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews  <refmeta>
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews    <refentrytitle><application>dnssec-dsfromkey</application></refentrytitle>
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews    <manvolnum>8</manvolnum>
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews    <refmiscinfo>BIND9</refmiscinfo>
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews  </refmeta>
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews  <refnamediv>
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews    <refname><application>dnssec-dsfromkey</application></refname>
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews    <refpurpose>DNSSEC DS RR generation tool</refpurpose>
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews  </refnamediv>
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews  <docinfo>
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews    <copyright>
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews      <year>2008</year>
dde8659175c5798267fb0fdefd7576e4efe271b3Automatic Updater      <year>2009</year>
a094c46640de70bb03a9351211fb17c41b6fbbb5Automatic Updater      <year>2010</year>
06140f733a711340d20650b9b096efe234d6ebcbAutomatic Updater      <year>2011</year>
99d8f5a70440ee8b63ab1745d713b96dde890546Tinderbox User      <year>2012</year>
938440694b33cd752e9e4b71a526368b4811c177Tinderbox User      <year>2014</year>
431e5c81dbd81cf411b9a187fa5f611f23c0e16fTinderbox User      <year>2015</year>
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews      <year>2016</year>
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews      <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews    </copyright>
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews  </docinfo>
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews  <refsynopsisdiv>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt    <cmdsynopsis sepchar=" ">
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews      <command>dnssec-dsfromkey</command>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt      <arg choice="opt" rep="norepeat"><option>-v <replaceable class="parameter">level</replaceable></option></arg>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt      <arg choice="opt" rep="norepeat"><option>-1</option></arg>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt      <arg choice="opt" rep="norepeat"><option>-2</option></arg>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt      <arg choice="opt" rep="norepeat"><option>-a <replaceable class="parameter">alg</replaceable></option></arg>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt      <arg choice="opt" rep="norepeat"><option>-C</option></arg>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt      <arg choice="opt" rep="norepeat"><option>-l <replaceable class="parameter">domain</replaceable></option></arg>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt      <arg choice="opt" rep="norepeat"><option>-T <replaceable class="parameter">TTL</replaceable></option></arg>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt      <arg choice="req" rep="norepeat">keyfile</arg>
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews    </cmdsynopsis>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt    <cmdsynopsis sepchar=" ">
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews      <command>dnssec-dsfromkey</command>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt      <arg choice="req" rep="norepeat">-s</arg>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt      <arg choice="opt" rep="norepeat"><option>-1</option></arg>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt      <arg choice="opt" rep="norepeat"><option>-2</option></arg>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt      <arg choice="opt" rep="norepeat"><option>-a <replaceable class="parameter">alg</replaceable></option></arg>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt      <arg choice="opt" rep="norepeat"><option>-K <replaceable class="parameter">directory</replaceable></option></arg>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt      <arg choice="opt" rep="norepeat"><option>-l <replaceable class="parameter">domain</replaceable></option></arg>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt      <arg choice="opt" rep="norepeat"><option>-s</option></arg>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt      <arg choice="opt" rep="norepeat"><option>-c <replaceable class="parameter">class</replaceable></option></arg>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt      <arg choice="opt" rep="norepeat"><option>-T <replaceable class="parameter">TTL</replaceable></option></arg>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt      <arg choice="opt" rep="norepeat"><option>-f <replaceable class="parameter">file</replaceable></option></arg>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt      <arg choice="opt" rep="norepeat"><option>-A</option></arg>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt      <arg choice="opt" rep="norepeat"><option>-v <replaceable class="parameter">level</replaceable></option></arg>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt      <arg choice="req" rep="norepeat">dnsname</arg>
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews   </cmdsynopsis>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt    <cmdsynopsis sepchar=" ">
42782931073786f98d3d0a617351db40066949a4Mukund Sivaraman      <command>dnssec-dsfromkey</command>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt      <arg choice="opt" rep="norepeat"><option>-h</option></arg>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt      <arg choice="opt" rep="norepeat"><option>-V</option></arg>
42782931073786f98d3d0a617351db40066949a4Mukund Sivaraman   </cmdsynopsis>
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews  </refsynopsisdiv>
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt  <refsection><info><title>DESCRIPTION</title></info>
30eec077db2bdcb6f2a0dc388a3cdde2ede75ec1Mark Andrews
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews    <para><command>dnssec-dsfromkey</command>
832fb12cfeee424a1e5b7cfd3b2da9f39cac3708Jeremy Reed      outputs the Delegation Signer (DS) resource record (RR), as defined in
e17cb80d7cebc23a4de75376155f2231dea193e6Mark Andrews      RFC 3658 and RFC 4509, for the given key(s).
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews    </para>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt  </refsection>
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt  <refsection><info><title>OPTIONS</title></info>
30eec077db2bdcb6f2a0dc388a3cdde2ede75ec1Mark Andrews
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews    <variablelist>
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews      <varlistentry>
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews    <term>-1</term>
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews    <listitem>
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews      <para>
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews        Use SHA-1 as the digest algorithm (the default is to use
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews        both SHA-1 and SHA-256).
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews      </para>
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews    </listitem>
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews      </varlistentry>
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews      <varlistentry>
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews    <term>-2</term>
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews    <listitem>
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews      <para>
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews        Use SHA-256 as the digest algorithm.
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews      </para>
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews    </listitem>
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews      </varlistentry>
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews      <varlistentry>
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews    <term>-a <replaceable class="parameter">algorithm</replaceable></term>
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews    <listitem>
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews      <para>
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews        Select the digest algorithm. The value of
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews        <option>algorithm</option> must be one of SHA-1 (SHA1),
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews        SHA-256 (SHA256), GOST or SHA-384 (SHA384).
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews        These values are case insensitive.
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews      </para>
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews    </listitem>
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews      </varlistentry>
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews
598b502695802c3d4e23316b85368e54f39f5cabMark Andrews      <varlistentry>
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews    <term>-C</term>
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews    <listitem>
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews      <para>
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews        Generate CDS records rather than DS records.  This is mutually
598b502695802c3d4e23316b85368e54f39f5cabMark Andrews        exclusive with generating lookaside records.
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews      </para>
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews    </listitem>
598b502695802c3d4e23316b85368e54f39f5cabMark Andrews      </varlistentry>
598b502695802c3d4e23316b85368e54f39f5cabMark Andrews
b1c6de5456a5287b442de5620282902da39a4968Mark Andrews      <varlistentry>
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews    <term>-T <replaceable class="parameter">TTL</replaceable></term>
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews    <listitem>
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews      <para>
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews        Specifies the TTL of the DS records.
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews      </para>
b1c6de5456a5287b442de5620282902da39a4968Mark Andrews      </listitem>
b1c6de5456a5287b442de5620282902da39a4968Mark Andrews      </varlistentry>
b1c6de5456a5287b442de5620282902da39a4968Mark Andrews
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews      <varlistentry>
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews    <term>-K <replaceable class="parameter">directory</replaceable></term>
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews    <listitem>
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews      <para>
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews        Look for key files (or, in keyset mode,
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews        <filename>keyset-</filename> files) in
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews        <option>directory</option>.
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews      </para>
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews    </listitem>
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt      </varlistentry>
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt      <varlistentry>
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews    <term>-f <replaceable class="parameter">file</replaceable></term>
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews    <listitem>
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews      <para>
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews        Zone file mode: in place of the keyfile name, the argument is
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews        the DNS domain name of a zone master file, which can be read
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews        from <option>file</option>.  If the zone name is the same as
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews        <option>file</option>, then it may be omitted.
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews      </para>
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews      <para>
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews        If <option>file</option> is set to <literal>"-"</literal>, then
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews        the zone data is read from the standard input.  This makes it
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews        possible to use the output of the <command>dig</command>
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews        command as input, as in:
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews      </para>
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews      <para>
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews        <userinput>dig dnskey example.com | dnssec-dsfromkey -f - example.com</userinput>
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews      </para>
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews    </listitem>
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt      </varlistentry>
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt      <varlistentry>
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt        <term>-A</term>
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt        <listitem>
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt          <para>
edad003e630cf9a25db88d95247d10eb96117d66Jeremy C. Reed            Include ZSKs when generating DS records.  Without this option,
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt            only keys which have the KSK flag set will be converted to DS
30eec077db2bdcb6f2a0dc388a3cdde2ede75ec1Mark Andrews            records and printed.  Useful only in zone file mode.
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews          </para>
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews        </listitem>
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews      </varlistentry>
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews
b272d38cc5d24f64c0647a9afb340c21c4b9aaf7Evan Hunt      <varlistentry>
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews    <term>-l <replaceable class="parameter">domain</replaceable></term>
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews    <listitem>
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews      <para>
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews        Generate a DLV set instead of a DS set.  The specified
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews        <option>domain</option> is appended to the name for each
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews        record in the set.
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews        The DNSSEC Lookaside Validation (DLV) RR is described
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews        in RFC 4431.  This is mutually exclusive with generating
598b502695802c3d4e23316b85368e54f39f5cabMark Andrews        CDS records.
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews      </para>
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews    </listitem>
b272d38cc5d24f64c0647a9afb340c21c4b9aaf7Evan Hunt      </varlistentry>
b272d38cc5d24f64c0647a9afb340c21c4b9aaf7Evan Hunt
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews      <varlistentry>
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews    <term>-s</term>
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews    <listitem>
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews      <para>
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews        Keyset mode: in place of the keyfile name, the argument is
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews        the DNS domain name of a keyset file.
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews      </para>
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews    </listitem>
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews      </varlistentry>
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews      <varlistentry>
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews    <term>-c <replaceable class="parameter">class</replaceable></term>
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews    <listitem>
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews      <para>
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews        Specifies the DNS class (default is IN).  Useful only
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews        in keyset or zone file mode.
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews      </para>
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews      </listitem>
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews      </varlistentry>
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews      <varlistentry>
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews    <term>-v <replaceable class="parameter">level</replaceable></term>
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews    <listitem>
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews      <para>
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews        Sets the debugging level.
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews      </para>
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews    </listitem>
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews      </varlistentry>
42782931073786f98d3d0a617351db40066949a4Mukund Sivaraman
42782931073786f98d3d0a617351db40066949a4Mukund Sivaraman      <varlistentry>
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews    <term>-h</term>
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews    <listitem>
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews      <para>
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews        Prints usage information.
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews      </para>
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews    </listitem>
42782931073786f98d3d0a617351db40066949a4Mukund Sivaraman      </varlistentry>
42782931073786f98d3d0a617351db40066949a4Mukund Sivaraman
42782931073786f98d3d0a617351db40066949a4Mukund Sivaraman      <varlistentry>
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews    <term>-V</term>
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews    <listitem>
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews      <para>
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews        Prints version information.
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews      </para>
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews    </listitem>
42782931073786f98d3d0a617351db40066949a4Mukund Sivaraman      </varlistentry>
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews    </variablelist>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt  </refsection>
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt  <refsection><info><title>EXAMPLE</title></info>
30eec077db2bdcb6f2a0dc388a3cdde2ede75ec1Mark Andrews
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews    <para>
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews      To build the SHA-256 DS RR from the
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews      <userinput>Kexample.com.+003+26160</userinput>
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews      keyfile name, the following command would be issued:
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews    </para>
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews    <para><userinput>dnssec-dsfromkey -2 Kexample.com.+003+26160</userinput>
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews    </para>
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews    <para>
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews      The command would print something like:
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews    </para>
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews    <para><userinput>example.com. IN DS 26160 5 2 3A1EADA7A74B8D0BA86726B0C227AA85AB8BBD2B2004F41A868A54F0 C5EA0B94</userinput>
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews    </para>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt  </refsection>
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt  <refsection><info><title>FILES</title></info>
30eec077db2bdcb6f2a0dc388a3cdde2ede75ec1Mark Andrews
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews    <para>
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews      The keyfile can be designed by the key identification
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews      <filename>Knnnn.+aaa+iiiii</filename> or the full file name
832fb12cfeee424a1e5b7cfd3b2da9f39cac3708Jeremy Reed      <filename>Knnnn.+aaa+iiiii.key</filename> as generated by
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews      <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>.
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews    </para>
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews    <para>
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews      The keyset file name is built from the <option>directory</option>,
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews      the string <filename>keyset-</filename> and the
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews      <option>dnsname</option>.
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews    </para>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt  </refsection>
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt  <refsection><info><title>CAVEAT</title></info>
30eec077db2bdcb6f2a0dc388a3cdde2ede75ec1Mark Andrews
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews    <para>
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews      A keyfile error can give a "file not found" even if the file exists.
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews    </para>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt  </refsection>
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt  <refsection><info><title>SEE ALSO</title></info>
30eec077db2bdcb6f2a0dc388a3cdde2ede75ec1Mark Andrews
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews    <para><citerefentry>
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews    <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews      </citerefentry>,
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews      <citerefentry>
e939674d53a127ddeeaf4b41fd72933f0b493308Mark Andrews    <refentrytitle>dnssec-signzone</refentrytitle><manvolnum>8</manvolnum>
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews      </citerefentry>,
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews      <citetitle>BIND 9 Administrator Reference Manual</citetitle>,
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews      <citetitle>RFC 3658</citetitle>,
35490da6150316932957908f2f85109ecf9f7c59Jeremy Reed      <citetitle>RFC 4431</citetitle>.
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews      <citetitle>RFC 4509</citetitle>.
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews    </para>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt  </refsection>
582f8b9a8d170a80ef67475bddb8ad5cf7cd7cadMark Andrews
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt</refentry>