bin/dnssec/dnssec-dsfromkey.docbook

	dnssec-dsfromkey.docbook revision e939674d53a127ddeeaf4b41fd72933f0b493308
c313914d0e66b20969215e519bbf2ab4ecf39512Tinderbox User<!--
c80e152862cc3e3207dc837fde7116bd4c0e4b9dTinderbox User - Copyright (C) 2008-2012, 2014, 2015  Internet Systems Consortium, Inc. ("ISC")
c80e152862cc3e3207dc837fde7116bd4c0e4b9dTinderbox User -
8d1b3ceb4d491ce32572f1702f37ed585eede993Evan Hunt - Permission to use, copy, modify, and/or distribute this software for any
8d1b3ceb4d491ce32572f1702f37ed585eede993Evan Hunt - purpose with or without fee is hereby granted, provided that the above
d77cb075aae5595e460e3299bfc1e8ea5d42b560Evan Hunt - copyright notice and this permission notice appear in all copies.
d77cb075aae5595e460e3299bfc1e8ea5d42b560Evan Hunt -
30ca20f720ad0887772a79e7abb25b4fa0e4b5b0Mark Andrews - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
30ca20f720ad0887772a79e7abb25b4fa0e4b5b0Mark Andrews - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
30ca20f720ad0887772a79e7abb25b4fa0e4b5b0Mark Andrews - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
30ca20f720ad0887772a79e7abb25b4fa0e4b5b0Mark Andrews - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
30ca20f720ad0887772a79e7abb25b4fa0e4b5b0Mark Andrews - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
701a93f5a592e4652343e049aa495d409c3ee133Mark Andrews - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
7ec97ae74e42ec21b354fd2d1366313b41d947d6Evan Hunt - PERFORMANCE OF THIS SOFTWARE.
701a93f5a592e4652343e049aa495d409c3ee133Mark Andrews-->
701a93f5a592e4652343e049aa495d409c3ee133Mark Andrews
002f1373374a0b72fc0329baa682917929bef168Tony Finch<!-- Converted by db4-upgrade version 1.0 -->
002f1373374a0b72fc0329baa682917929bef168Tony Finch<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="man.dnssec-dsfromkey">
8f1ed05dc0aae7ae6c3da6ec6d405df61257a61eMark Andrews  <info>
8f1ed05dc0aae7ae6c3da6ec6d405df61257a61eMark Andrews    <date>2012-05-02</date>
8f1ed05dc0aae7ae6c3da6ec6d405df61257a61eMark Andrews  </info>
8f1ed05dc0aae7ae6c3da6ec6d405df61257a61eMark Andrews  <refentryinfo>
8f1ed05dc0aae7ae6c3da6ec6d405df61257a61eMark Andrews    <corpname>ISC</corpname>
73cf0ba4e82c6baef638ecc4e31321223f841d28Mark Andrews    <corpauthor>Internet Systems Consortium, Inc.</corpauthor>
73cf0ba4e82c6baef638ecc4e31321223f841d28Mark Andrews  </refentryinfo>
73cf0ba4e82c6baef638ecc4e31321223f841d28Mark Andrews
d8351dfc9b725b0d727be7acab6247d7d501d9a0Mark Andrews  <refmeta>
d8351dfc9b725b0d727be7acab6247d7d501d9a0Mark Andrews    <refentrytitle><application>dnssec-dsfromkey</application></refentrytitle>
d8351dfc9b725b0d727be7acab6247d7d501d9a0Mark Andrews    <manvolnum>8</manvolnum>
3a29ce9c08dd31709c73e7187aebda0d360c537bEvan Hunt    <refmiscinfo>BIND9</refmiscinfo>
3a29ce9c08dd31709c73e7187aebda0d360c537bEvan Hunt  </refmeta>
5c78f1f50e53d8e2ed51a187efc2c9a0f43b4b1bMark Andrews
f1740da065d4555039fe8bb53beb4153e3f94de3Mark Andrews  <refnamediv>
f1740da065d4555039fe8bb53beb4153e3f94de3Mark Andrews    <refname><application>dnssec-dsfromkey</application></refname>
f1740da065d4555039fe8bb53beb4153e3f94de3Mark Andrews    <refpurpose>DNSSEC DS RR generation tool</refpurpose>
31c7ab4fb3f7710af87dc9c3d64c5daf9a3dea35Mark Andrews  </refnamediv>
31c7ab4fb3f7710af87dc9c3d64c5daf9a3dea35Mark Andrews
31c7ab4fb3f7710af87dc9c3d64c5daf9a3dea35Mark Andrews  <docinfo>
31c7ab4fb3f7710af87dc9c3d64c5daf9a3dea35Mark Andrews    <copyright>
31c7ab4fb3f7710af87dc9c3d64c5daf9a3dea35Mark Andrews      <year>2008</year>
ad309e8dfa0601d6053aaa12770a98a6940f89deEvan Hunt      <year>2009</year>
ad309e8dfa0601d6053aaa12770a98a6940f89deEvan Hunt      <year>2010</year>
635e4351b04fd61ca6d853bdac6268c090b55129Mark Andrews      <year>2011</year>
635e4351b04fd61ca6d853bdac6268c090b55129Mark Andrews      <year>2012</year>
fc04365d2f83f197c8a54545dd9cd4ce6a209940Mark Andrews      <year>2014</year>
fc04365d2f83f197c8a54545dd9cd4ce6a209940Mark Andrews      <year>2015</year>
7cbac360bf98c0a52b2d6866ad887616c32d4d3aMark Andrews      <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
7cbac360bf98c0a52b2d6866ad887616c32d4d3aMark Andrews    </copyright>
7cbac360bf98c0a52b2d6866ad887616c32d4d3aMark Andrews  </docinfo>
1cf118a656f5fd210787908b845362077fc507f8Evan Hunt
1cf118a656f5fd210787908b845362077fc507f8Evan Hunt  <refsynopsisdiv>
1cf118a656f5fd210787908b845362077fc507f8Evan Hunt    <cmdsynopsis sepchar=" ">
1cf118a656f5fd210787908b845362077fc507f8Evan Hunt      <command>dnssec-dsfromkey</command>
1cf118a656f5fd210787908b845362077fc507f8Evan Hunt      <arg choice="opt" rep="norepeat"><option>-v <replaceable class="parameter">level</replaceable></option></arg>
1cf118a656f5fd210787908b845362077fc507f8Evan Hunt      <arg choice="opt" rep="norepeat"><option>-1</option></arg>
1cf118a656f5fd210787908b845362077fc507f8Evan Hunt      <arg choice="opt" rep="norepeat"><option>-2</option></arg>
1cf118a656f5fd210787908b845362077fc507f8Evan Hunt      <arg choice="opt" rep="norepeat"><option>-a <replaceable class="parameter">alg</replaceable></option></arg>
6fb3db01acad7f5c1f4e23789fb0f2ce56cc07deMukund Sivaraman      <arg choice="opt" rep="norepeat"><option>-C</option></arg>
6fb3db01acad7f5c1f4e23789fb0f2ce56cc07deMukund Sivaraman      <arg choice="opt" rep="norepeat"><option>-l <replaceable class="parameter">domain</replaceable></option></arg>
6fb3db01acad7f5c1f4e23789fb0f2ce56cc07deMukund Sivaraman      <arg choice="opt" rep="norepeat"><option>-T <replaceable class="parameter">TTL</replaceable></option></arg>
fd82c70695888c134287b8018296028c252d100eMukund Sivaraman      <arg choice="req" rep="norepeat">keyfile</arg>
fd82c70695888c134287b8018296028c252d100eMukund Sivaraman    </cmdsynopsis>
fd82c70695888c134287b8018296028c252d100eMukund Sivaraman    <cmdsynopsis sepchar=" ">
fd82c70695888c134287b8018296028c252d100eMukund Sivaraman      <command>dnssec-dsfromkey</command>
4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews      <arg choice="req" rep="norepeat">-s</arg>
4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews      <arg choice="opt" rep="norepeat"><option>-1</option></arg>
4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews      <arg choice="opt" rep="norepeat"><option>-2</option></arg>
2cf0fe3b8092f64f8f68ae3693fe2e73e90ad1a4Mark Andrews      <arg choice="opt" rep="norepeat"><option>-a <replaceable class="parameter">alg</replaceable></option></arg>
2cf0fe3b8092f64f8f68ae3693fe2e73e90ad1a4Mark Andrews      <arg choice="opt" rep="norepeat"><option>-K <replaceable class="parameter">directory</replaceable></option></arg>
2cf0fe3b8092f64f8f68ae3693fe2e73e90ad1a4Mark Andrews      <arg choice="opt" rep="norepeat"><option>-l <replaceable class="parameter">domain</replaceable></option></arg>
2cf0fe3b8092f64f8f68ae3693fe2e73e90ad1a4Mark Andrews      <arg choice="opt" rep="norepeat"><option>-s</option></arg>
4221d9cd1d02311fbf9b5f08a038f5af78b10b4aEvan Hunt      <arg choice="opt" rep="norepeat"><option>-c <replaceable class="parameter">class</replaceable></option></arg>
4221d9cd1d02311fbf9b5f08a038f5af78b10b4aEvan Hunt      <arg choice="opt" rep="norepeat"><option>-T <replaceable class="parameter">TTL</replaceable></option></arg>
4221d9cd1d02311fbf9b5f08a038f5af78b10b4aEvan Hunt      <arg choice="opt" rep="norepeat"><option>-f <replaceable class="parameter">file</replaceable></option></arg>
4221d9cd1d02311fbf9b5f08a038f5af78b10b4aEvan Hunt      <arg choice="opt" rep="norepeat"><option>-A</option></arg>
4221d9cd1d02311fbf9b5f08a038f5af78b10b4aEvan Hunt      <arg choice="opt" rep="norepeat"><option>-v <replaceable class="parameter">level</replaceable></option></arg>
f9c410d93711fbf312a0162f1e2d3f2a5ede69afFrancis Dupont      <arg choice="req" rep="norepeat">dnsname</arg>
f9c410d93711fbf312a0162f1e2d3f2a5ede69afFrancis Dupont   </cmdsynopsis>
f9c410d93711fbf312a0162f1e2d3f2a5ede69afFrancis Dupont    <cmdsynopsis sepchar=" ">
f9c410d93711fbf312a0162f1e2d3f2a5ede69afFrancis Dupont      <command>dnssec-dsfromkey</command>
e526027287b849f0b6ab6e069156697cbafa22c1Michał Kępień      <arg choice="opt" rep="norepeat"><option>-h</option></arg>
e526027287b849f0b6ab6e069156697cbafa22c1Michał Kępień      <arg choice="opt" rep="norepeat"><option>-V</option></arg>
e526027287b849f0b6ab6e069156697cbafa22c1Michał Kępień   </cmdsynopsis>
e526027287b849f0b6ab6e069156697cbafa22c1Michał Kępień  </refsynopsisdiv>
929329d2d66a7e1083c70a9c918381935bf12799Mukund Sivaraman
929329d2d66a7e1083c70a9c918381935bf12799Mukund Sivaraman  <refsection><info><title>DESCRIPTION</title></info>
929329d2d66a7e1083c70a9c918381935bf12799Mukund Sivaraman
7e1a62eea2e4ba9d6c3fc718e679b965fa514f69Mark Andrews    <para><command>dnssec-dsfromkey</command>
ec29d217ba3a2bf3e617a7b5b6708ae221bee999Mark Andrews      outputs the Delegation Signer (DS) resource record (RR), as defined in
ec29d217ba3a2bf3e617a7b5b6708ae221bee999Mark Andrews      RFC 3658 and RFC 4509, for the given key(s).
afefd754734f896bf3e0590177fff83e7cdfdf35Mark Andrews    </para>
afefd754734f896bf3e0590177fff83e7cdfdf35Mark Andrews  </refsection>
afefd754734f896bf3e0590177fff83e7cdfdf35Mark Andrews
f0353a586c2bfbae999193cb644b6bc94c7944d8Mark Andrews  <refsection><info><title>OPTIONS</title></info>
f0353a586c2bfbae999193cb644b6bc94c7944d8Mark Andrews
7ff28f5befbee76048a23e504dcd3f9a44ce6209Evan Hunt
7ff28f5befbee76048a23e504dcd3f9a44ce6209Evan Hunt    <variablelist>
7ff28f5befbee76048a23e504dcd3f9a44ce6209Evan Hunt      <varlistentry>
7ff28f5befbee76048a23e504dcd3f9a44ce6209Evan Hunt    <term>-1</term>
7ff28f5befbee76048a23e504dcd3f9a44ce6209Evan Hunt    <listitem>
7ff28f5befbee76048a23e504dcd3f9a44ce6209Evan Hunt      <para>
7ff28f5befbee76048a23e504dcd3f9a44ce6209Evan Hunt        Use SHA-1 as the digest algorithm (the default is to use
7ff28f5befbee76048a23e504dcd3f9a44ce6209Evan Hunt        both SHA-1 and SHA-256).
7ff28f5befbee76048a23e504dcd3f9a44ce6209Evan Hunt      </para>
7ff28f5befbee76048a23e504dcd3f9a44ce6209Evan Hunt    </listitem>
cad79077bd5b2616bc4a7a6b3cbc0953bef8917fMark Andrews      </varlistentry>
cad79077bd5b2616bc4a7a6b3cbc0953bef8917fMark Andrews
cad79077bd5b2616bc4a7a6b3cbc0953bef8917fMark Andrews      <varlistentry>
cad79077bd5b2616bc4a7a6b3cbc0953bef8917fMark Andrews    <term>-2</term>
adfe58e8e5cd1890585e92b67f1fd01989a1fa7dMark Andrews    <listitem>
adfe58e8e5cd1890585e92b67f1fd01989a1fa7dMark Andrews      <para>
adfe58e8e5cd1890585e92b67f1fd01989a1fa7dMark Andrews        Use SHA-256 as the digest algorithm.
c3237dec879f82855403ff7e3ba87b298172efd5Mark Andrews      </para>
c3237dec879f82855403ff7e3ba87b298172efd5Mark Andrews    </listitem>
c3237dec879f82855403ff7e3ba87b298172efd5Mark Andrews      </varlistentry>
c3237dec879f82855403ff7e3ba87b298172efd5Mark Andrews
c3237dec879f82855403ff7e3ba87b298172efd5Mark Andrews      <varlistentry>
cb616c6d5c2ece1fac37fa6e0bca2b53d4043098Mark Andrews    <term>-a <replaceable class="parameter">algorithm</replaceable></term>
cb616c6d5c2ece1fac37fa6e0bca2b53d4043098Mark Andrews    <listitem>
cb616c6d5c2ece1fac37fa6e0bca2b53d4043098Mark Andrews      <para>
c0a2210466dec0cc81ebf2ffbe21693b57b9c29cMark Andrews        Select the digest algorithm. The value of
c0a2210466dec0cc81ebf2ffbe21693b57b9c29cMark Andrews        <option>algorithm</option> must be one of SHA-1 (SHA1),
c0a2210466dec0cc81ebf2ffbe21693b57b9c29cMark Andrews        SHA-256 (SHA256), GOST or SHA-384 (SHA384).
534057c9f91a3eb6e0541f3526459c716239b337Mark Andrews        These values are case insensitive.
534057c9f91a3eb6e0541f3526459c716239b337Mark Andrews      </para>
534057c9f91a3eb6e0541f3526459c716239b337Mark Andrews    </listitem>
0f14b041328c062b1fa391887376388dfc8b2fe5Mark Andrews      </varlistentry>
0f14b041328c062b1fa391887376388dfc8b2fe5Mark Andrews
0f14b041328c062b1fa391887376388dfc8b2fe5Mark Andrews      <varlistentry>
0f14b041328c062b1fa391887376388dfc8b2fe5Mark Andrews    <term>-C</term>
f7f4730e563a2749629fe7fef4cd9513cd2bfab7Mark Andrews    <listitem>
f7f4730e563a2749629fe7fef4cd9513cd2bfab7Mark Andrews      <para>
1848d38f441ebf70ab21f6151bc3487a92d25b63Mark Andrews        Generate CDS records rather than DS records.  This is mutually
1848d38f441ebf70ab21f6151bc3487a92d25b63Mark Andrews        exclusive with generating lookaside records.
2d82ed9456e72dc4373bea19d63411afe1c48962Mark Andrews      </para>
2d82ed9456e72dc4373bea19d63411afe1c48962Mark Andrews    </listitem>
2d82ed9456e72dc4373bea19d63411afe1c48962Mark Andrews      </varlistentry>
a5a1cbece45e6ca68aafe3b9b995eac6b0f45dd2Mark Andrews
a5a1cbece45e6ca68aafe3b9b995eac6b0f45dd2Mark Andrews      <varlistentry>
0d6328ce5f6b799f8e7c6cbbb3b965cf29bfb7baMark Andrews    <term>-T <replaceable class="parameter">TTL</replaceable></term>
0d6328ce5f6b799f8e7c6cbbb3b965cf29bfb7baMark Andrews    <listitem>
0d6328ce5f6b799f8e7c6cbbb3b965cf29bfb7baMark Andrews      <para>
e01ef6f01c7e8f80122cd80a2e011425a0135489Mark Andrews        Specifies the TTL of the DS records.
677f507de7c546c187c1505c48bc7b440545485cMark Andrews      </para>
677f507de7c546c187c1505c48bc7b440545485cMark Andrews      </listitem>
677f507de7c546c187c1505c48bc7b440545485cMark Andrews      </varlistentry>
124cc0660c7eff8021c2422fb47441e9ca08b3f9Tinderbox User
e01ef6f01c7e8f80122cd80a2e011425a0135489Mark Andrews      <varlistentry>
677f507de7c546c187c1505c48bc7b440545485cMark Andrews    <term>-K <replaceable class="parameter">directory</replaceable></term>
677f507de7c546c187c1505c48bc7b440545485cMark Andrews    <listitem>
677f507de7c546c187c1505c48bc7b440545485cMark Andrews      <para>
677f507de7c546c187c1505c48bc7b440545485cMark Andrews        Look for key files (or, in keyset mode,
677f507de7c546c187c1505c48bc7b440545485cMark Andrews        <filename>keyset-</filename> files) in
677f507de7c546c187c1505c48bc7b440545485cMark Andrews        <option>directory</option>.
bf459d24a117ae2c54c37016430b41cd6d73491cMark Andrews      </para>
bf459d24a117ae2c54c37016430b41cd6d73491cMark Andrews    </listitem>
bf459d24a117ae2c54c37016430b41cd6d73491cMark Andrews      </varlistentry>
677f507de7c546c187c1505c48bc7b440545485cMark Andrews
677f507de7c546c187c1505c48bc7b440545485cMark Andrews      <varlistentry>
677f507de7c546c187c1505c48bc7b440545485cMark Andrews    <term>-f <replaceable class="parameter">file</replaceable></term>
bf459d24a117ae2c54c37016430b41cd6d73491cMark Andrews    <listitem>
f53e0bda467d96dfeeba1b4da30c37b37766bb75Evan Hunt      <para>
f53e0bda467d96dfeeba1b4da30c37b37766bb75Evan Hunt        Zone file mode: in place of the keyfile name, the argument is
f53e0bda467d96dfeeba1b4da30c37b37766bb75Evan Hunt        the DNS domain name of a zone master file, which can be read
f53e0bda467d96dfeeba1b4da30c37b37766bb75Evan Hunt        from <option>file</option>.  If the zone name is the same as
f53e0bda467d96dfeeba1b4da30c37b37766bb75Evan Hunt        <option>file</option>, then it may be omitted.
81e3e3084980afcd61416f572c6e72d38a3808abMichał Kępień      </para>
81e3e3084980afcd61416f572c6e72d38a3808abMichał Kępień      <para>
81e3e3084980afcd61416f572c6e72d38a3808abMichał Kępień        If <option>file</option> is set to <literal>"-"</literal>, then
81e3e3084980afcd61416f572c6e72d38a3808abMichał Kępień        the zone data is read from the standard input.  This makes it
64d7fa3ec4785b390665860aa6bdae304b3c1d24Mark Andrews        possible to use the output of the <command>dig</command>
64d7fa3ec4785b390665860aa6bdae304b3c1d24Mark Andrews        command as input, as in:
64d7fa3ec4785b390665860aa6bdae304b3c1d24Mark Andrews      </para>
64d7fa3ec4785b390665860aa6bdae304b3c1d24Mark Andrews      <para>
64d7fa3ec4785b390665860aa6bdae304b3c1d24Mark Andrews        <userinput>dig dnskey example.com | dnssec-dsfromkey -f - example.com</userinput>
64d7fa3ec4785b390665860aa6bdae304b3c1d24Mark Andrews      </para>
75505befa93c993aa5d2df24a2b64eac0c34cbffMark Andrews    </listitem>
75505befa93c993aa5d2df24a2b64eac0c34cbffMark Andrews      </varlistentry>
75505befa93c993aa5d2df24a2b64eac0c34cbffMark Andrews
a38f07c73790170842e4523b4a474d01ca0dede1Michał Kępień      <varlistentry>
a38f07c73790170842e4523b4a474d01ca0dede1Michał Kępień        <term>-A</term>
a38f07c73790170842e4523b4a474d01ca0dede1Michał Kępień        <listitem>
39d5523a8afc73cbdb4fa426de2ce071267a5d6fMark Andrews          <para>
39d5523a8afc73cbdb4fa426de2ce071267a5d6fMark Andrews            Include ZSKs when generating DS records.  Without this option,
39d5523a8afc73cbdb4fa426de2ce071267a5d6fMark Andrews            only keys which have the KSK flag set will be converted to DS
39d5523a8afc73cbdb4fa426de2ce071267a5d6fMark Andrews            records and printed.  Useful only in zone file mode.
1f4a3c7088594d1b64cd734eb69e1fd023fde8bfMichał Kępień          </para>
1f4a3c7088594d1b64cd734eb69e1fd023fde8bfMichał Kępień        </listitem>
1f4a3c7088594d1b64cd734eb69e1fd023fde8bfMichał Kępień      </varlistentry>
91827e6fd3851a5fe129ef5409ff45833ca01a0eMark Andrews
91827e6fd3851a5fe129ef5409ff45833ca01a0eMark Andrews      <varlistentry>
91827e6fd3851a5fe129ef5409ff45833ca01a0eMark Andrews    <term>-l <replaceable class="parameter">domain</replaceable></term>
35aae5884f410180706a89a9715bf9a85eeeb4b7Michał Kępień    <listitem>
35aae5884f410180706a89a9715bf9a85eeeb4b7Michał Kępień      <para>
35aae5884f410180706a89a9715bf9a85eeeb4b7Michał Kępień        Generate a DLV set instead of a DS set.  The specified
57b1d64d9ae12d56973716e96f9743a00d47af4aMichał Kępień        <option>domain</option> is appended to the name for each
57b1d64d9ae12d56973716e96f9743a00d47af4aMichał Kępień        record in the set.
57b1d64d9ae12d56973716e96f9743a00d47af4aMichał Kępień        The DNSSEC Lookaside Validation (DLV) RR is described
2d517e233ff3b3fcd272eb5b2e2d3db6d31a1681Michał Kępień        in RFC 4431.  This is mutually exclusive with generating
2d517e233ff3b3fcd272eb5b2e2d3db6d31a1681Michał Kępień        CDS records.
2d517e233ff3b3fcd272eb5b2e2d3db6d31a1681Michał Kępień      </para>
09c3efda414314d7edcfb2aed9463fb935fc95a6Mark Andrews    </listitem>
09c3efda414314d7edcfb2aed9463fb935fc95a6Mark Andrews      </varlistentry>
86d2f9abc8493321aacb0d540485de4d562fb734Mark Andrews
86d2f9abc8493321aacb0d540485de4d562fb734Mark Andrews      <varlistentry>
86d2f9abc8493321aacb0d540485de4d562fb734Mark Andrews    <term>-s</term>
86d2f9abc8493321aacb0d540485de4d562fb734Mark Andrews    <listitem>
86d2f9abc8493321aacb0d540485de4d562fb734Mark Andrews      <para>
86d2f9abc8493321aacb0d540485de4d562fb734Mark Andrews        Keyset mode: in place of the keyfile name, the argument is
86d2f9abc8493321aacb0d540485de4d562fb734Mark Andrews        the DNS domain name of a keyset file.
86d2f9abc8493321aacb0d540485de4d562fb734Mark Andrews      </para>
09c3efda414314d7edcfb2aed9463fb935fc95a6Mark Andrews    </listitem>
86d2f9abc8493321aacb0d540485de4d562fb734Mark Andrews      </varlistentry>
c7e57ce1b0bca9bc7da14bec485f7a7e3e4c761fMichał Kępień
c7e57ce1b0bca9bc7da14bec485f7a7e3e4c761fMichał Kępień      <varlistentry>
c7e57ce1b0bca9bc7da14bec485f7a7e3e4c761fMichał Kępień    <term>-c <replaceable class="parameter">class</replaceable></term>
3ed16e796dba90c96933c8a8a3f5b9404d8d3e61Mark Andrews    <listitem>
3ed16e796dba90c96933c8a8a3f5b9404d8d3e61Mark Andrews      <para>
3ed16e796dba90c96933c8a8a3f5b9404d8d3e61Mark Andrews        Specifies the DNS class (default is IN).  Useful only
14d8a144779b54b103d2da741a2242bf5f9052f7Mark Andrews        in keyset or zone file mode.
14d8a144779b54b103d2da741a2242bf5f9052f7Mark Andrews      </para>
14d8a144779b54b103d2da741a2242bf5f9052f7Mark Andrews      </listitem>
70e041bea19b6ad9522b89c2299ad315a2deaafdMark Andrews      </varlistentry>
70e041bea19b6ad9522b89c2299ad315a2deaafdMark Andrews
70e041bea19b6ad9522b89c2299ad315a2deaafdMark Andrews      <varlistentry>
67247b4a8304bac790648a351a95b8b0f4c512a6Mark Andrews    <term>-v <replaceable class="parameter">level</replaceable></term>
67247b4a8304bac790648a351a95b8b0f4c512a6Mark Andrews    <listitem>
eeb919b6f572e033d97cf001e4cd44aaff54e5dcMichał Kępień      <para>
eeb919b6f572e033d97cf001e4cd44aaff54e5dcMichał Kępień        Sets the debugging level.
eeb919b6f572e033d97cf001e4cd44aaff54e5dcMichał Kępień      </para>
a55438eda32ecebf43ead45b216662b7923a465fMark Andrews    </listitem>
a55438eda32ecebf43ead45b216662b7923a465fMark Andrews      </varlistentry>
a55438eda32ecebf43ead45b216662b7923a465fMark Andrews
8de17f83cafa91a5720dd0b8c1aee5f47f6d7f09Evan Hunt      <varlistentry>
8de17f83cafa91a5720dd0b8c1aee5f47f6d7f09Evan Hunt    <term>-h</term>
8de17f83cafa91a5720dd0b8c1aee5f47f6d7f09Evan Hunt    <listitem>
9789e54e55b61b669fb31a8b70e9655e8357dda2Mark Andrews      <para>
9789e54e55b61b669fb31a8b70e9655e8357dda2Mark Andrews        Prints usage information.
f8362536c647625e602c8450a778a2b7ba90c9f4Mark Andrews      </para>
f8362536c647625e602c8450a778a2b7ba90c9f4Mark Andrews    </listitem>
f8362536c647625e602c8450a778a2b7ba90c9f4Mark Andrews      </varlistentry>
24231e53a5c3079431f84dcddfee1e761fec7329Mark Andrews
24231e53a5c3079431f84dcddfee1e761fec7329Mark Andrews      <varlistentry>
24231e53a5c3079431f84dcddfee1e761fec7329Mark Andrews    <term>-V</term>
24231e53a5c3079431f84dcddfee1e761fec7329Mark Andrews    <listitem>
4b669b69bae7dedda2faa09a7ade247499c1d49cMichał Kępień      <para>
4b669b69bae7dedda2faa09a7ade247499c1d49cMichał Kępień        Prints version information.
4b669b69bae7dedda2faa09a7ade247499c1d49cMichał Kępień      </para>
4b669b69bae7dedda2faa09a7ade247499c1d49cMichał Kępień    </listitem>
eb11b39981689e4a20fbe95e533577eacab992b4Mukund Sivaraman      </varlistentry>
eb11b39981689e4a20fbe95e533577eacab992b4Mukund Sivaraman    </variablelist>
eb11b39981689e4a20fbe95e533577eacab992b4Mukund Sivaraman  </refsection>
8daeae9b01a2b7eb9fd6511b352b03bd7d96ae79Michał Kępień
8daeae9b01a2b7eb9fd6511b352b03bd7d96ae79Michał Kępień  <refsection><info><title>EXAMPLE</title></info>
e7c0f978425f45731b08be1363f20626b0344f23Evan Hunt
e7c0f978425f45731b08be1363f20626b0344f23Evan Hunt    <para>
01967d183990e44752fe61f193dab9c04c3afd9cEvan Hunt      To build the SHA-256 DS RR from the
01967d183990e44752fe61f193dab9c04c3afd9cEvan Hunt      <userinput>Kexample.com.+003+26160</userinput>
01967d183990e44752fe61f193dab9c04c3afd9cEvan Hunt      keyfile name, the following command would be issued:
575e9d9e4b6beaae688f107814a320b91243a4b2Mark Andrews    </para>
575e9d9e4b6beaae688f107814a320b91243a4b2Mark Andrews    <para><userinput>dnssec-dsfromkey -2 Kexample.com.+003+26160</userinput>
575e9d9e4b6beaae688f107814a320b91243a4b2Mark Andrews    </para>
575e9d9e4b6beaae688f107814a320b91243a4b2Mark Andrews    <para>
7c442d7fe06bc95432af7513764e5cc85e133648Evan Hunt      The command would print something like:
7c442d7fe06bc95432af7513764e5cc85e133648Evan Hunt    </para>
7c442d7fe06bc95432af7513764e5cc85e133648Evan Hunt    <para><userinput>example.com. IN DS 26160 5 2 3A1EADA7A74B8D0BA86726B0C227AA85AB8BBD2B2004F41A868A54F0 C5EA0B94</userinput>
7c442d7fe06bc95432af7513764e5cc85e133648Evan Hunt    </para>
5e1ca7a326741a8f74e6f2b907c7e1fbf428bf80Michał Kępień  </refsection>
5e1ca7a326741a8f74e6f2b907c7e1fbf428bf80Michał Kępień
5e1ca7a326741a8f74e6f2b907c7e1fbf428bf80Michał Kępień  <refsection><info><title>FILES</title></info>
5e1ca7a326741a8f74e6f2b907c7e1fbf428bf80Michał Kępień
ba93bc80a7bce5ba07b2f98e68f0f57402f2459cMark Andrews    <para>
ba93bc80a7bce5ba07b2f98e68f0f57402f2459cMark Andrews      The keyfile can be designed by the key identification
8ed107eab48687887d45a1ceb18b712bc7209dbaTinderbox User      <filename>Knnnn.+aaa+iiiii</filename> or the full file name
ba93bc80a7bce5ba07b2f98e68f0f57402f2459cMark Andrews      <filename>Knnnn.+aaa+iiiii.key</filename> as generated by
5f103158280fb2e814db305f917aa42040221623Mark Andrews      <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>.
5f103158280fb2e814db305f917aa42040221623Mark Andrews    </para>
5f103158280fb2e814db305f917aa42040221623Mark Andrews    <para>
5f103158280fb2e814db305f917aa42040221623Mark Andrews      The keyset file name is built from the <option>directory</option>,
e5715e1fe12e5ad17522bd41c31e637c869d27b7Evan Hunt      the string <filename>keyset-</filename> and the
e5715e1fe12e5ad17522bd41c31e637c869d27b7Evan Hunt      <option>dnsname</option>.
b7b76d6b855cd4c1152c26d34fb61af05f965c5eEvan Hunt    </para>
b7b76d6b855cd4c1152c26d34fb61af05f965c5eEvan Hunt  </refsection>
b7b76d6b855cd4c1152c26d34fb61af05f965c5eEvan Hunt
b7b76d6b855cd4c1152c26d34fb61af05f965c5eEvan Hunt  <refsection><info><title>CAVEAT</title></info>
764e2f3413ca89d09abffb3eb228c8c820bf08b8Mark Andrews
764e2f3413ca89d09abffb3eb228c8c820bf08b8Mark Andrews    <para>
764e2f3413ca89d09abffb3eb228c8c820bf08b8Mark Andrews      A keyfile error can give a "file not found" even if the file exists.
764e2f3413ca89d09abffb3eb228c8c820bf08b8Mark Andrews    </para>
a06198688faca5c7bc1a35ec0ec18bc68c07691cEvan Hunt  </refsection>
a06198688faca5c7bc1a35ec0ec18bc68c07691cEvan Hunt
a06198688faca5c7bc1a35ec0ec18bc68c07691cEvan Hunt  <refsection><info><title>SEE ALSO</title></info>
50433a667cf0ed3ac7807768b745b0d870ff8c8bMark Andrews
50433a667cf0ed3ac7807768b745b0d870ff8c8bMark Andrews    <para><citerefentry>
3c12bec945ee71a38c5ba6f624abd12e2da7eea5Mark Andrews    <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
3c12bec945ee71a38c5ba6f624abd12e2da7eea5Mark Andrews      </citerefentry>,
f44202ab640d22e17b4c74bdad7817622918bd27Mark Andrews      <citerefentry>
f44202ab640d22e17b4c74bdad7817622918bd27Mark Andrews    <refentrytitle>dnssec-signzone</refentrytitle><manvolnum>8</manvolnum>
f44202ab640d22e17b4c74bdad7817622918bd27Mark Andrews      </citerefentry>,
ad9772c559c6aa42f8930f4acf1a2d833a08040aMichał Kępień      <citetitle>BIND 9 Administrator Reference Manual</citetitle>,
ad9772c559c6aa42f8930f4acf1a2d833a08040aMichał Kępień      <citetitle>RFC 3658</citetitle>,
ad9772c559c6aa42f8930f4acf1a2d833a08040aMichał Kępień      <citetitle>RFC 4431</citetitle>.
ad9772c559c6aa42f8930f4acf1a2d833a08040aMichał Kępień      <citetitle>RFC 4509</citetitle>.
5d7d67f82a8913fae5f1098e111fe50edb86cd5bEvan Hunt    </para>
5d7d67f82a8913fae5f1098e111fe50edb86cd5bEvan Hunt  </refsection>
5d7d67f82a8913fae5f1098e111fe50edb86cd5bEvan Hunt
6216df5ccded056abd5db4abac4e5cbd78c73f45Evan Hunt</refentry>
6216df5ccded056abd5db4abac4e5cbd78c73f45Evan Hunt