bin/dnssec/dnssec-dsfromkey.html

	dnssec-dsfromkey.html revision ca67ebfe9eef0b8f04179f7e511a19e0337a5422
959c053d56a076109993a2f14094d20b1f8c0c17Matt Sweeney<!--
959c053d56a076109993a2f14094d20b1f8c0c17Matt Sweeney - Copyright (C) 2008  Internet Systems Consortium, Inc. ("ISC")
9c94a3bab3da130a453194d151f33f11cd53f44eMatt Sweeney -
9c94a3bab3da130a453194d151f33f11cd53f44eMatt Sweeney - Permission to use, copy, modify, and/or distribute this software for any
4527b08ced97d1bf5f88cf786302fd66eb80a35bMatt Sweeney - purpose with or without fee is hereby granted, provided that the above
959c053d56a076109993a2f14094d20b1f8c0c17Matt Sweeney - copyright notice and this permission notice appear in all copies.
60dcf3ebba038d9ec57d617a7395a9bff15802fcMatt Sweeney -
b92e4372c5a34f48e457b60dfa9b136cf19c8498Matt Sweeney - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
959c053d56a076109993a2f14094d20b1f8c0c17Matt Sweeney - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
959c053d56a076109993a2f14094d20b1f8c0c17Matt Sweeney - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
448834d88f7c2818b5a70125bba193051806ccf9Matt Sweeney - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
142b1eb4e6b33c96ecf163bf42d31147b2e0e1d0Matt Sweeney - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
142b1eb4e6b33c96ecf163bf42d31147b2e0e1d0Matt Sweeney - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
959c053d56a076109993a2f14094d20b1f8c0c17Matt Sweeney - PERFORMANCE OF THIS SOFTWARE.
959c053d56a076109993a2f14094d20b1f8c0c17Matt Sweeney-->
959c053d56a076109993a2f14094d20b1f8c0c17Matt Sweeney
959c053d56a076109993a2f14094d20b1f8c0c17Matt Sweeney<!-- $Id: dnssec-dsfromkey.html,v 1.7 2009/06/17 23:12:08 tbox Exp $ -->
959c053d56a076109993a2f14094d20b1f8c0c17Matt Sweeney<html>
564c5c8d77e1fe074bfa96133bfdbbd0707c1ed3Matt Sweeney<head>
bf3c648d6ab588c8b04fb824a7281898c469bd67Matt Sweeney<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
959c053d56a076109993a2f14094d20b1f8c0c17Matt Sweeney<title>dnssec-dsfromkey</title>
100cd7da99ccec416d3021e9a567addc2d9ed3dfMatt Sweeney<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
100cd7da99ccec416d3021e9a567addc2d9ed3dfMatt Sweeney</head>
ef982fe144b380cd6cd8dd1bc6ba74c7210033f9Matt Sweeney<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
ef982fe144b380cd6cd8dd1bc6ba74c7210033f9Matt Sweeney<a name="man.dnssec-dsfromkey"></a><div class="titlepage"></div>
ef982fe144b380cd6cd8dd1bc6ba74c7210033f9Matt Sweeney<div class="refnamediv">
ef982fe144b380cd6cd8dd1bc6ba74c7210033f9Matt Sweeney<h2>Name</h2>
ef982fe144b380cd6cd8dd1bc6ba74c7210033f9Matt Sweeney<p><span class="application">dnssec-dsfromkey</span> &#8212; DNSSEC DS RR generation tool</p>
ef982fe144b380cd6cd8dd1bc6ba74c7210033f9Matt Sweeney</div>
ef982fe144b380cd6cd8dd1bc6ba74c7210033f9Matt Sweeney<div class="refsynopsisdiv">
959c053d56a076109993a2f14094d20b1f8c0c17Matt Sweeney<h2>Synopsis</h2>
959c053d56a076109993a2f14094d20b1f8c0c17Matt Sweeney<div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code>  [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-1</code>] [<code class="option">-2</code>] [<code class="option">-a <em class="replaceable"><code>alg</code></em></code>] {keyfile}</p></div>
959c053d56a076109993a2f14094d20b1f8c0c17Matt Sweeney<div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code>  {-s} [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-1</code>] [<code class="option">-2</code>] [<code class="option">-a <em class="replaceable"><code>alg</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-d <em class="replaceable"><code>dir</code></em></code>] {dnsname}</p></div>
959c053d56a076109993a2f14094d20b1f8c0c17Matt Sweeney</div>
0512667d3ebce1dd2bac2bd1de6367420402cfb3Matt Sweeney<div class="refsect1" lang="en">
0512667d3ebce1dd2bac2bd1de6367420402cfb3Matt Sweeney<a name="id2543424"></a><h2>DESCRIPTION</h2>
c56d37350cde9ba6fcde1a42433b3d759fe2b2ecMatt Sweeney<p><span><strong class="command">dnssec-dsfromkey</strong></span>
0512667d3ebce1dd2bac2bd1de6367420402cfb3Matt Sweeney      outputs the Delegation Signer (DS) resource record (RR), as defined in
c56d37350cde9ba6fcde1a42433b3d759fe2b2ecMatt Sweeney      RFC 3658 and RFC 4509, for the given key(s).
f01d121976553130cab6089d35c71d5b947d1204Matt Sweeney    </p>
f01d121976553130cab6089d35c71d5b947d1204Matt Sweeney</div>
f01d121976553130cab6089d35c71d5b947d1204Matt Sweeney<div class="refsect1" lang="en">
f01d121976553130cab6089d35c71d5b947d1204Matt Sweeney<a name="id2543435"></a><h2>OPTIONS</h2>
f01d121976553130cab6089d35c71d5b947d1204Matt Sweeney<div class="variablelist"><dl>
f01d121976553130cab6089d35c71d5b947d1204Matt Sweeney<dt><span class="term">-1</span></dt>
f01d121976553130cab6089d35c71d5b947d1204Matt Sweeney<dd><p>
f01d121976553130cab6089d35c71d5b947d1204Matt Sweeney            Use SHA-1 as the digest algorithm (the default is to use
f01d121976553130cab6089d35c71d5b947d1204Matt Sweeney            both SHA-1 and SHA-256).
bf3c648d6ab588c8b04fb824a7281898c469bd67Matt Sweeney          </p></dd>
bf3c648d6ab588c8b04fb824a7281898c469bd67Matt Sweeney<dt><span class="term">-2</span></dt>
bf3c648d6ab588c8b04fb824a7281898c469bd67Matt Sweeney<dd><p>
bf3c648d6ab588c8b04fb824a7281898c469bd67Matt Sweeney            Use SHA-256 as the digest algorithm.
bf3c648d6ab588c8b04fb824a7281898c469bd67Matt Sweeney          </p></dd>
bf3c648d6ab588c8b04fb824a7281898c469bd67Matt Sweeney<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
bf3c648d6ab588c8b04fb824a7281898c469bd67Matt Sweeney<dd><p>
bf3c648d6ab588c8b04fb824a7281898c469bd67Matt Sweeney            Select the digest algorithm. The value of
bf3c648d6ab588c8b04fb824a7281898c469bd67Matt Sweeney            <code class="option">algorithm</code> must be one of SHA-1 (SHA1) or
bf3c648d6ab588c8b04fb824a7281898c469bd67Matt Sweeney            SHA-256 (SHA256). These values are case insensitive.
bf3c648d6ab588c8b04fb824a7281898c469bd67Matt Sweeney          </p></dd>
bf3c648d6ab588c8b04fb824a7281898c469bd67Matt Sweeney<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
f01d121976553130cab6089d35c71d5b947d1204Matt Sweeney<dd><p>
f01d121976553130cab6089d35c71d5b947d1204Matt Sweeney            Sets the debugging level.
f01d121976553130cab6089d35c71d5b947d1204Matt Sweeney          </p></dd>
f01d121976553130cab6089d35c71d5b947d1204Matt Sweeney<dt><span class="term">-l <em class="replaceable"><code>domain</code></em></span></dt>
f01d121976553130cab6089d35c71d5b947d1204Matt Sweeney<dd><p>
f01d121976553130cab6089d35c71d5b947d1204Matt Sweeney            Generate a DLV set instead of a DS set.  The specified
73857faca3d4266c7840cd6ce428a71cf9a94d0cMatt Sweeney            <code class="option">domain</code> is appended to the name for each
959c053d56a076109993a2f14094d20b1f8c0c17Matt Sweeney            record in the set.
959c053d56a076109993a2f14094d20b1f8c0c17Matt Sweeney          </p></dd>
959c053d56a076109993a2f14094d20b1f8c0c17Matt Sweeney<dt><span class="term">-s</span></dt>
959c053d56a076109993a2f14094d20b1f8c0c17Matt Sweeney<dd><p>
959c053d56a076109993a2f14094d20b1f8c0c17Matt Sweeney            Keyset mode: in place of the keyfile name, the argument is
959c053d56a076109993a2f14094d20b1f8c0c17Matt Sweeney            the DNS domain name of a keyset file. Following options make sense
959c053d56a076109993a2f14094d20b1f8c0c17Matt Sweeney            only in this mode.
959c053d56a076109993a2f14094d20b1f8c0c17Matt Sweeney          </p></dd>
959c053d56a076109993a2f14094d20b1f8c0c17Matt Sweeney<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
959c053d56a076109993a2f14094d20b1f8c0c17Matt Sweeney<dd><p>
959c053d56a076109993a2f14094d20b1f8c0c17Matt Sweeney            Specifies the DNS class (default is IN), useful only
959c053d56a076109993a2f14094d20b1f8c0c17Matt Sweeney            in the keyset mode.
54329bf323458a34db1104ad4b4b0b1eaa1f12feMatt Sweeney          </p></dd>
959c053d56a076109993a2f14094d20b1f8c0c17Matt Sweeney<dt><span class="term">-d <em class="replaceable"><code>directory</code></em></span></dt>
959c053d56a076109993a2f14094d20b1f8c0c17Matt Sweeney<dd><p>
959c053d56a076109993a2f14094d20b1f8c0c17Matt Sweeney            Look for <code class="filename">keyset</code> files in
448834d88f7c2818b5a70125bba193051806ccf9Matt Sweeney            <code class="option">directory</code> as the directory, ignored when
448834d88f7c2818b5a70125bba193051806ccf9Matt Sweeney            not in the keyset mode.
959c053d56a076109993a2f14094d20b1f8c0c17Matt Sweeney          </p></dd>
959c053d56a076109993a2f14094d20b1f8c0c17Matt Sweeney</dl></div>
959c053d56a076109993a2f14094d20b1f8c0c17Matt Sweeney</div>
576e5aadaa60b824ce0a3875d3551ca3151a1957Matt Sweeney<div class="refsect1" lang="en">
0512667d3ebce1dd2bac2bd1de6367420402cfb3Matt Sweeney<a name="id2543584"></a><h2>EXAMPLE</h2>
0512667d3ebce1dd2bac2bd1de6367420402cfb3Matt Sweeney<p>
576e5aadaa60b824ce0a3875d3551ca3151a1957Matt Sweeney      To build the SHA-256 DS RR from the
576e5aadaa60b824ce0a3875d3551ca3151a1957Matt Sweeney      <strong class="userinput"><code>Kexample.com.+003+26160</code></strong>
959c053d56a076109993a2f14094d20b1f8c0c17Matt Sweeney      keyfile name, the following command would be issued:
576e5aadaa60b824ce0a3875d3551ca3151a1957Matt Sweeney    </p>
576e5aadaa60b824ce0a3875d3551ca3151a1957Matt Sweeney<p><strong class="userinput"><code>dnssec-dsfromkey -2 Kexample.com.+003+26160</code></strong>
959c053d56a076109993a2f14094d20b1f8c0c17Matt Sweeney    </p>
576e5aadaa60b824ce0a3875d3551ca3151a1957Matt Sweeney<p>
576e5aadaa60b824ce0a3875d3551ca3151a1957Matt Sweeney      The command would print something like:
959c053d56a076109993a2f14094d20b1f8c0c17Matt Sweeney    </p>
576e5aadaa60b824ce0a3875d3551ca3151a1957Matt Sweeney<p><strong class="userinput"><code>example.com. IN DS 26160 5 2 3A1EADA7A74B8D0BA86726B0C227AA85AB8BBD2B2004F41A868A54F0 C5EA0B94</code></strong>
576e5aadaa60b824ce0a3875d3551ca3151a1957Matt Sweeney    </p>
576e5aadaa60b824ce0a3875d3551ca3151a1957Matt Sweeney</div>
448834d88f7c2818b5a70125bba193051806ccf9Matt Sweeney<div class="refsect1" lang="en">
959c053d56a076109993a2f14094d20b1f8c0c17Matt Sweeney<a name="id2543613"></a><h2>FILES</h2>
448834d88f7c2818b5a70125bba193051806ccf9Matt Sweeney<p>
576e5aadaa60b824ce0a3875d3551ca3151a1957Matt Sweeney      The keyfile can be designed by the key identification
959c053d56a076109993a2f14094d20b1f8c0c17Matt Sweeney      <code class="filename">Knnnn.+aaa+iiiii</code> or the full file name
959c053d56a076109993a2f14094d20b1f8c0c17Matt Sweeney      <code class="filename">Knnnn.+aaa+iiiii.key</code> as generated by
100cd7da99ccec416d3021e9a567addc2d9ed3dfMatt Sweeney      <span class="refentrytitle">dnssec-keygen</span>(8).
448834d88f7c2818b5a70125bba193051806ccf9Matt Sweeney    </p>
100cd7da99ccec416d3021e9a567addc2d9ed3dfMatt Sweeney<p>
448834d88f7c2818b5a70125bba193051806ccf9Matt Sweeney      The keyset file name is built from the <code class="option">directory</code>,
b92e4372c5a34f48e457b60dfa9b136cf19c8498Matt Sweeney      the string <code class="filename">keyset-</code> and the
448834d88f7c2818b5a70125bba193051806ccf9Matt Sweeney      <code class="option">dnsname</code>.
5985d0db35cae8ef4c1a022bb03ac15792ff51adMatt Sweeney    </p>
5985d0db35cae8ef4c1a022bb03ac15792ff51adMatt Sweeney</div>
0df23d09dc16bc41af5ceff68c11ed9c7d6285edMatt Sweeney<div class="refsect1" lang="en">
100cd7da99ccec416d3021e9a567addc2d9ed3dfMatt Sweeney<a name="id2543649"></a><h2>CAVEAT</h2>
100cd7da99ccec416d3021e9a567addc2d9ed3dfMatt Sweeney<p>
448834d88f7c2818b5a70125bba193051806ccf9Matt Sweeney      A keyfile error can give a "file not found" even if the file exists.
448834d88f7c2818b5a70125bba193051806ccf9Matt Sweeney    </p>
448834d88f7c2818b5a70125bba193051806ccf9Matt Sweeney</div>
959c053d56a076109993a2f14094d20b1f8c0c17Matt Sweeney<div class="refsect1" lang="en">
959c053d56a076109993a2f14094d20b1f8c0c17Matt Sweeney<a name="id2543658"></a><h2>SEE ALSO</h2>
100cd7da99ccec416d3021e9a567addc2d9ed3dfMatt Sweeney<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
100cd7da99ccec416d3021e9a567addc2d9ed3dfMatt Sweeney      <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
100cd7da99ccec416d3021e9a567addc2d9ed3dfMatt Sweeney      <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
100cd7da99ccec416d3021e9a567addc2d9ed3dfMatt Sweeney      <em class="citetitle">RFC 3658</em>,
100cd7da99ccec416d3021e9a567addc2d9ed3dfMatt Sweeney      <em class="citetitle">RFC 4509</em>.
100cd7da99ccec416d3021e9a567addc2d9ed3dfMatt Sweeney    </p>
100cd7da99ccec416d3021e9a567addc2d9ed3dfMatt Sweeney</div>
100cd7da99ccec416d3021e9a567addc2d9ed3dfMatt Sweeney<div class="refsect1" lang="en">
959c053d56a076109993a2f14094d20b1f8c0c17Matt Sweeney<a name="id2543694"></a><h2>AUTHOR</h2>
959c053d56a076109993a2f14094d20b1f8c0c17Matt Sweeney<p><span class="corpauthor">Internet Systems Consortium</span>
100cd7da99ccec416d3021e9a567addc2d9ed3dfMatt Sweeney    </p>
b92e4372c5a34f48e457b60dfa9b136cf19c8498Matt Sweeney</div>
100cd7da99ccec416d3021e9a567addc2d9ed3dfMatt Sweeney</div></body>
448834d88f7c2818b5a70125bba193051806ccf9Matt Sweeney</html>
142b1eb4e6b33c96ecf163bf42d31147b2e0e1d0Matt Sweeney