dnssec-settime.html revision 0a7ed88633a680bb881868b75ded4d09a7bbbc50
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt - Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC")
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater - Permission to use, copy, modify, and/or distribute this software for any
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt - purpose with or without fee is hereby granted, provided that the above
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt - copyright notice and this permission notice appear in all copies.
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt - PERFORMANCE OF THIS SOFTWARE.
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater<!-- $Id: dnssec-settime.html,v 1.3 2009/07/19 04:27:55 tbox Exp $ -->
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt<a name="man.dnssec-settime"></a><div class="titlepage"></div>
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt<p><span class="application">dnssec-settime</span> — Set the key timing metadata for a DNSSEC key</p>
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater<div class="cmdsynopsis"><p><code class="command">dnssec-settime</code> [<code class="option">-fr</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-U <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-h</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {keyfile}</p></div>
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater<a name="id2543408"></a><h2>DESCRIPTION</h2>
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt<p><span><strong class="command">dnssec-settime</strong></span>
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater reads a DNSSEC private key file and sets the key timing metadata
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt as specified by the <code class="option">-P</code>, <code class="option">-A</code>,
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt <code class="option">-R</code>, <code class="option">-U</code>, and <code class="option">-D</code>
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater options. The metadata can then be used by
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater <span><strong class="command">dnssec-signzone</strong></span> or other signing software to
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater determine when a key is to be published, whether it should be
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater used for signing a zone, etc.
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt If none of these options is set on the command line,
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt then <span><strong class="command">dnssec-settime</strong></span> simply prints the key timing
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt metadata already stored in the key.
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater When key metadata fields are changed, both files of a key
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater pair (<code class="filename">Knnnn.+aaa+iiiii.key</code> and
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater <code class="filename">Knnnn.+aaa+iiiii.private</code>) are regenerated.
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater Metadata fields are stored in the private file. A human-readable
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater description of the metadata is also placed in comments in the key
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater Force an update of an old-format key with no metadata fields.
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater Without this option, <span><strong class="command">dnssec-settime</strong></span> will
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater fail when attempting to update a legacy key. With this option,
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater the key will be recreated in the new format, but with the
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater original key data retained. The key's creation date will be
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater set to the present time.
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt Sets the directory in which the key files are to reside.
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater Emit usage message and exit.
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater Sets the debugging level.
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater<a name="id2543530"></a><h2>TIMING OPTIONS</h2>
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater If the argument begins with a '+' or '-', it is interpreted as
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater an offset from the present time. If such an offset is followed
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater by one of the characters 'y', 'm', 'w', 'd', or 'h', then the
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater offset is computed in years, months, weeks, days, or hours,
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater respectively; otherwise it is computed in seconds.
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater<dt><span class="term">-P <em class="replaceable"><code>date/offset</code></em></span></dt>
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt Sets the date on which a key is to be published to the zone.
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt After that date, the key will be included in the zone but will
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt not be used to sign it.
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt<dt><span class="term">-A <em class="replaceable"><code>date/offset</code></em></span></dt>
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt Sets the date on which the key is to be activated. After that
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt date, the key will be included and the zone and used to sign
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt<dt><span class="term">-R <em class="replaceable"><code>date/offset</code></em></span></dt>
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt Sets the date on which the key is to be revoked. After that
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt date, the key will be flagged as revoked. It will be included
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt in the zone and will be used to sign it.
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt<dt><span class="term">-U <em class="replaceable"><code>date/offset</code></em></span></dt>
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt Sets the date on which the key is to be unpublished. After that
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt date, the key will no longer be included in the zone, but it
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt may remain in the key repository.
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt<dt><span class="term">-D <em class="replaceable"><code>date/offset</code></em></span></dt>
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt Sets the date on which the key is to be deleted. After that
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt date, the key can be removed from the key repository.
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater NOTE: Keys are not currently deleted automatically; this field
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater is included for informational purposes and for future
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt<p><span class="corpauthor">Internet Systems Consortium</span>