dnssec-settime.html revision 8ec3c085233cedb22b05da36e2773c8f357a7e45
26d8ffe715e74d1e67d268551449b780fec1b95fAutomatic Updater - Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC")
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater - Permission to use, copy, modify, and/or distribute this software for any
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt - purpose with or without fee is hereby granted, provided that the above
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt - copyright notice and this permission notice appear in all copies.
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
26d8ffe715e74d1e67d268551449b780fec1b95fAutomatic Updater - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt - PERFORMANCE OF THIS SOFTWARE.
8ec3c085233cedb22b05da36e2773c8f357a7e45Automatic Updater<!-- $Id: dnssec-settime.html,v 1.7 2009/10/06 01:14:41 tbox Exp $ -->
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt<a name="man.dnssec-settime"></a><div class="titlepage"></div>
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt<p><span class="application">dnssec-settime</span> — Set the key timing metadata for a DNSSEC key</p>
8ec3c085233cedb22b05da36e2773c8f357a7e45Automatic Updater<div class="cmdsynopsis"><p><code class="command">dnssec-settime</code> [<code class="option">-f</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-h</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] {keyfile}</p></div>
8ec3c085233cedb22b05da36e2773c8f357a7e45Automatic Updater<a name="id2543416"></a><h2>DESCRIPTION</h2>
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt<p><span><strong class="command">dnssec-settime</strong></span>
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater reads a DNSSEC private key file and sets the key timing metadata
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt as specified by the <code class="option">-P</code>, <code class="option">-A</code>,
f8e3e03cacd16ffb923a9603fca23a9e1a1fee07Automatic Updater <code class="option">-R</code>, <code class="option">-I</code>, and <code class="option">-D</code>
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater options. The metadata can then be used by
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater <span><strong class="command">dnssec-signzone</strong></span> or other signing software to
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater determine when a key is to be published, whether it should be
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater used for signing a zone, etc.
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt If none of these options is set on the command line,
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt then <span><strong class="command">dnssec-settime</strong></span> simply prints the key timing
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt metadata already stored in the key.
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater When key metadata fields are changed, both files of a key
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater pair (<code class="filename">Knnnn.+aaa+iiiii.key</code> and
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater <code class="filename">Knnnn.+aaa+iiiii.private</code>) are regenerated.
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater Metadata fields are stored in the private file. A human-readable
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater description of the metadata is also placed in comments in the key
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater Force an update of an old-format key with no metadata fields.
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater Without this option, <span><strong class="command">dnssec-settime</strong></span> will
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater fail when attempting to update a legacy key. With this option,
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater the key will be recreated in the new format, but with the
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater original key data retained. The key's creation date will be
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater set to the present time.
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt Sets the directory in which the key files are to reside.
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater Emit usage message and exit.
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater Sets the debugging level.
8ec3c085233cedb22b05da36e2773c8f357a7e45Automatic Updater<dt><span class="term">-E <em class="replaceable"><code>engine</code></em></span></dt>
8ec3c085233cedb22b05da36e2773c8f357a7e45Automatic Updater Use the given OpenSSL engine. When compiled with PKCS#11 support
8ec3c085233cedb22b05da36e2773c8f357a7e45Automatic Updater it defaults to pcks11, the empty name resets it to no engine.
8ec3c085233cedb22b05da36e2773c8f357a7e45Automatic Updater<a name="id2543556"></a><h2>TIMING OPTIONS</h2>
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater If the argument begins with a '+' or '-', it is interpreted as
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater an offset from the present time. For convenience, if such an offset
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater is followed by one of the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi',
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater then the offset is computed in years (defined as 365 24-hour days,
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater ignoring leap years), months (defined as 30 24-hour days), weeks,
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater days, hours, or minutes, respectively. Without a suffix, the offset
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater is computed in seconds. To unset a date, use 'none'.
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater<dt><span class="term">-P <em class="replaceable"><code>date/offset</code></em></span></dt>
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt Sets the date on which a key is to be published to the zone.
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt After that date, the key will be included in the zone but will
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt not be used to sign it.
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt<dt><span class="term">-A <em class="replaceable"><code>date/offset</code></em></span></dt>
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt Sets the date on which the key is to be activated. After that
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt date, the key will be included and the zone and used to sign
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt<dt><span class="term">-R <em class="replaceable"><code>date/offset</code></em></span></dt>
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt Sets the date on which the key is to be revoked. After that
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt date, the key will be flagged as revoked. It will be included
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt in the zone and will be used to sign it.
f8e3e03cacd16ffb923a9603fca23a9e1a1fee07Automatic Updater<dt><span class="term">-I <em class="replaceable"><code>date/offset</code></em></span></dt>
f8e3e03cacd16ffb923a9603fca23a9e1a1fee07Automatic Updater Sets the date on which the key is to be retired. After that
f8e3e03cacd16ffb923a9603fca23a9e1a1fee07Automatic Updater date, the key will still be included in the zone, but it
f8e3e03cacd16ffb923a9603fca23a9e1a1fee07Automatic Updater will not be used to sign it.
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt<dt><span class="term">-D <em class="replaceable"><code>date/offset</code></em></span></dt>
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt Sets the date on which the key is to be deleted. After that
f8e3e03cacd16ffb923a9603fca23a9e1a1fee07Automatic Updater date, the key will no longer be included in the zone. (It
f8e3e03cacd16ffb923a9603fca23a9e1a1fee07Automatic Updater may remain in the key repository, however.)
8ec3c085233cedb22b05da36e2773c8f357a7e45Automatic Updater<a name="id2543654"></a><h2>PRINTING OPTIONS</h2>
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater <span><strong class="command">dnssec-settime</strong></span> can also be used to print the
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater timing metadata associated with a key.
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater Print times in UNIX epoch format.
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater<dt><span class="term">-p <em class="replaceable"><code>C/P/A/R/U/D/all</code></em></span></dt>
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater Print a specific metadata value or set of metadata values.
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater The <code class="option">-p</code> option may be followed by one or more
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater of the following letters to indicate which value or values to print:
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater <code class="option">C</code> for the creation date,
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater <code class="option">P</code> for the publication date,
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater <code class="option">A</code> for the activation date,
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater <code class="option">R</code> for the revokation date,
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater <code class="option">U</code> for the unpublication date, or
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater <code class="option">D</code> for the deletion date.
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater To print all of the metadata, use <code class="option">-p all</code>.
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt<p><span class="corpauthor">Internet Systems Consortium</span>