dnssec-settime.html revision 0a7ed88633a680bb881868b75ded4d09a7bbbc50
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC")
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - Permission to use, copy, modify, and/or distribute this software for any
5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User - purpose with or without fee is hereby granted, provided that the above
5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User - copyright notice and this permission notice appear in all copies.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
d6fa26d0adaec6c910115be34fe7a5a5f402c14fMark Andrews - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
cd32f419a8a5432fbb139f56ee73cbf68b9350ccTinderbox User - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt - PERFORMANCE OF THIS SOFTWARE.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<!-- $Id: dnssec-settime.html,v 1.3 2009/07/19 04:27:55 tbox Exp $ -->
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="man.dnssec-settime"></a><div class="titlepage"></div>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<p><span class="application">dnssec-settime</span> — Set the key timing metadata for a DNSSEC key</p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="cmdsynopsis"><p><code class="command">dnssec-settime</code> [<code class="option">-fr</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-U <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-h</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {keyfile}</p></div>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<p><span><strong class="command">dnssec-settime</strong></span>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt reads a DNSSEC private key file and sets the key timing metadata
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt as specified by the <code class="option">-P</code>, <code class="option">-A</code>,
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <code class="option">-R</code>, <code class="option">-U</code>, and <code class="option">-D</code>
b1331a6b3dbc156a418049b8562a3f6105f2b227Tinderbox User options. The metadata can then be used by
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <span><strong class="command">dnssec-signzone</strong></span> or other signing software to
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt determine when a key is to be published, whether it should be
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt used for signing a zone, etc.
3ca1a32241189d1e02e59f6b56399eb9b40f2aafTinderbox User If none of these options is set on the command line,
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt then <span><strong class="command">dnssec-settime</strong></span> simply prints the key timing
d253648fe3331622cebea02d60aaecca3082d78dTinderbox User metadata already stored in the key.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt When key metadata fields are changed, both files of a key
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt pair (<code class="filename">Knnnn.+aaa+iiiii.key</code> and
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <code class="filename">Knnnn.+aaa+iiiii.private</code>) are regenerated.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt Metadata fields are stored in the private file. A human-readable
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt description of the metadata is also placed in comments in the key
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User Force an update of an old-format key with no metadata fields.
0da02c26a6631c25f075a8e4ac6de9e58f49a0c2Tinderbox User Without this option, <span><strong class="command">dnssec-settime</strong></span> will
0da02c26a6631c25f075a8e4ac6de9e58f49a0c2Tinderbox User fail when attempting to update a legacy key. With this option,
0da02c26a6631c25f075a8e4ac6de9e58f49a0c2Tinderbox User the key will be recreated in the new format, but with the
0da02c26a6631c25f075a8e4ac6de9e58f49a0c2Tinderbox User original key data retained. The key's creation date will be
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt set to the present time.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt Sets the directory in which the key files are to reside.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User Emit usage message and exit.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt Sets the debugging level.
33c9436ef1a43d3c0fc3d9be9b4b0509daa83223Tinderbox User<a name="id2543530"></a><h2>TIMING OPTIONS</h2>
33c9436ef1a43d3c0fc3d9be9b4b0509daa83223Tinderbox User Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
33c9436ef1a43d3c0fc3d9be9b4b0509daa83223Tinderbox User If the argument begins with a '+' or '-', it is interpreted as
33c9436ef1a43d3c0fc3d9be9b4b0509daa83223Tinderbox User an offset from the present time. If such an offset is followed
33c9436ef1a43d3c0fc3d9be9b4b0509daa83223Tinderbox User by one of the characters 'y', 'm', 'w', 'd', or 'h', then the
33c9436ef1a43d3c0fc3d9be9b4b0509daa83223Tinderbox User offset is computed in years, months, weeks, days, or hours,
363b21045b718d06d414784c96193dc9a233e8c5Tinderbox User respectively; otherwise it is computed in seconds.
363b21045b718d06d414784c96193dc9a233e8c5Tinderbox User<dt><span class="term">-P <em class="replaceable"><code>date/offset</code></em></span></dt>
363b21045b718d06d414784c96193dc9a233e8c5Tinderbox User Sets the date on which a key is to be published to the zone.
363b21045b718d06d414784c96193dc9a233e8c5Tinderbox User After that date, the key will be included in the zone but will
363b21045b718d06d414784c96193dc9a233e8c5Tinderbox User not be used to sign it.
33c9436ef1a43d3c0fc3d9be9b4b0509daa83223Tinderbox User<dt><span class="term">-A <em class="replaceable"><code>date/offset</code></em></span></dt>
33c9436ef1a43d3c0fc3d9be9b4b0509daa83223Tinderbox User Sets the date on which the key is to be activated. After that
33c9436ef1a43d3c0fc3d9be9b4b0509daa83223Tinderbox User date, the key will be included and the zone and used to sign
33c9436ef1a43d3c0fc3d9be9b4b0509daa83223Tinderbox User<dt><span class="term">-R <em class="replaceable"><code>date/offset</code></em></span></dt>
33c9436ef1a43d3c0fc3d9be9b4b0509daa83223Tinderbox User Sets the date on which the key is to be revoked. After that
33c9436ef1a43d3c0fc3d9be9b4b0509daa83223Tinderbox User date, the key will be flagged as revoked. It will be included
33c9436ef1a43d3c0fc3d9be9b4b0509daa83223Tinderbox User in the zone and will be used to sign it.
33c9436ef1a43d3c0fc3d9be9b4b0509daa83223Tinderbox User<dt><span class="term">-U <em class="replaceable"><code>date/offset</code></em></span></dt>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User Sets the date on which the key is to be unpublished. After that
0da02c26a6631c25f075a8e4ac6de9e58f49a0c2Tinderbox User date, the key will no longer be included in the zone, but it
8a48b6b9b6fa8486f24b22d1972b2b6ebb36a4a4Tinderbox User may remain in the key repository.
8a48b6b9b6fa8486f24b22d1972b2b6ebb36a4a4Tinderbox User<dt><span class="term">-D <em class="replaceable"><code>date/offset</code></em></span></dt>
8a48b6b9b6fa8486f24b22d1972b2b6ebb36a4a4Tinderbox User Sets the date on which the key is to be deleted. After that
8a48b6b9b6fa8486f24b22d1972b2b6ebb36a4a4Tinderbox User date, the key can be removed from the key repository.
8a48b6b9b6fa8486f24b22d1972b2b6ebb36a4a4Tinderbox User NOTE: Keys are not currently deleted automatically; this field
8a48b6b9b6fa8486f24b22d1972b2b6ebb36a4a4Tinderbox User is included for informational purposes and for future
3ca1a32241189d1e02e59f6b56399eb9b40f2aafTinderbox User<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
3ca1a32241189d1e02e59f6b56399eb9b40f2aafTinderbox User <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
8a48b6b9b6fa8486f24b22d1972b2b6ebb36a4a4Tinderbox User <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
8a48b6b9b6fa8486f24b22d1972b2b6ebb36a4a4Tinderbox User<p><span class="corpauthor">Internet Systems Consortium</span>