dnssec-settime.html revision 0a7ed88633a680bb881868b75ded4d09a7bbbc50
<!--
- Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC")
-
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
- THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: dnssec-settime.html,v 1.3 2009/07/19 04:27:55 tbox Exp $ -->
<html>
<head>
<title>dnssec-settime</title>
<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
<div class="refnamediv">
<h2>Name</h2>
<p><span class="application">dnssec-settime</span> — Set the key timing metadata for a DNSSEC key</p>
</div>
<div class="refsynopsisdiv">
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p><code class="command">dnssec-settime</code> [<code class="option">-fr</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-U <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-h</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {keyfile}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543408"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-settime</strong></span>
reads a DNSSEC private key file and sets the key timing metadata
as specified by the <code class="option">-P</code>, <code class="option">-A</code>,
<code class="option">-R</code>, <code class="option">-U</code>, and <code class="option">-D</code>
options. The metadata can then be used by
<span><strong class="command">dnssec-signzone</strong></span> or other signing software to
determine when a key is to be published, whether it should be
used for signing a zone, etc.
</p>
<p>
If none of these options is set on the command line,
then <span><strong class="command">dnssec-settime</strong></span> simply prints the key timing
metadata already stored in the key.
</p>
<p>
When key metadata fields are changed, both files of a key
Metadata fields are stored in the private file. A human-readable
description of the metadata is also placed in comments in the key
file.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543456"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-f</span></dt>
<dd><p>
Force an update of an old-format key with no metadata fields.
Without this option, <span><strong class="command">dnssec-settime</strong></span> will
fail when attempting to update a legacy key. With this option,
the key will be recreated in the new format, but with the
original key data retained. The key's creation date will be
set to the present time.
</p></dd>
<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
<dd><p>
Sets the directory in which the key files are to reside.
</p></dd>
<dt><span class="term">-h</span></dt>
<dd><p>
Emit usage message and exit.
</p></dd>
<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
<dd><p>
Sets the debugging level.
</p></dd>
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543530"></a><h2>TIMING OPTIONS</h2>
<p>
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
If the argument begins with a '+' or '-', it is interpreted as
an offset from the present time. If such an offset is followed
by one of the characters 'y', 'm', 'w', 'd', or 'h', then the
offset is computed in years, months, weeks, days, or hours,
respectively; otherwise it is computed in seconds.
</p>
<div class="variablelist"><dl>
<dd><p>
Sets the date on which a key is to be published to the zone.
After that date, the key will be included in the zone but will
not be used to sign it.
</p></dd>
<dd><p>
Sets the date on which the key is to be activated. After that
date, the key will be included and the zone and used to sign
it.
</p></dd>
<dd><p>
Sets the date on which the key is to be revoked. After that
date, the key will be flagged as revoked. It will be included
in the zone and will be used to sign it.
</p></dd>
<dd><p>
Sets the date on which the key is to be unpublished. After that
date, the key will no longer be included in the zone, but it
may remain in the key repository.
</p></dd>
<dd><p>
Sets the date on which the key is to be deleted. After that
date, the key can be removed from the key repository.
NOTE: Keys are not currently deleted automatically; this field
is included for informational purposes and for future
development.
</p></dd>
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543628"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 5011</em>.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543661"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
</div></body>
</html>