bin/python/dnssec-checkds.docbook

	dnssec-checkds.docbook revision 0c27b3fe77ac1d5094ba3521e8142d9e7973133f
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews<!--
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews - Copyright (C) 2012-2016  Internet Systems Consortium, Inc. ("ISC")
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews -
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews - This Source Code Form is subject to the terms of the Mozilla Public
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews - License, v. 2.0. If a copy of the MPL was not distributed with this
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews - file, You can obtain one at http://mozilla.org/MPL/2.0/.
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews-->
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<!-- Converted by db4-upgrade version 1.0 -->
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="man.dnssec-checkds">
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt  <info>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt    <date>2013-01-01</date>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt  </info>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews  <refentryinfo>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt    <corpname>ISC</corpname>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt    <corpauthor>Internet Systems Consortium, Inc.</corpauthor>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews  </refentryinfo>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews  <refmeta>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews    <refentrytitle><application>dnssec-checkds</application></refentrytitle>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews    <manvolnum>8</manvolnum>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews    <refmiscinfo>BIND9</refmiscinfo>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews  </refmeta>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews  <refnamediv>
b79fc6723bc9896ad6eb79e1bed1f9b37c4915ebMark Andrews    <refname><application>dnssec-checkds</application></refname>
f02194c0538094556090ded7964df2b72771d85eJeremy C. Reed    <refpurpose>DNSSEC delegation consistency checking tool</refpurpose>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews  </refnamediv>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews  <docinfo>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews    <copyright>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews      <year>2012</year>
024cf50d122a16a3ce190692d3669ecee47c23aaTinderbox User      <year>2013</year>
938440694b33cd752e9e4b71a526368b4811c177Tinderbox User      <year>2014</year>
19c7b1a0293498a3e36692c59646ed6e15ffc8d0Tinderbox User      <year>2015</year>
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews      <year>2016</year>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews      <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews    </copyright>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews  </docinfo>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews  <refsynopsisdiv>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt    <cmdsynopsis sepchar=" ">
b79fc6723bc9896ad6eb79e1bed1f9b37c4915ebMark Andrews      <command>dnssec-checkds</command>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt      <arg choice="opt" rep="norepeat"><option>-l <replaceable class="parameter">domain</replaceable></option></arg>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt      <arg choice="opt" rep="norepeat"><option>-f <replaceable class="parameter">file</replaceable></option></arg>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt      <arg choice="opt" rep="norepeat"><option>-d <replaceable class="parameter">dig path</replaceable></option></arg>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt      <arg choice="opt" rep="norepeat"><option>-D <replaceable class="parameter">dsfromkey path</replaceable></option></arg>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt      <arg choice="req" rep="norepeat">zone</arg>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews    </cmdsynopsis>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt    <cmdsynopsis sepchar=" ">
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews      <command>dnssec-dsfromkey</command>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt      <arg choice="opt" rep="norepeat"><option>-l <replaceable class="parameter">domain</replaceable></option></arg>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt      <arg choice="opt" rep="norepeat"><option>-f <replaceable class="parameter">file</replaceable></option></arg>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt      <arg choice="opt" rep="norepeat"><option>-d <replaceable class="parameter">dig path</replaceable></option></arg>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt      <arg choice="opt" rep="norepeat"><option>-D <replaceable class="parameter">dsfromkey path</replaceable></option></arg>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt      <arg choice="req" rep="norepeat">zone</arg>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews   </cmdsynopsis>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews  </refsynopsisdiv>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt  <refsection><info><title>DESCRIPTION</title></info>
30eec077db2bdcb6f2a0dc388a3cdde2ede75ec1Mark Andrews
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews    <para><command>dnssec-checkds</command>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews      verifies the correctness of Delegation Signer (DS) or DNSSEC
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews      Lookaside Validation (DLV) resource records for keys in a specified
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews      zone.
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews    </para>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt  </refsection>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt  <refsection><info><title>OPTIONS</title></info>
30eec077db2bdcb6f2a0dc388a3cdde2ede75ec1Mark Andrews
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews    <variablelist>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews      <varlistentry>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews        <term>-f <replaceable class="parameter">file</replaceable></term>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews        <listitem>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews          <para>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews            If a <option>file</option> is specified, then the zone is
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews            read from that file to find the DNSKEY records.  If not,
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews            then the DNSKEY records for the zone are looked up in the DNS.
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews          </para>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews        </listitem>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews      </varlistentry>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews      <varlistentry>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews        <term>-l <replaceable class="parameter">domain</replaceable></term>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews        <listitem>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews          <para>
30eec077db2bdcb6f2a0dc388a3cdde2ede75ec1Mark Andrews            Check for a DLV record in the specified lookaside domain,
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews            instead of checking for a DS record in the zone's parent.
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews            For example, to check for DLV records for "example.com"
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews            in ISC's DLV zone, use:
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews            <command>dnssec-checkds -l dlv.isc.org example.com</command>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews          </para>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews        </listitem>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews      </varlistentry>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews      <varlistentry>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews        <term>-d <replaceable class="parameter">dig path</replaceable></term>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews        <listitem>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews          <para>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews            Specifies a path to a <command>dig</command> binary.  Used
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews            for testing.
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews          </para>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews        </listitem>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews      </varlistentry>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews      <varlistentry>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews        <term>-D <replaceable class="parameter">dsfromkey path</replaceable></term>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews        <listitem>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews          <para>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews            Specifies a path to a <command>dnssec-dsfromkey</command> binary.
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews            Used for testing.
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews          </para>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews        </listitem>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews      </varlistentry>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews    </variablelist>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt  </refsection>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt  <refsection><info><title>SEE ALSO</title></info>
30eec077db2bdcb6f2a0dc388a3cdde2ede75ec1Mark Andrews
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews    <para><citerefentry>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews        <refentrytitle>dnssec-dsfromkey</refentrytitle><manvolnum>8</manvolnum>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews      </citerefentry>,
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews      <citerefentry>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews        <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews      </citerefentry>,
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews      <citerefentry>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews        <refentrytitle>dnssec-signzone</refentrytitle><manvolnum>8</manvolnum>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews      </citerefentry>,
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews    </para>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt  </refsection>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt</refentry>