bin/python/dnssec-checkds.docbook

	dnssec-checkds.docbook revision 14a656f94b1fd0ababd84a772228dfa52276ba15
1N/A<!--
1N/A - Copyright (C) 2012-2014  Internet Systems Consortium, Inc. ("ISC")
1N/A -
1N/A - Permission to use, copy, modify, and/or distribute this software for any
1N/A - purpose with or without fee is hereby granted, provided that the above
1N/A - copyright notice and this permission notice appear in all copies.
1N/A -
1N/A - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
1N/A - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
1N/A - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
1N/A - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
1N/A - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
1N/A - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
1N/A - PERFORMANCE OF THIS SOFTWARE.
1N/A-->
1N/A<!-- Converted by db4-upgrade version 1.0 -->
1N/A<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="man.dnssec-checkds">
1N/A  <info>
1N/A    <date>2013-01-01</date>
1N/A  </info>
1N/A  <refentryinfo>
1N/A    <corpname>ISC</corpname>
1N/A    <corpauthor>Internet Systems Consortium, Inc.</corpauthor>
1N/A  </refentryinfo>
1N/A
1N/A  <refmeta>
1N/A    <refentrytitle><application>dnssec-checkds</application></refentrytitle>
1N/A    <manvolnum>8</manvolnum>
1N/A    <refmiscinfo>BIND9</refmiscinfo>
1N/A  </refmeta>
1N/A
1N/A  <refnamediv>
1N/A    <refname><application>dnssec-checkds</application></refname>
1N/A    <refpurpose>A DNSSEC delegation consistency checking tool.</refpurpose>
1N/A  </refnamediv>

  <docinfo>
    <copyright>
      <year>2012</year>
      <year>2013</year>
      <year>2014</year>
      <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
    </copyright>
  </docinfo>

  <refsynopsisdiv>
    <cmdsynopsis sepchar=" ">
      <command>dnssec-checkds</command>
      <arg choice="opt" rep="norepeat"><option>-l <replaceable class="parameter">domain</replaceable></option></arg>
      <arg choice="opt" rep="norepeat"><option>-f <replaceable class="parameter">file</replaceable></option></arg>
      <arg choice="opt" rep="norepeat"><option>-d <replaceable class="parameter">dig path</replaceable></option></arg>
      <arg choice="opt" rep="norepeat"><option>-D <replaceable class="parameter">dsfromkey path</replaceable></option></arg>
      <arg choice="req" rep="norepeat">zone</arg>
    </cmdsynopsis>
    <cmdsynopsis sepchar=" ">
      <command>dnssec-dsfromkey</command>
      <arg choice="opt" rep="norepeat"><option>-l <replaceable class="parameter">domain</replaceable></option></arg>
      <arg choice="opt" rep="norepeat"><option>-f <replaceable class="parameter">file</replaceable></option></arg>
      <arg choice="opt" rep="norepeat"><option>-d <replaceable class="parameter">dig path</replaceable></option></arg>
      <arg choice="opt" rep="norepeat"><option>-D <replaceable class="parameter">dsfromkey path</replaceable></option></arg>
      <arg choice="req" rep="norepeat">zone</arg>
   </cmdsynopsis>
  </refsynopsisdiv>

  <refsection><info><title>DESCRIPTION</title></info>

    <para><command>dnssec-checkds</command>
      verifies the correctness of Delegation Signer (DS) or DNSSEC
      Lookaside Validation (DLV) resource records for keys in a specified
      zone.
    </para>
  </refsection>

  <refsection><info><title>OPTIONS</title></info>


    <variablelist>
      <varlistentry>
        <term>-f <replaceable class="parameter">file</replaceable></term>
        <listitem>
          <para>
            If a <option>file</option> is specified, then the zone is
            read from that file to find the DNSKEY records.  If not,
            then the DNSKEY records for the zone are looked up in the DNS.
          </para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term>-l <replaceable class="parameter">domain</replaceable></term>
        <listitem>
          <para>
            Check for a DLV record in the specified lookaside domain,
            instead of checking for a DS record in the zone's parent.
            For example, to check for DLV records for "example.com"
            in ISC's DLV zone, use:
            <command>dnssec-checkds -l dlv.isc.org example.com</command>
          </para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term>-d <replaceable class="parameter">dig path</replaceable></term>
        <listitem>
          <para>
            Specifies a path to a <command>dig</command> binary.  Used
            for testing.
          </para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term>-D <replaceable class="parameter">dsfromkey path</replaceable></term>
        <listitem>
          <para>
            Specifies a path to a <command>dnssec-dsfromkey</command> binary.
            Used for testing.
          </para>
        </listitem>
      </varlistentry>
    </variablelist>
  </refsection>

  <refsection><info><title>SEE ALSO</title></info>

    <para><citerefentry>
        <refentrytitle>dnssec-dsfromkey</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>,
      <citerefentry>
        <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>,
      <citerefentry>
        <refentrytitle>dnssec-signzone</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>,
    </para>
  </refsection>

</refentry>