dnssec-checkds.docbook revision 14a656f94b1fd0ababd84a772228dfa52276ba15
b0e8629055a766d4555a005a283c2889a5974945Mark Andrews - Copyright (C) 2012-2014 Internet Systems Consortium, Inc. ("ISC")
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews - Permission to use, copy, modify, and/or distribute this software for any
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews - purpose with or without fee is hereby granted, provided that the above
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews - copyright notice and this permission notice appear in all copies.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews - PERFORMANCE OF THIS SOFTWARE.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<!-- Converted by db4-upgrade version 1.0 -->
1224c3b69b3d18f7127aa042644936af25a2d679Mark Andrews<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="man.dnssec-checkds">
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews <refentryinfo>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews <corpauthor>Internet Systems Consortium, Inc.</corpauthor>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews </refentryinfo>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews <refentrytitle><application>dnssec-checkds</application></refentrytitle>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews <refnamediv>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews <refname><application>dnssec-checkds</application></refname>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews <refpurpose>A DNSSEC delegation consistency checking tool.</refpurpose>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews </refnamediv>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews </copyright>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews <refsynopsisdiv>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews <arg choice="opt" rep="norepeat"><option>-l <replaceable class="parameter">domain</replaceable></option></arg>
a1b05dea35aa30b152a47115e18bbe679d3fcf19Mark Andrews <arg choice="opt" rep="norepeat"><option>-f <replaceable class="parameter">file</replaceable></option></arg>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews <arg choice="opt" rep="norepeat"><option>-d <replaceable class="parameter">dig path</replaceable></option></arg>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews <arg choice="opt" rep="norepeat"><option>-D <replaceable class="parameter">dsfromkey path</replaceable></option></arg>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews </cmdsynopsis>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews <arg choice="opt" rep="norepeat"><option>-l <replaceable class="parameter">domain</replaceable></option></arg>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews <arg choice="opt" rep="norepeat"><option>-f <replaceable class="parameter">file</replaceable></option></arg>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews <arg choice="opt" rep="norepeat"><option>-d <replaceable class="parameter">dig path</replaceable></option></arg>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews <arg choice="opt" rep="norepeat"><option>-D <replaceable class="parameter">dsfromkey path</replaceable></option></arg>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews </cmdsynopsis>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews </refsynopsisdiv>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews <refsection><info><title>DESCRIPTION</title></info>
1224c3b69b3d18f7127aa042644936af25a2d679Mark Andrews verifies the correctness of Delegation Signer (DS) or DNSSEC
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews Lookaside Validation (DLV) resource records for keys in a specified
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews </refsection>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews <refsection><info><title>OPTIONS</title></info>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews <variablelist>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews <varlistentry>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews <term>-f <replaceable class="parameter">file</replaceable></term>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews If a <option>file</option> is specified, then the zone is
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews read from that file to find the DNSKEY records. If not,
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews then the DNSKEY records for the zone are looked up in the DNS.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews </varlistentry>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews <varlistentry>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews <term>-l <replaceable class="parameter">domain</replaceable></term>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews Check for a DLV record in the specified lookaside domain,
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews instead of checking for a DS record in the zone's parent.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews For example, to check for DLV records for "example.com"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews in ISC's DLV zone, use:
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews <command>dnssec-checkds -l dlv.isc.org example.com</command>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews </varlistentry>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews <varlistentry>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews <term>-d <replaceable class="parameter">dig path</replaceable></term>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews Specifies a path to a <command>dig</command> binary. Used
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews for testing.
a1b05dea35aa30b152a47115e18bbe679d3fcf19Mark Andrews </varlistentry>
a1b05dea35aa30b152a47115e18bbe679d3fcf19Mark Andrews <varlistentry>
a1b05dea35aa30b152a47115e18bbe679d3fcf19Mark Andrews <term>-D <replaceable class="parameter">dsfromkey path</replaceable></term>
a1b05dea35aa30b152a47115e18bbe679d3fcf19Mark Andrews Specifies a path to a <command>dnssec-dsfromkey</command> binary.
a1b05dea35aa30b152a47115e18bbe679d3fcf19Mark Andrews Used for testing.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews </varlistentry>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews </variablelist>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews </refsection>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews <refsection><info><title>SEE ALSO</title></info>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews <refentrytitle>dnssec-dsfromkey</refentrytitle><manvolnum>8</manvolnum>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews </citerefentry>,
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews <citerefentry>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews </citerefentry>,
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews <citerefentry>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews <refentrytitle>dnssec-signzone</refentrytitle><manvolnum>8</manvolnum>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews </citerefentry>,
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews </refsection>