dnssec-checkds.docbook revision 1cefb9df3fa34d08734f29005cfafa6be5cf3e93
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
11e9368a226272085c337e9e74b79808c16fbdbaTinderbox User "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
75c0816e8295e180f4bc7f10db3d0d880383bc1cMark Andrews [<!ENTITY mdash "&#8212;">]>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<!--
4a14ce5ba00ab7bc55c99ffdcf59c7a4ab902721Automatic Updater - Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC")
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein -
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - Permission to use, copy, modify, and/or distribute this software for any
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - purpose with or without fee is hereby granted, provided that the above
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - copyright notice and this permission notice appear in all copies.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein -
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - PERFORMANCE OF THIS SOFTWARE.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein-->
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<refentry id="man.dnssec-dsfromkey">
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <refentryinfo>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <date>April 11, 2012</date>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </refentryinfo>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <refmeta>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <refentrytitle><application>dnssec-checkds</application></refentrytitle>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <manvolnum>8</manvolnum>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <refmiscinfo>BIND9</refmiscinfo>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </refmeta>
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <refnamediv>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <refname><application>dnssec-dsfromkey</application></refname>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <refpurpose>DNSSEC DS RR generation tool</refpurpose>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </refnamediv>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <docinfo>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <copyright>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <year>2012</year>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </copyright>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </docinfo>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <refsynopsisdiv>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <cmdsynopsis>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <command>dnssec-chedkcs</command>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <arg><option>-l <replaceable class="parameter">domain</replaceable></option></arg>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <arg><option>-f <replaceable class="parameter">file</replaceable></option></arg>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <arg><option>-d <replaceable class="parameter">dig path</replaceable></option></arg>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <arg><option>-D <replaceable class="parameter">dsfromkey path</replaceable></option></arg>
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User <arg choice="req">zone</arg>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </cmdsynopsis>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <cmdsynopsis>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <command>dnssec-dsfromkey</command>
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User <arg><option>-l <replaceable class="parameter">domain</replaceable></option></arg>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <arg><option>-f <replaceable class="parameter">file</replaceable></option></arg>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <arg><option>-d <replaceable class="parameter">dig path</replaceable></option></arg>
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User <arg><option>-D <replaceable class="parameter">dsfromkey path</replaceable></option></arg>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <arg choice="req">zone</arg>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </cmdsynopsis>
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User </refsynopsisdiv>
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User <refsect1>
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User <title>DESCRIPTION</title>
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User <para><command>dnssec-checkds</command>
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User verifies the correctness of Delegation Signer (DS) or DNSSEC
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User Lookaside Validation (DLV) resource records for keys in a specified
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User zone.
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User </para>
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User </refsect1>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User <refsect1>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <title>OPTIONS</title>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <variablelist>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <term>-f <replaceable class="parameter">file</replaceable></term>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <listitem>
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User <para>
a1ad6695ed6f988406cf155aa26376f84f73bcb9Automatic Updater If a <option>file</option> is specified, then the zone is
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt read from that file to find the DNSKEY records. If not,
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User then the DNSKEY records for the zone are looked up in the DNS.
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater </para>
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User </listitem>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt </varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <varlistentry>
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User <term>-l <replaceable class="parameter">domain</replaceable></term>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <para>
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User Check for a DLV record in the specified lookaside domain,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein instead of checking for a DS record in the zone's parent.
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User For example, to check for DLV records for "example.com"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein in ISC's DLV zone, use:
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <command>dnssec-checkds -l dlv.isc.org example.com</command>
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User </para>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt </listitem>
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User </varlistentry>
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User <varlistentry>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <term>-d <replaceable class="parameter">dig path</replaceable></term>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <listitem>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <para>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt Specifies a path to a <command>dig</command> binary. Used
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt for testing.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <varlistentry>
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews <term>-D <replaceable class="parameter">dsfromkey path</replaceable></term>
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews <listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <para>
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews Specifies a path to a <command>dnssec-dsfromkey</command> binary.
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews Used for testing.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </listitem>
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews </varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </variablelist>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </refsect1>
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <refsect1>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <title>SEE ALSO</title>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <para><citerefentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <refentrytitle>dnssec-dsfromkey</refentrytitle><manvolnum>8</manvolnum>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </citerefentry>,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <citerefentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </citerefentry>,
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews <citerefentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <refentrytitle>dnssec-signzone</refentrytitle><manvolnum>8</manvolnum>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </citerefentry>,
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </refsect1>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <refsect1>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <title>AUTHOR</title>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <para><corpauthor>Internet Systems Consortium</corpauthor>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </refsect1>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</refentry><!--
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - Local variables:
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - mode: sgml
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - End:
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein-->
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein