dnssec-checkds.docbook revision 938440694b33cd752e9e4b71a526368b4811c177
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews [<!ENTITY mdash "—">]>
938440694b33cd752e9e4b71a526368b4811c177Tinderbox User - Copyright (C) 2012-2014 Internet Systems Consortium, Inc. ("ISC")
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews - Permission to use, copy, modify, and/or distribute this software for any
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews - purpose with or without fee is hereby granted, provided that the above
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews - copyright notice and this permission notice appear in all copies.
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews - PERFORMANCE OF THIS SOFTWARE.
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews <refentryinfo>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews </refentryinfo>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews <refentrytitle><application>dnssec-checkds</application></refentrytitle>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews <refnamediv>
b79fc6723bc9896ad6eb79e1bed1f9b37c4915ebMark Andrews <refname><application>dnssec-checkds</application></refname>
b79fc6723bc9896ad6eb79e1bed1f9b37c4915ebMark Andrews <refpurpose>A DNSSEC delegation consistency checking tool.</refpurpose>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews </refnamediv>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews </copyright>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews <refsynopsisdiv>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews <cmdsynopsis>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews <arg><option>-l <replaceable class="parameter">domain</replaceable></option></arg>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews <arg><option>-f <replaceable class="parameter">file</replaceable></option></arg>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews <arg><option>-d <replaceable class="parameter">dig path</replaceable></option></arg>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews <arg><option>-D <replaceable class="parameter">dsfromkey path</replaceable></option></arg>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews </cmdsynopsis>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews <cmdsynopsis>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews <arg><option>-l <replaceable class="parameter">domain</replaceable></option></arg>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews <arg><option>-f <replaceable class="parameter">file</replaceable></option></arg>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews <arg><option>-d <replaceable class="parameter">dig path</replaceable></option></arg>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews <arg><option>-D <replaceable class="parameter">dsfromkey path</replaceable></option></arg>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews </cmdsynopsis>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews </refsynopsisdiv>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews verifies the correctness of Delegation Signer (DS) or DNSSEC
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews Lookaside Validation (DLV) resource records for keys in a specified
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews <variablelist>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews <varlistentry>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews <term>-f <replaceable class="parameter">file</replaceable></term>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews If a <option>file</option> is specified, then the zone is
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews read from that file to find the DNSKEY records. If not,
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews then the DNSKEY records for the zone are looked up in the DNS.
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews </varlistentry>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews <varlistentry>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews <term>-l <replaceable class="parameter">domain</replaceable></term>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews Check for a DLV record in the specified lookaside domain,
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews instead of checking for a DS record in the zone's parent.
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews For example, to check for DLV records for "example.com"
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews in ISC's DLV zone, use:
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews <command>dnssec-checkds -l dlv.isc.org example.com</command>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews </varlistentry>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews <varlistentry>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews <term>-d <replaceable class="parameter">dig path</replaceable></term>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews Specifies a path to a <command>dig</command> binary. Used
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews for testing.
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews </varlistentry>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews <varlistentry>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews <term>-D <replaceable class="parameter">dsfromkey path</replaceable></term>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews Specifies a path to a <command>dnssec-dsfromkey</command> binary.
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews Used for testing.
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews </varlistentry>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews </variablelist>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews <refentrytitle>dnssec-dsfromkey</refentrytitle><manvolnum>8</manvolnum>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews </citerefentry>,
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews <citerefentry>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews </citerefentry>,
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews <citerefentry>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews <refentrytitle>dnssec-signzone</refentrytitle><manvolnum>8</manvolnum>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews </citerefentry>,
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews <para><corpauthor>Internet Systems Consortium</corpauthor>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews - Local variables:
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews - mode: sgml