bin/python/dnssec-checkds.html

d6fa26d0adaec6c910115be34fe7a5a5f402c14fMark Andrews<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews<!--
a0fb6a0980359165a4459723f52d5d7b5725f9c6Tinderbox User - Copyright (C) 2012-2017 Internet Systems Consortium, Inc. ("ISC")
9b20c5d7ff43224f60c4f8049fa2e4fef9d374f0Tinderbox User -
5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User - This Source Code Form is subject to the terms of the Mozilla Public
5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User - License, v. 2.0. If a copy of the MPL was not distributed with this
5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User - file, You can obtain one at http://mozilla.org/MPL/2.0/.
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews-->
d6fa26d0adaec6c910115be34fe7a5a5f402c14fMark Andrews<html lang="en">
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews<head>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews<title>dnssec-checkds</title>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews</head>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
0a330c717a298b60fb357999baac7c08dfc29046Tinderbox User<a name="man.dnssec-checkds"></a><div class="titlepage"></div>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User  <div class="refnamediv">
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews<h2>Name</h2>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User    <span class="application">dnssec-checkds</span>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User     &#8212; DNSSEC delegation consistency checking tool
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User  </p>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews</div>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User  <div class="refsynopsisdiv">
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews<h2>Synopsis</h2>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User    <div class="cmdsynopsis"><p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User      <code class="command">dnssec-checkds</code>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User       [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>]
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User       [<code class="option">-f <em class="replaceable"><code>file</code></em></code>]
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User       [<code class="option">-d <em class="replaceable"><code>dig path</code></em></code>]
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User       [<code class="option">-D <em class="replaceable"><code>dsfromkey path</code></em></code>]
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User       {zone}
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User    </p></div>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User    <div class="cmdsynopsis"><p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User      <code class="command">dnssec-dsfromkey</code>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User       [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>]
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User       [<code class="option">-f <em class="replaceable"><code>file</code></em></code>]
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User       [<code class="option">-d <em class="replaceable"><code>dig path</code></em></code>]
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User       [<code class="option">-D <em class="replaceable"><code>dsfromkey path</code></em></code>]
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User       {zone}
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User   </p></div>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User  </div>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User  <div class="refsection">
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<a name="id-1.7"></a><h2>DESCRIPTION</h2>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User    <p><span class="command"><strong>dnssec-checkds</strong></span>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews      verifies the correctness of Delegation Signer (DS) or DNSSEC
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews      Lookaside Validation (DLV) resource records for keys in a specified
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews      zone.
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews    </p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User  </div>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User  <div class="refsection">
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<a name="id-1.8"></a><h2>OPTIONS</h2>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User    <div class="variablelist"><dl class="variablelist">
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews<dt><span class="term">-f <em class="replaceable"><code>file</code></em></span></dt>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<dd>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User          <p>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews            If a <code class="option">file</code> is specified, then the zone is
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews            read from that file to find the DNSKEY records.  If not,
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews            then the DNSKEY records for the zone are looked up in the DNS.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User          </p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User        </dd>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews<dt><span class="term">-l <em class="replaceable"><code>domain</code></em></span></dt>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<dd>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User          <p>
9d557856c2a19ec95ee73245f60a92f8675cf5baTinderbox User            Check for a DLV record in the specified lookaside domain,
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews            instead of checking for a DS record in the zone's parent.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User          </p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User        </dd>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews<dt><span class="term">-d <em class="replaceable"><code>dig path</code></em></span></dt>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<dd>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User          <p>
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User            Specifies a path to a <span class="command"><strong>dig</strong></span> binary.  Used
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews            for testing.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User          </p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User        </dd>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews<dt><span class="term">-D <em class="replaceable"><code>dsfromkey path</code></em></span></dt>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<dd>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User          <p>
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User            Specifies a path to a <span class="command"><strong>dnssec-dsfromkey</strong></span> binary.
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews            Used for testing.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User          </p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User        </dd>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews</dl></div>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User  </div>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User  <div class="refsection">
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<a name="id-1.9"></a><h2>SEE ALSO</h2>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User    <p><span class="citerefentry">
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User        <span class="refentrytitle">dnssec-dsfromkey</span>(8)
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User      </span>,
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User      <span class="citerefentry">
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User        <span class="refentrytitle">dnssec-keygen</span>(8)
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User      </span>,
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User      <span class="citerefentry">
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User        <span class="refentrytitle">dnssec-signzone</span>(8)
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User      </span>,
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews    </p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User  </div>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews</div></body>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews</html>