dnssec-checkds.html revision 9b20c5d7ff43224f60c4f8049fa2e4fef9d374f0
9b20c5d7ff43224f60c4f8049fa2e4fef9d374f0Tinderbox User - Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC")
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews - Permission to use, copy, modify, and/or distribute this software for any
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews - purpose with or without fee is hereby granted, provided that the above
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews - copyright notice and this permission notice appear in all copies.
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
9b20c5d7ff43224f60c4f8049fa2e4fef9d374f0Tinderbox User - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews - PERFORMANCE OF THIS SOFTWARE.
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews<!-- $Id$ -->
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews<a name="man.dnssec-dsfromkey"></a><div class="titlepage"></div>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews<p><span class="application">dnssec-dsfromkey</span> — DNSSEC DS RR generation tool</p>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews<div class="cmdsynopsis"><p><code class="command">dnssec-chedkcs</code> [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-f <em class="replaceable"><code>file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>dig path</code></em></code>] [<code class="option">-D <em class="replaceable"><code>dsfromkey path</code></em></code>] {zone}</p></div>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews<div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code> [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-f <em class="replaceable"><code>file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>dig path</code></em></code>] [<code class="option">-D <em class="replaceable"><code>dsfromkey path</code></em></code>] {zone}</p></div>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews<p><span><strong class="command">dnssec-checkds</strong></span>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews verifies the correctness of Delegation Signer (DS) or DNSSEC
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews Lookaside Validation (DLV) resource records for keys in a specified
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews<dt><span class="term">-f <em class="replaceable"><code>file</code></em></span></dt>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews If a <code class="option">file</code> is specified, then the zone is
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews read from that file to find the DNSKEY records. If not,
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews then the DNSKEY records for the zone are looked up in the DNS.
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews<dt><span class="term">-l <em class="replaceable"><code>domain</code></em></span></dt>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews Check for a DLV record in the specified lookaside domain,
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews instead of checking for a DS record in the zone's parent.
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews For example, to check for DLV records for "example.com"
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews in ISC's DLV zone, use:
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews <span><strong class="command">dnssec-checkds -l dlv.isc.org example.com</strong></span>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews<dt><span class="term">-d <em class="replaceable"><code>dig path</code></em></span></dt>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews Specifies a path to a <span><strong class="command">dig</strong></span> binary. Used
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews for testing.
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews<dt><span class="term">-D <em class="replaceable"><code>dsfromkey path</code></em></span></dt>
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews Specifies a path to a <span><strong class="command">dnssec-dsfromkey</strong></span> binary.
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews Used for testing.
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews<p><span class="citerefentry"><span class="refentrytitle">dnssec-dsfromkey</span>(8)</span>,
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
1cefb9df3fa34d08734f29005cfafa6be5cf3e93Mark Andrews<p><span class="corpauthor">Internet Systems Consortium</span>