bin/python/dnssec-checkds.html

	dnssec-checkds.html revision 010a51c427bfb6ab658fc0056955a1a5b69810be
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental<!--
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental - Copyright (C) 2012-2015 Internet Systems Consortium, Inc. ("ISC")
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental -
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental - Permission to use, copy, modify, and/or distribute this software for any
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental - purpose with or without fee is hereby granted, provided that the above
9dc68827cbd515262ecb8d5ae8547d9e82c72e00Jon A. Cruz - copyright notice and this permission notice appear in all copies.
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental -
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental - PERFORMANCE OF THIS SOFTWARE.
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental-->
c0537dcfe264414d52ad86579d57cb0cb2183dcbAlex Valavanis<html>
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental<head>
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
995ef36b2f4a73356bc05e380e05f1a66c8b2c8amental<title>dnssec-checkds</title>
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental<meta name="generator" content="DocBook XSL Stylesheets V1.76.1">
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental</head>
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" title="dnssec-checkds">
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental<a name="man.dnssec-checkds"></a><div class="titlepage"></div>
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental  <div class="refnamediv">
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental<h2>Name</h2>
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental<p>
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental    <span class="application">dnssec-checkds</span>
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental     &#8212; A DNSSEC delegation consistency checking tool.
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental  </p>
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental</div>
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental  <div class="refsynopsisdiv" title="Synopsis">
9c0a44bb47b022c4cdb319d697ccd5a42d3253ddmental<h2>Synopsis</h2>
995ef36b2f4a73356bc05e380e05f1a66c8b2c8amental    <div class="cmdsynopsis"><p>
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental      <code class="command">dnssec-checkds</code>
9c0a44bb47b022c4cdb319d697ccd5a42d3253ddmental       [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>]
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental       [<code class="option">-f <em class="replaceable"><code>file</code></em></code>]
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental       [<code class="option">-d <em class="replaceable"><code>dig path</code></em></code>]
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental       [<code class="option">-D <em class="replaceable"><code>dsfromkey path</code></em></code>]
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental       {zone}
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental    </p></div>
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental    <div class="cmdsynopsis"><p>
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental      <code class="command">dnssec-dsfromkey</code>
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental       [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>]
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental       [<code class="option">-f <em class="replaceable"><code>file</code></em></code>]
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental       [<code class="option">-d <em class="replaceable"><code>dig path</code></em></code>]
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental       [<code class="option">-D <em class="replaceable"><code>dsfromkey path</code></em></code>]
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental       {zone}
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental   </p></div>
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental  </div>
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental  <div class="refsection" title="DESCRIPTION">
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental<a name="idp60885200"></a><h2>DESCRIPTION</h2>
33e65aa0bff5323a2f8473f4a7f7a74a97ebf5d6joncruz
33e65aa0bff5323a2f8473f4a7f7a74a97ebf5d6joncruz    <p><span class="command"><strong>dnssec-checkds</strong></span>
33e65aa0bff5323a2f8473f4a7f7a74a97ebf5d6joncruz      verifies the correctness of Delegation Signer (DS) or DNSSEC
33e65aa0bff5323a2f8473f4a7f7a74a97ebf5d6joncruz      Lookaside Validation (DLV) resource records for keys in a specified
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental      zone.
33e65aa0bff5323a2f8473f4a7f7a74a97ebf5d6joncruz    </p>
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental  </div>
33e65aa0bff5323a2f8473f4a7f7a74a97ebf5d6joncruz
33e65aa0bff5323a2f8473f4a7f7a74a97ebf5d6joncruz  <div class="refsection" title="OPTIONS">
33e65aa0bff5323a2f8473f4a7f7a74a97ebf5d6joncruz<a name="idp60886864"></a><h2>OPTIONS</h2>
33e65aa0bff5323a2f8473f4a7f7a74a97ebf5d6joncruz
33e65aa0bff5323a2f8473f4a7f7a74a97ebf5d6joncruz
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental    <div class="variablelist"><dl>
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental<dt><span class="term">-f <em class="replaceable"><code>file</code></em></span></dt>
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental<dd>
33e65aa0bff5323a2f8473f4a7f7a74a97ebf5d6joncruz          <p>
33e65aa0bff5323a2f8473f4a7f7a74a97ebf5d6joncruz            If a <code class="option">file</code> is specified, then the zone is
33e65aa0bff5323a2f8473f4a7f7a74a97ebf5d6joncruz            read from that file to find the DNSKEY records.  If not,
33e65aa0bff5323a2f8473f4a7f7a74a97ebf5d6joncruz            then the DNSKEY records for the zone are looked up in the DNS.
33e65aa0bff5323a2f8473f4a7f7a74a97ebf5d6joncruz          </p>
33e65aa0bff5323a2f8473f4a7f7a74a97ebf5d6joncruz        </dd>
b6b6fb614b494412013ec0cde6f9cd147e8207f3Kris<dt><span class="term">-l <em class="replaceable"><code>domain</code></em></span></dt>
0832343fd7f087d3b718bc86f2cf74014e56b582joncruz<dd>
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental          <p>
0832343fd7f087d3b718bc86f2cf74014e56b582joncruz            Check for a DLV record in the specified lookaside domain,
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental            instead of checking for a DS record in the zone's parent.
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental            For example, to check for DLV records for "example.com"
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental            in ISC's DLV zone, use:
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental            <span class="command"><strong>dnssec-checkds -l dlv.isc.org example.com</strong></span>
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental          </p>
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental        </dd>
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental<dt><span class="term">-d <em class="replaceable"><code>dig path</code></em></span></dt>
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental<dd>
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental          <p>
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental            Specifies a path to a <span class="command"><strong>dig</strong></span> binary.  Used
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental            for testing.
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental          </p>
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental        </dd>
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental<dt><span class="term">-D <em class="replaceable"><code>dsfromkey path</code></em></span></dt>
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental<dd>
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental          <p>
f1e32666f05d02e93035eb90a7ea273c6d2639dcKris            Specifies a path to a <span class="command"><strong>dnssec-dsfromkey</strong></span> binary.
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental            Used for testing.
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental          </p>
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental        </dd>
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental</dl></div>
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental  </div>
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental  <div class="refsection" title="SEE ALSO">
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental<a name="idp60901712"></a><h2>SEE ALSO</h2>
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental    <p><span class="citerefentry">
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental        <span class="refentrytitle">dnssec-dsfromkey</span>(8)
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental      </span>,
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental      <span class="citerefentry">
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental        <span class="refentrytitle">dnssec-keygen</span>(8)
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental      </span>,
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental      <span class="citerefentry">
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental        <span class="refentrytitle">dnssec-signzone</span>(8)
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental      </span>,
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental    </p>
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental  </div>
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental</div></body>
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental</html>
a8f1a69ef0da383f9b413c3043a74084e23b75c2mental