bin/python/dnssec-checkds.html

	dnssec-checkds.html revision 1cefb9df3fa34d08734f29005cfafa6be5cf3e93
5f5870385cff47efd2f58e7892f251cf13761528Timo Sirainen<!--
28c75d59f1d1a7caeb85635964f3881c0038eb23Timo Sirainen - Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC")
28c75d59f1d1a7caeb85635964f3881c0038eb23Timo Sirainen -
28c75d59f1d1a7caeb85635964f3881c0038eb23Timo Sirainen - Permission to use, copy, modify, and/or distribute this software for any
8971ca621b7a7337947306494731b75d1d3919e5Timo Sirainen - purpose with or without fee is hereby granted, provided that the above
28c75d59f1d1a7caeb85635964f3881c0038eb23Timo Sirainen - copyright notice and this permission notice appear in all copies.
28c75d59f1d1a7caeb85635964f3881c0038eb23Timo Sirainen -
28c75d59f1d1a7caeb85635964f3881c0038eb23Timo Sirainen - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
4ee00532a265bdfb38539d811fcd12d51210ac35Timo Sirainen - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
e3237982a4e6346c2fec4b8f8fb946c826a363fdTimo Sirainen - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
28c75d59f1d1a7caeb85635964f3881c0038eb23Timo Sirainen - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
419cf63077e755935ce105747d6ebc67b7d38a7fTimo Sirainen - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
28c75d59f1d1a7caeb85635964f3881c0038eb23Timo Sirainen - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
28c75d59f1d1a7caeb85635964f3881c0038eb23Timo Sirainen - PERFORMANCE OF THIS SOFTWARE.
28c75d59f1d1a7caeb85635964f3881c0038eb23Timo Sirainen-->
7bd72e4deca3cbf757dd1ea298486d9f3bc24226Timo Sirainen<!-- $Id$ -->
7bd72e4deca3cbf757dd1ea298486d9f3bc24226Timo Sirainen<html>
7bd72e4deca3cbf757dd1ea298486d9f3bc24226Timo Sirainen<head>
7bd72e4deca3cbf757dd1ea298486d9f3bc24226Timo Sirainen<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
7bd72e4deca3cbf757dd1ea298486d9f3bc24226Timo Sirainen<title>dnssec-checkds</title>
28c75d59f1d1a7caeb85635964f3881c0038eb23Timo Sirainen<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
28c75d59f1d1a7caeb85635964f3881c0038eb23Timo Sirainen</head>
28c75d59f1d1a7caeb85635964f3881c0038eb23Timo Sirainen<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
28c75d59f1d1a7caeb85635964f3881c0038eb23Timo Sirainen<a name="man.dnssec-dsfromkey"></a><div class="titlepage"></div>
419cf63077e755935ce105747d6ebc67b7d38a7fTimo Sirainen<div class="refnamediv">
28c75d59f1d1a7caeb85635964f3881c0038eb23Timo Sirainen<h2>Name</h2>
419cf63077e755935ce105747d6ebc67b7d38a7fTimo Sirainen<p><span class="application">dnssec-dsfromkey</span> &#8212; DNSSEC DS RR generation tool</p>
91dca97b367c54a139c268b56a0c67f564bd9197Timo Sirainen</div>
28c75d59f1d1a7caeb85635964f3881c0038eb23Timo Sirainen<div class="refsynopsisdiv">
419cf63077e755935ce105747d6ebc67b7d38a7fTimo Sirainen<h2>Synopsis</h2>
419cf63077e755935ce105747d6ebc67b7d38a7fTimo Sirainen<div class="cmdsynopsis"><p><code class="command">dnssec-chedkcs</code>  [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-f <em class="replaceable"><code>file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>dig path</code></em></code>] [<code class="option">-D <em class="replaceable"><code>dsfromkey path</code></em></code>] {zone}</p></div>
419cf63077e755935ce105747d6ebc67b7d38a7fTimo Sirainen<div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code>  [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-f <em class="replaceable"><code>file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>dig path</code></em></code>] [<code class="option">-D <em class="replaceable"><code>dsfromkey path</code></em></code>] {zone}</p></div>
28c75d59f1d1a7caeb85635964f3881c0038eb23Timo Sirainen</div>
419cf63077e755935ce105747d6ebc67b7d38a7fTimo Sirainen<div class="refsect1" lang="en">
28c75d59f1d1a7caeb85635964f3881c0038eb23Timo Sirainen<a name="id2543418"></a><h2>DESCRIPTION</h2>
28c75d59f1d1a7caeb85635964f3881c0038eb23Timo Sirainen<p><span><strong class="command">dnssec-checkds</strong></span>
419cf63077e755935ce105747d6ebc67b7d38a7fTimo Sirainen      verifies the correctness of Delegation Signer (DS) or DNSSEC
28c75d59f1d1a7caeb85635964f3881c0038eb23Timo Sirainen      Lookaside Validation (DLV) resource records for keys in a specified
28c75d59f1d1a7caeb85635964f3881c0038eb23Timo Sirainen      zone.
7bd72e4deca3cbf757dd1ea298486d9f3bc24226Timo Sirainen    </p>
28c75d59f1d1a7caeb85635964f3881c0038eb23Timo Sirainen</div>
7bd72e4deca3cbf757dd1ea298486d9f3bc24226Timo Sirainen<div class="refsect1" lang="en">
7bd72e4deca3cbf757dd1ea298486d9f3bc24226Timo Sirainen<a name="id2543430"></a><h2>OPTIONS</h2>
7bd72e4deca3cbf757dd1ea298486d9f3bc24226Timo Sirainen<div class="variablelist"><dl>
28c75d59f1d1a7caeb85635964f3881c0038eb23Timo Sirainen<dt><span class="term">-f <em class="replaceable"><code>file</code></em></span></dt>
28c75d59f1d1a7caeb85635964f3881c0038eb23Timo Sirainen<dd><p>
28c75d59f1d1a7caeb85635964f3881c0038eb23Timo Sirainen            If a <code class="option">file</code> is specified, then the zone is
7bd72e4deca3cbf757dd1ea298486d9f3bc24226Timo Sirainen            read from that file to find the DNSKEY records.  If not,
7bd72e4deca3cbf757dd1ea298486d9f3bc24226Timo Sirainen            then the DNSKEY records for the zone are looked up in the DNS.
28c75d59f1d1a7caeb85635964f3881c0038eb23Timo Sirainen          </p></dd>
419cf63077e755935ce105747d6ebc67b7d38a7fTimo Sirainen<dt><span class="term">-l <em class="replaceable"><code>domain</code></em></span></dt>
419cf63077e755935ce105747d6ebc67b7d38a7fTimo Sirainen<dd><p>
28c75d59f1d1a7caeb85635964f3881c0038eb23Timo Sirainen            Check for a DLV record in the specified lookaside domain,
28c75d59f1d1a7caeb85635964f3881c0038eb23Timo Sirainen            instead of checking for a DS record in the zone's parent.
e3fabe8d0faa9aab7cae2d0eee9653f581a3061dTimo Sirainen            For example, to check for DLV records for "example.com"
e3fabe8d0faa9aab7cae2d0eee9653f581a3061dTimo Sirainen            in ISC's DLV zone, use:
e3fabe8d0faa9aab7cae2d0eee9653f581a3061dTimo Sirainen            <span><strong class="command">dnssec-checkds -l dlv.isc.org example.com</strong></span>
e3fabe8d0faa9aab7cae2d0eee9653f581a3061dTimo Sirainen          </p></dd>
fefd62f9aaccecbc6011ecae359a3389668cbff5Timo Sirainen<dt><span class="term">-d <em class="replaceable"><code>dig path</code></em></span></dt>
75bb83681e30d6a86109bbafdfe6b513c11124bcTimo Sirainen<dd><p>
31257b47d47510ceb093a6b218810a1a5b830c55Timo Sirainen            Specifies a path to a <span><strong class="command">dig</strong></span> binary.  Used
e3fabe8d0faa9aab7cae2d0eee9653f581a3061dTimo Sirainen            for testing.
e3fabe8d0faa9aab7cae2d0eee9653f581a3061dTimo Sirainen          </p></dd>
e3fabe8d0faa9aab7cae2d0eee9653f581a3061dTimo Sirainen<dt><span class="term">-D <em class="replaceable"><code>dsfromkey path</code></em></span></dt>
e3fabe8d0faa9aab7cae2d0eee9653f581a3061dTimo Sirainen<dd><p>
e3fabe8d0faa9aab7cae2d0eee9653f581a3061dTimo Sirainen            Specifies a path to a <span><strong class="command">dnssec-dsfromkey</strong></span> binary.
e3fabe8d0faa9aab7cae2d0eee9653f581a3061dTimo Sirainen            Used for testing.
fefd62f9aaccecbc6011ecae359a3389668cbff5Timo Sirainen          </p></dd>
75bb83681e30d6a86109bbafdfe6b513c11124bcTimo Sirainen</dl></div>
31257b47d47510ceb093a6b218810a1a5b830c55Timo Sirainen</div>
e3fabe8d0faa9aab7cae2d0eee9653f581a3061dTimo Sirainen<div class="refsect1" lang="en">
e3fabe8d0faa9aab7cae2d0eee9653f581a3061dTimo Sirainen<a name="id2543526"></a><h2>SEE ALSO</h2>
10399559650f552a23949772be79eb6a80198c5aTimo Sirainen<p><span class="citerefentry"><span class="refentrytitle">dnssec-dsfromkey</span>(8)</span>,
10399559650f552a23949772be79eb6a80198c5aTimo Sirainen      <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
28c75d59f1d1a7caeb85635964f3881c0038eb23Timo Sirainen      <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
28c75d59f1d1a7caeb85635964f3881c0038eb23Timo Sirainen    </p>
9844b5359f5cab77e4c31a7ac9e4a60a0073929eTimo Sirainen</div>
28c75d59f1d1a7caeb85635964f3881c0038eb23Timo Sirainen<div class="refsect1" lang="en">
080a75584cfbe21ffd2d23c6bbb4cd8fdfd0990cTimo Sirainen<a name="id2543560"></a><h2>AUTHOR</h2>
080a75584cfbe21ffd2d23c6bbb4cd8fdfd0990cTimo Sirainen<p><span class="corpauthor">Internet Systems Consortium</span>
28c75d59f1d1a7caeb85635964f3881c0038eb23Timo Sirainen    </p>
28c75d59f1d1a7caeb85635964f3881c0038eb23Timo Sirainen</div>
14cdb8cbe37616464c965aec90a8494b339db538Timo Sirainen</div></body>
10399559650f552a23949772be79eb6a80198c5aTimo Sirainen</html>
28c75d59f1d1a7caeb85635964f3881c0038eb23Timo Sirainen