dnssec-checkds.html revision bf8267aa453e5d2a735ed732a043b77a0b355b20
<!--
- Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC")
-
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
- THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id$ -->
<html>
<head>
<title>dnssec-checkds</title>
<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
<div class="refnamediv">
<h2>Name</h2>
<p><span class="application">dnssec-dsfromkey</span> — DNSSEC DS RR generation tool</p>
</div>
<div class="refsynopsisdiv">
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p><code class="command">dnssec-chedkcs</code> [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-f <em class="replaceable"><code>file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>dig path</code></em></code>] [<code class="option">-D <em class="replaceable"><code>dsfromkey path</code></em></code>] {zone}</p></div>
<div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code> [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-f <em class="replaceable"><code>file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>dig path</code></em></code>] [<code class="option">-D <em class="replaceable"><code>dsfromkey path</code></em></code>] {zone}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543418"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-checkds</strong></span>
verifies the correctness of Delegation Signer (DS) or DNSSEC
Lookaside Validation (DLV) resource records for keys in a specified
zone.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543430"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-f <em class="replaceable"><code>file</code></em></span></dt>
<dd><p>
If a <code class="option">file</code> is specified, then the zone is
read from that file to find the DNSKEY records. If not,
then the DNSKEY records for the zone are looked up in the DNS.
</p></dd>
<dt><span class="term">-l <em class="replaceable"><code>domain</code></em></span></dt>
<dd><p>
Check for a DLV record in the specified lookaside domain,
instead of checking for a DS record in the zone's parent.
For example, to check for DLV records for "example.com"
in ISC's DLV zone, use:
</p></dd>
<dt><span class="term">-d <em class="replaceable"><code>dig path</code></em></span></dt>
<dd><p>
Specifies a path to a <span><strong class="command">dig</strong></span> binary. Used
for testing.
</p></dd>
<dt><span class="term">-D <em class="replaceable"><code>dsfromkey path</code></em></span></dt>
<dd><p>
Specifies a path to a <span><strong class="command">dnssec-dsfromkey</strong></span> binary.
Used for testing.
</p></dd>
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543526"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-dsfromkey</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543560"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
</div></body>
</html>