doc/arm/man.dnssec-coverage.html

	man.dnssec-coverage.html revision cd32f419a8a5432fbb139f56ee73cbf68b9350cc
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<!--
b0e8629055a766d4555a005a283c2889a5974945Mark Andrews - Copyright (C) 2004-2015 Internet Systems Consortium, Inc. ("ISC")
75c0816e8295e180f4bc7f10db3d0d880383bc1cMark Andrews - Copyright (C) 2000-2003 Internet Software Consortium.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein -
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - Permission to use, copy, modify, and/or distribute this software for any
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - purpose with or without fee is hereby granted, provided that the above
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - copyright notice and this permission notice appear in all copies.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein -
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - PERFORMANCE OF THIS SOFTWARE.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein-->
68b30890ebd441a6a1ae3fdf71744d07d02cd030Mark Andrews<!-- $Id$ -->
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<html>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<head>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<title>dnssec-coverage</title>
e21a2904f02a03fa06b6db04d348f65fe9c67b2bMark Andrews<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<link rel="up" href="Bv9ARM.ch13.html" title="Manual pages">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<link rel="prev" href="man.dnssec-checkds.html" title="dnssec-checkds">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<link rel="next" href="man.dnssec-dsfromkey.html" title="dnssec-dsfromkey">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</head>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="navheader">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<table width="100%" summary="Navigation header">
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews<tr><th colspan="3" align="center"><span class="application">dnssec-coverage</span></th></tr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<tr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td width="20%" align="left">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a accesskey="p" href="man.dnssec-checkds.html">Prev</a>�</td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<th width="60%" align="center">Manual pages</th>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td width="20%" align="right">�<a accesskey="n" href="man.dnssec-dsfromkey.html">Next</a>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</tr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</table>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<hr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="refentry" lang="en">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="man.dnssec-coverage"></a><div class="titlepage"></div>
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews<div class="refnamediv">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<h2>Name</h2>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p><span class="application">dnssec-coverage</span> &#8212; checks future DNSKEY coverage for a zone</p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="refsynopsisdiv">
68b30890ebd441a6a1ae3fdf71744d07d02cd030Mark Andrews<h2>Synopsis</h2>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="cmdsynopsis"><p><code class="command">dnssec-coverage</code>  [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-l <em class="replaceable"><code>length</code></em></code>] [<code class="option">-f <em class="replaceable"><code>file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>DNSKEY TTL</code></em></code>] [<code class="option">-m <em class="replaceable"><code>max TTL</code></em></code>] [<code class="option">-r <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-c <em class="replaceable"><code>compilezone path</code></em></code>] [<code class="option">-k</code>] [<code class="option">-z</code>] [zone]</p></div>
68b30890ebd441a6a1ae3fdf71744d07d02cd030Mark Andrews</div>
68b30890ebd441a6a1ae3fdf71744d07d02cd030Mark Andrews<div class="refsect1" lang="en">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="id2619074"></a><h2>DESCRIPTION</h2>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p><span><strong class="command">dnssec-coverage</strong></span>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      verifies that the DNSSEC keys for a given zone or a set of zones
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      have timing metadata set properly to ensure no future lapses in DNSSEC
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      coverage.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      If <code class="option">zone</code> is specified, then keys found in
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      the key repository matching that zone are scanned, and an ordered
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      list is generated of the events scheduled for that key (i.e.,
68b30890ebd441a6a1ae3fdf71744d07d02cd030Mark Andrews      publication, activation, inactivation, deletion).  The list of
68b30890ebd441a6a1ae3fdf71744d07d02cd030Mark Andrews      events is walked in order of occurrence.  Warnings are generated
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      if any event is scheduled which could cause the zone to enter a
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      state in which validation failures might occur: for example, if
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      the number of published or active keys for a given algorithm drops
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      to zero, or if a key is deleted from the zone too soon after a new
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      key is rolled, and cached data signed by the prior key has not had
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      time to expire from resolver caches.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      If <code class="option">zone</code> is not specified, then all keys in the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      key repository will be scanned, and all zones for which there are
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      keys will be analyzed.  (Note: This method of reporting is only
b05bdb520d83f7ecaad708fe305268c3420be01dMark Andrews      accurate if all the zones that have keys in a given repository
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      share the same TTL parameters.)
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="refsect1" lang="en">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="id2619100"></a><h2>OPTIONS</h2>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="variablelist"><dl>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<dd><p>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews            Sets the directory in which keys can be found.  Defaults to the
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews            current working directory.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews          </p></dd>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<dt><span class="term">-f <em class="replaceable"><code>file</code></em></span></dt>
47012ae6dbf18a2503d7b33c1c9583dc38625cb7Mark Andrews<dd><p>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce            If a <code class="option">file</code> is specified, then the zone is
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews            read from that file; the largest TTL and the DNSKEY TTL are
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce            determined directly from the zone data, and the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce            <code class="option">-m</code> and <code class="option">-d</code> options do
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce            not need to be specified on the command line.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce          </p></dd>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<dt><span class="term">-l <em class="replaceable"><code>duration</code></em></span></dt>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<dd>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<p>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce            The length of time to check for DNSSEC coverage.  Key events
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce            scheduled further into the future than <code class="option">duration</code>
47012ae6dbf18a2503d7b33c1c9583dc38625cb7Mark Andrews            will be ignored, and assumed to be correct.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce          </p>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<p>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce            The value of <code class="option">duration</code> can be set in seconds,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce            or in larger units of time by adding a suffix: 'mi' for minutes,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce            'h' for hours, 'd' for days, 'w' for weeks, 'mo' for months,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            'y' for years.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</dd>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="term">-m <em class="replaceable"><code>maximum TTL</code></em></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dd>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            Sets the value to be used as the maximum TTL for the zone or
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews            zones being analyzed when determining whether there is a
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews            possibility of validation failure.  When a zone-signing key is
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews            deactivated, there must be enough time for the record in the
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews            zone with the longest TTL to have expired from resolver caches
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            before that key can be purged from the DNSKEY RRset.  If that
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            condition does not apply, a warning will be generated.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p>
68b30890ebd441a6a1ae3fdf71744d07d02cd030Mark Andrews            The length of the TTL can be set in seconds, or in larger units
4abdfc917e6635a7c81d1f931a0c79227e72d025Mark Andrews            of time by adding a suffix: 'mi' for minutes, 'h' for hours,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            'd' for days, 'w' for weeks, 'mo' for months, 'y' for years.
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews          </p>
b05bdb520d83f7ecaad708fe305268c3420be01dMark Andrews<p>
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews            This option is mandatory unless the <code class="option">-f</code> has
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            been used to specify a zone file.  (If <code class="option">-f</code> has
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            been specified, this option may still be used; it will override
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            the value found in the file.)
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          </p>
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews</dd>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="term">-d <em class="replaceable"><code>DNSKEY TTL</code></em></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dd>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            Sets the value to be used as the DNSKEY TTL for the zone or
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews            zones being analyzed when determining whether there is a
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            possibility of validation failure.  When a key is rolled (that
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            is, replaced with a new key), there must be enough time
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            for the old DNSKEY RRset to have expired from resolver caches
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            before the new key is activated and begins generating
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            signatures.  If that condition does not apply, a warning
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            will be generated.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p>
68b30890ebd441a6a1ae3fdf71744d07d02cd030Mark Andrews            The length of the TTL can be set in seconds, or in larger units
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            of time by adding a suffix: 'mi' for minutes, 'h' for hours,
47012ae6dbf18a2503d7b33c1c9583dc38625cb7Mark Andrews            'd' for days, 'w' for weeks, 'mo' for months, 'y' for years.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            This option is mandatory unless the <code class="option">-f</code> has
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            been used to specify a zone file, or a default key TTL was
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews            set with the <code class="option">-L</code> to
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews            <span><strong class="command">dnssec-keygen</strong></span>.  (If either of those is true,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            this option may still be used; it will override the value found
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            in the zone or key file.)
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</dd>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="term">-r <em class="replaceable"><code>resign interval</code></em></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dd>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            Sets the value to be used as the resign interval for the zone
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            or zones being analyzed when determining whether there is a
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            possibility of validation failure.  This value defaults to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            22.5 days, which is also the default in
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            <span><strong class="command">named</strong></span>.  However, if it has been changed
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            by the <code class="option">sig-validity-interval</code> option in
47012ae6dbf18a2503d7b33c1c9583dc38625cb7Mark Andrews            <code class="filename">named.conf</code>, then it should also be
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            changed here.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            The length of the interval can be set in seconds, or in larger
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            units of time by adding a suffix: 'mi' for minutes, 'h' for hours,
68b30890ebd441a6a1ae3fdf71744d07d02cd030Mark Andrews            'd' for days, 'w' for weeks, 'mo' for months, 'y' for years.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</dd>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="term">-k</span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dd><p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        Only check KSK coverage; ignore ZSK events. Cannot be
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            used with <code class="option">-z</code>.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          </p></dd>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="term">-z</span></dt>
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews<dd><p>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews        Only check ZSK coverage; ignore KSK events. Cannot be
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            used with <code class="option">-k</code>.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews          </p></dd>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<dt><span class="term">-c <em class="replaceable"><code>compilezone path</code></em></span></dt>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<dd><p>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews            Specifies a path to a <span><strong class="command">named-compilezone</strong></span> binary.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews            Used for testing.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews          </p></dd>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</dl></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="refsect1" lang="en">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="id2619546"></a><h2>SEE ALSO</h2>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <span class="citerefentry"><span class="refentrytitle">dnssec-checkds</span>(8)</span>,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <span class="citerefentry"><span class="refentrytitle">dnssec-dsfromkey</span>(8)</span>,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews      <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="refsect1" lang="en">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="id2619590"></a><h2>AUTHOR</h2>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p><span class="corpauthor">Internet Systems Consortium</span>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="navfooter">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<hr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<table width="100%" summary="Navigation footer">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<tr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td width="40%" align="left">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a accesskey="p" href="man.dnssec-checkds.html">Prev</a>�</td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch13.html">Up</a></td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td width="40%" align="right">�<a accesskey="n" href="man.dnssec-dsfromkey.html">Next</a>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</tr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<tr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td width="40%" align="left" valign="top">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<span class="application">dnssec-checkds</span>�</td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td width="40%" align="right" valign="top">�<span class="application">dnssec-dsfromkey</span>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</tr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</table>
b05bdb520d83f7ecaad708fe305268c3420be01dMark Andrews</div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p style="text-align: center;">BIND 9.11.0pre-alpha</p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</body>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</html>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein