man.dnssec-dsfromkey.html revision 9c716f839c5dc2a9e236dada3af83b03e863078b
990d0e893f5b70e735cdf990af66e9ec6e91fa78Tinderbox User - Copyright (C) 2004-2015 Internet Systems Consortium, Inc. ("ISC")
3e02c9e33656dcd9c364633d42dd785d3e6fdd66Automatic Updater - Copyright (C) 2000-2003 Internet Software Consortium.
590c12cfe3b9a179ab2faa1be791a069c81882e0Automatic Updater - Permission to use, copy, modify, and/or distribute this software for any
590c12cfe3b9a179ab2faa1be791a069c81882e0Automatic Updater - purpose with or without fee is hereby granted, provided that the above
590c12cfe3b9a179ab2faa1be791a069c81882e0Automatic Updater - copyright notice and this permission notice appear in all copies.
590c12cfe3b9a179ab2faa1be791a069c81882e0Automatic Updater - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
590c12cfe3b9a179ab2faa1be791a069c81882e0Automatic Updater - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
3e02c9e33656dcd9c364633d42dd785d3e6fdd66Automatic Updater - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
590c12cfe3b9a179ab2faa1be791a069c81882e0Automatic Updater - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
590c12cfe3b9a179ab2faa1be791a069c81882e0Automatic Updater - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
590c12cfe3b9a179ab2faa1be791a069c81882e0Automatic Updater - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
590c12cfe3b9a179ab2faa1be791a069c81882e0Automatic Updater - PERFORMANCE OF THIS SOFTWARE.
590c12cfe3b9a179ab2faa1be791a069c81882e0Automatic Updater<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
590c12cfe3b9a179ab2faa1be791a069c81882e0Automatic Updater<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
590c12cfe3b9a179ab2faa1be791a069c81882e0Automatic Updater<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
590c12cfe3b9a179ab2faa1be791a069c81882e0Automatic Updater<link rel="up" href="Bv9ARM.ch13.html" title="Manual pages">
590c12cfe3b9a179ab2faa1be791a069c81882e0Automatic Updater<link rel="prev" href="man.dnssec-coverage.html" title="dnssec-coverage">
590c12cfe3b9a179ab2faa1be791a069c81882e0Automatic Updater<link rel="next" href="man.dnssec-importkey.html" title="dnssec-importkey">
590c12cfe3b9a179ab2faa1be791a069c81882e0Automatic Updater<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
590c12cfe3b9a179ab2faa1be791a069c81882e0Automatic Updater<table width="100%" summary="Navigation header">
590c12cfe3b9a179ab2faa1be791a069c81882e0Automatic Updater<tr><th colspan="3" align="center"><span class="application">dnssec-dsfromkey</span></th></tr>
590c12cfe3b9a179ab2faa1be791a069c81882e0Automatic Updater<a accesskey="p" href="man.dnssec-coverage.html">Prev</a>�</td>
590c12cfe3b9a179ab2faa1be791a069c81882e0Automatic Updater<th width="60%" align="center">Manual pages</th>
590c12cfe3b9a179ab2faa1be791a069c81882e0Automatic Updater<td width="20%" align="right">�<a accesskey="n" href="man.dnssec-importkey.html">Next</a>
590c12cfe3b9a179ab2faa1be791a069c81882e0Automatic Updater<a name="man.dnssec-dsfromkey"></a><div class="titlepage"></div>
590c12cfe3b9a179ab2faa1be791a069c81882e0Automatic Updater<p><span class="application">dnssec-dsfromkey</span> — DNSSEC DS RR generation tool</p>
a3f8c8e20780e488141d200acdfea6c5f3303513Automatic Updater<div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code> [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-1</code>] [<code class="option">-2</code>] [<code class="option">-a <em class="replaceable"><code>alg</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-T <em class="replaceable"><code>TTL</code></em></code>] {keyfile}</p></div>
590c12cfe3b9a179ab2faa1be791a069c81882e0Automatic Updater<div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code> {-s} [<code class="option">-1</code>] [<code class="option">-2</code>] [<code class="option">-a <em class="replaceable"><code>alg</code></em></code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-s</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-T <em class="replaceable"><code>TTL</code></em></code>] [<code class="option">-f <em class="replaceable"><code>file</code></em></code>] [<code class="option">-A</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {dnsname}</p></div>
590c12cfe3b9a179ab2faa1be791a069c81882e0Automatic Updater<div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code> [<code class="option">-h</code>] [<code class="option">-V</code>]</p></div>
590c12cfe3b9a179ab2faa1be791a069c81882e0Automatic Updater<a name="id2620158"></a><h2>DESCRIPTION</h2>
590c12cfe3b9a179ab2faa1be791a069c81882e0Automatic Updater<p><span><strong class="command">dnssec-dsfromkey</strong></span>
f8e3e03cacd16ffb923a9603fca23a9e1a1fee07Automatic Updater outputs the Delegation Signer (DS) resource record (RR), as defined in
590c12cfe3b9a179ab2faa1be791a069c81882e0Automatic Updater RFC 3658 and RFC 4509, for the given key(s).
590c12cfe3b9a179ab2faa1be791a069c81882e0Automatic Updater Use SHA-1 as the digest algorithm (the default is to use
590c12cfe3b9a179ab2faa1be791a069c81882e0Automatic Updater both SHA-1 and SHA-256).
590c12cfe3b9a179ab2faa1be791a069c81882e0Automatic Updater Use SHA-256 as the digest algorithm.
590c12cfe3b9a179ab2faa1be791a069c81882e0Automatic Updater<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
77dccf2a5d9327d16b4374a135cdb99bdd48620eAutomatic Updater Select the digest algorithm. The value of
590c12cfe3b9a179ab2faa1be791a069c81882e0Automatic Updater <code class="option">algorithm</code> must be one of SHA-1 (SHA1),
590c12cfe3b9a179ab2faa1be791a069c81882e0Automatic Updater SHA-256 (SHA256), GOST or SHA-384 (SHA384).
590c12cfe3b9a179ab2faa1be791a069c81882e0Automatic Updater These values are case insensitive.
590c12cfe3b9a179ab2faa1be791a069c81882e0Automatic Updater<dt><span class="term">-T <em class="replaceable"><code>TTL</code></em></span></dt>
590c12cfe3b9a179ab2faa1be791a069c81882e0Automatic Updater Specifies the TTL of the DS records.
590c12cfe3b9a179ab2faa1be791a069c81882e0Automatic Updater<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
590c12cfe3b9a179ab2faa1be791a069c81882e0Automatic Updater Look for key files (or, in keyset mode,
590c12cfe3b9a179ab2faa1be791a069c81882e0Automatic Updater <code class="filename">keyset-</code> files) in
7717ec7a6a898cdd3c35cbfba66010b7304ffd9bAutomatic Updater<dt><span class="term">-f <em class="replaceable"><code>file</code></em></span></dt>
590c12cfe3b9a179ab2faa1be791a069c81882e0Automatic Updater Zone file mode: in place of the keyfile name, the argument is
590c12cfe3b9a179ab2faa1be791a069c81882e0Automatic Updater the DNS domain name of a zone master file, which can be read
590c12cfe3b9a179ab2faa1be791a069c81882e0Automatic Updater from <code class="option">file</code>. If the zone name is the same as
a3f8c8e20780e488141d200acdfea6c5f3303513Automatic Updater <code class="option">file</code>, then it may be omitted.
a3f8c8e20780e488141d200acdfea6c5f3303513Automatic Updater If <code class="option">file</code> is set to <code class="literal">"-"</code>, then
a3f8c8e20780e488141d200acdfea6c5f3303513Automatic Updater the zone data is read from the standard input. This makes it
a3f8c8e20780e488141d200acdfea6c5f3303513Automatic Updater possible to use the output of the <span><strong class="command">dig</strong></span>
a3f8c8e20780e488141d200acdfea6c5f3303513Automatic Updater command as input, as in:
590c12cfe3b9a179ab2faa1be791a069c81882e0Automatic Updater <strong class="userinput"><code>dig dnskey example.com | dnssec-dsfromkey -f - example.com</code></strong>
590c12cfe3b9a179ab2faa1be791a069c81882e0Automatic Updater Include ZSKs when generating DS records. Without this option,
590c12cfe3b9a179ab2faa1be791a069c81882e0Automatic Updater only keys which have the KSK flag set will be converted to DS
590c12cfe3b9a179ab2faa1be791a069c81882e0Automatic Updater records and printed. Useful only in zone file mode.
6ea2385360e9e2167e65f9286447da9eea189457Tinderbox User<dt><span class="term">-l <em class="replaceable"><code>domain</code></em></span></dt>
6ea2385360e9e2167e65f9286447da9eea189457Tinderbox User Generate a DLV set instead of a DS set. The specified
6ea2385360e9e2167e65f9286447da9eea189457Tinderbox User <code class="option">domain</code> is appended to the name for each
6ea2385360e9e2167e65f9286447da9eea189457Tinderbox User record in the set.
6ea2385360e9e2167e65f9286447da9eea189457Tinderbox User The DNSSEC Lookaside Validation (DLV) RR is described
6ea2385360e9e2167e65f9286447da9eea189457Tinderbox User Keyset mode: in place of the keyfile name, the argument is
6ea2385360e9e2167e65f9286447da9eea189457Tinderbox User the DNS domain name of a keyset file.
590c12cfe3b9a179ab2faa1be791a069c81882e0Automatic Updater<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
590c12cfe3b9a179ab2faa1be791a069c81882e0Automatic Updater Specifies the DNS class (default is IN). Useful only
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User in keyset or zone file mode.
590c12cfe3b9a179ab2faa1be791a069c81882e0Automatic Updater<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater Sets the debugging level.
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater Prints usage information.
590c12cfe3b9a179ab2faa1be791a069c81882e0Automatic Updater Prints version information.
590c12cfe3b9a179ab2faa1be791a069c81882e0Automatic Updater To build the SHA-256 DS RR from the
590c12cfe3b9a179ab2faa1be791a069c81882e0Automatic Updater <strong class="userinput"><code>Kexample.com.+003+26160</code></strong>
5a24d24c8fba3480d707c0c902379ddb36501e12Automatic Updater keyfile name, the following command would be issued:
590c12cfe3b9a179ab2faa1be791a069c81882e0Automatic Updater<p><strong class="userinput"><code>dnssec-dsfromkey -2 Kexample.com.+003+26160</code></strong>
590c12cfe3b9a179ab2faa1be791a069c81882e0Automatic Updater The command would print something like:
590c12cfe3b9a179ab2faa1be791a069c81882e0Automatic Updater<p><strong class="userinput"><code>example.com. IN DS 26160 5 2 3A1EADA7A74B8D0BA86726B0C227AA85AB8BBD2B2004F41A868A54F0 C5EA0B94</code></strong>
f8e3e03cacd16ffb923a9603fca23a9e1a1fee07Automatic Updater The keyfile can be designed by the key identification
590c12cfe3b9a179ab2faa1be791a069c81882e0Automatic Updater <code class="filename">Knnnn.+aaa+iiiii</code> or the full file name
590c12cfe3b9a179ab2faa1be791a069c81882e0Automatic Updater <code class="filename">Knnnn.+aaa+iiiii.key</code> as generated by
590c12cfe3b9a179ab2faa1be791a069c81882e0Automatic Updater <span class="refentrytitle">dnssec-keygen</span>(8).
f8e3e03cacd16ffb923a9603fca23a9e1a1fee07Automatic Updater The keyset file name is built from the <code class="option">directory</code>,
590c12cfe3b9a179ab2faa1be791a069c81882e0Automatic Updater the string <code class="filename">keyset-</code> and the
3acf5eb97cebc2ba868e6ac4a4e01e6d1be0c892Automatic Updater A keyfile error can give a "file not found" even if the file exists.
3acf5eb97cebc2ba868e6ac4a4e01e6d1be0c892Automatic Updater<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
3acf5eb97cebc2ba868e6ac4a4e01e6d1be0c892Automatic Updater <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
3acf5eb97cebc2ba868e6ac4a4e01e6d1be0c892Automatic Updater <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
3acf5eb97cebc2ba868e6ac4a4e01e6d1be0c892Automatic Updater<p><span class="corpauthor">Internet Systems Consortium</span>
3acf5eb97cebc2ba868e6ac4a4e01e6d1be0c892Automatic Updater<table width="100%" summary="Navigation footer">
3acf5eb97cebc2ba868e6ac4a4e01e6d1be0c892Automatic Updater<a accesskey="p" href="man.dnssec-coverage.html">Prev</a>�</td>
3acf5eb97cebc2ba868e6ac4a4e01e6d1be0c892Automatic Updater<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch13.html">Up</a></td>
3acf5eb97cebc2ba868e6ac4a4e01e6d1be0c892Automatic Updater<td width="40%" align="right">�<a accesskey="n" href="man.dnssec-importkey.html">Next</a>
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User<span class="application">dnssec-coverage</span>�</td>
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater<td width="40%" align="right" valign="top">�<span class="application">dnssec-importkey</span>
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater<p style="text-align: center;">BIND 9.11.0pre-alpha</p>