doc/arm/man.dnssec-dsfromkey.html

	man.dnssec-dsfromkey.html revision b397f922936e9f73aa8c3ea40be3ad74285dacaa
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews<!--
87708bde16713bc02ff2598f4a82f98c699a2f2dMark Andrews - Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews - Copyright (C) 2000-2003 Internet Software Consortium.
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews -
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews - Permission to use, copy, modify, and/or distribute this software for any
87708bde16713bc02ff2598f4a82f98c699a2f2dMark Andrews - purpose with or without fee is hereby granted, provided that the above
87708bde16713bc02ff2598f4a82f98c699a2f2dMark Andrews - copyright notice and this permission notice appear in all copies.
87708bde16713bc02ff2598f4a82f98c699a2f2dMark Andrews -
9fee08f655527a5dd849b171daeeee1dbbccca76Vernon Schryver - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
9fee08f655527a5dd849b171daeeee1dbbccca76Vernon Schryver - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
9fee08f655527a5dd849b171daeeee1dbbccca76Vernon Schryver - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
9fee08f655527a5dd849b171daeeee1dbbccca76Vernon Schryver - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
afaa290bb6acc504e93a0adbf20b6dd6c64e6d63Vernon Schryver - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
9fee08f655527a5dd849b171daeeee1dbbccca76Vernon Schryver - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
9fee08f655527a5dd849b171daeeee1dbbccca76Vernon Schryver - PERFORMANCE OF THIS SOFTWARE.
9fee08f655527a5dd849b171daeeee1dbbccca76Vernon Schryver-->
87708bde16713bc02ff2598f4a82f98c699a2f2dMark Andrews<!-- $Id$ -->
87708bde16713bc02ff2598f4a82f98c699a2f2dMark Andrews<html>
87708bde16713bc02ff2598f4a82f98c699a2f2dMark Andrews<head>
afaa290bb6acc504e93a0adbf20b6dd6c64e6d63Vernon Schryver<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
87708bde16713bc02ff2598f4a82f98c699a2f2dMark Andrews<title>dnssec-dsfromkey</title>
9fee08f655527a5dd849b171daeeee1dbbccca76Vernon Schryver<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
afaa290bb6acc504e93a0adbf20b6dd6c64e6d63Vernon Schryver<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
afaa290bb6acc504e93a0adbf20b6dd6c64e6d63Vernon Schryver<link rel="up" href="Bv9ARM.ch10.html" title="Manual pages">
87708bde16713bc02ff2598f4a82f98c699a2f2dMark Andrews<link rel="prev" href="man.host.html" title="host">
9fee08f655527a5dd849b171daeeee1dbbccca76Vernon Schryver<link rel="next" href="man.dnssec-keyfromlabel.html" title="dnssec-keyfromlabel">
afaa290bb6acc504e93a0adbf20b6dd6c64e6d63Vernon Schryver</head>
afaa290bb6acc504e93a0adbf20b6dd6c64e6d63Vernon Schryver<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
87708bde16713bc02ff2598f4a82f98c699a2f2dMark Andrews<div class="navheader">
9fee08f655527a5dd849b171daeeee1dbbccca76Vernon Schryver<table width="100%" summary="Navigation header">
9fee08f655527a5dd849b171daeeee1dbbccca76Vernon Schryver<tr><th colspan="3" align="center"><span class="application">dnssec-dsfromkey</span></th></tr>
afaa290bb6acc504e93a0adbf20b6dd6c64e6d63Vernon Schryver<tr>
87708bde16713bc02ff2598f4a82f98c699a2f2dMark Andrews<td width="20%" align="left">
9fee08f655527a5dd849b171daeeee1dbbccca76Vernon Schryver<a accesskey="p" href="man.host.html">Prev</a>�</td>
87708bde16713bc02ff2598f4a82f98c699a2f2dMark Andrews<th width="60%" align="center">Manual pages</th>
afaa290bb6acc504e93a0adbf20b6dd6c64e6d63Vernon Schryver<td width="20%" align="right">�<a accesskey="n" href="man.dnssec-keyfromlabel.html">Next</a>
87708bde16713bc02ff2598f4a82f98c699a2f2dMark Andrews</td>
9fee08f655527a5dd849b171daeeee1dbbccca76Vernon Schryver</tr>
94315060c2b0d9deafabe72d6a0482405fd9d377Evan Hunt</table>
9fee08f655527a5dd849b171daeeee1dbbccca76Vernon Schryver<hr>
afaa290bb6acc504e93a0adbf20b6dd6c64e6d63Vernon Schryver</div>
9fee08f655527a5dd849b171daeeee1dbbccca76Vernon Schryver<div class="refentry" lang="en">
9fee08f655527a5dd849b171daeeee1dbbccca76Vernon Schryver<a name="man.dnssec-dsfromkey"></a><div class="titlepage"></div>
9fee08f655527a5dd849b171daeeee1dbbccca76Vernon Schryver<div class="refnamediv">
9fee08f655527a5dd849b171daeeee1dbbccca76Vernon Schryver<h2>Name</h2>
afaa290bb6acc504e93a0adbf20b6dd6c64e6d63Vernon Schryver<p><span class="application">dnssec-dsfromkey</span> &#8212; DNSSEC DS RR generation tool</p>
9fee08f655527a5dd849b171daeeee1dbbccca76Vernon Schryver</div>
9fee08f655527a5dd849b171daeeee1dbbccca76Vernon Schryver<div class="refsynopsisdiv">
9fee08f655527a5dd849b171daeeee1dbbccca76Vernon Schryver<h2>Synopsis</h2>
87708bde16713bc02ff2598f4a82f98c699a2f2dMark Andrews<div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code>  [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-1</code>] [<code class="option">-2</code>] [<code class="option">-a <em class="replaceable"><code>alg</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-T <em class="replaceable"><code>TTL</code></em></code>] {keyfile}</p></div>
9fee08f655527a5dd849b171daeeee1dbbccca76Vernon Schryver<div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code>  {-s} [<code class="option">-1</code>] [<code class="option">-2</code>] [<code class="option">-a <em class="replaceable"><code>alg</code></em></code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-s</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-T <em class="replaceable"><code>TTL</code></em></code>] [<code class="option">-f <em class="replaceable"><code>file</code></em></code>] [<code class="option">-A</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {dnsname}</p></div>
9fee08f655527a5dd849b171daeeee1dbbccca76Vernon Schryver</div>
94315060c2b0d9deafabe72d6a0482405fd9d377Evan Hunt<div class="refsect1" lang="en">
9fee08f655527a5dd849b171daeeee1dbbccca76Vernon Schryver<a name="id2612548"></a><h2>DESCRIPTION</h2>
9fee08f655527a5dd849b171daeeee1dbbccca76Vernon Schryver<p><span><strong class="command">dnssec-dsfromkey</strong></span>
75c622f53bdda9d2f69f05e06eaf7be01fc09a33Evan Hunt      outputs the Delegation Signer (DS) resource record (RR), as defined in
afaa290bb6acc504e93a0adbf20b6dd6c64e6d63Vernon Schryver      RFC 3658 and RFC 4509, for the given key(s).
afaa290bb6acc504e93a0adbf20b6dd6c64e6d63Vernon Schryver    </p>
afaa290bb6acc504e93a0adbf20b6dd6c64e6d63Vernon Schryver</div>
afaa290bb6acc504e93a0adbf20b6dd6c64e6d63Vernon Schryver<div class="refsect1" lang="en">
75c622f53bdda9d2f69f05e06eaf7be01fc09a33Evan Hunt<a name="id2612562"></a><h2>OPTIONS</h2>
75c622f53bdda9d2f69f05e06eaf7be01fc09a33Evan Hunt<div class="variablelist"><dl>
75c622f53bdda9d2f69f05e06eaf7be01fc09a33Evan Hunt<dt><span class="term">-1</span></dt>
75c622f53bdda9d2f69f05e06eaf7be01fc09a33Evan Hunt<dd><p>
75c622f53bdda9d2f69f05e06eaf7be01fc09a33Evan Hunt            Use SHA-1 as the digest algorithm (the default is to use
75c622f53bdda9d2f69f05e06eaf7be01fc09a33Evan Hunt            both SHA-1 and SHA-256).
421d4a06479e61fbdc35087f3c4abc9fe65ad72aEvan Hunt          </p></dd>
421d4a06479e61fbdc35087f3c4abc9fe65ad72aEvan Hunt<dt><span class="term">-2</span></dt>
421d4a06479e61fbdc35087f3c4abc9fe65ad72aEvan Hunt<dd><p>
421d4a06479e61fbdc35087f3c4abc9fe65ad72aEvan Hunt            Use SHA-256 as the digest algorithm.
421d4a06479e61fbdc35087f3c4abc9fe65ad72aEvan Hunt          </p></dd>
<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
<dd><p>
            Select the digest algorithm. The value of
            <code class="option">algorithm</code> must be one of SHA-1 (SHA1),
            SHA-256 (SHA256), GOST or SHA-384 (SHA384).
            These values are case insensitive.
          </p></dd>
<dt><span class="term">-T <em class="replaceable"><code>TTL</code></em></span></dt>
<dd><p>
            Specifies the TTL of the DS records.
          </p></dd>
<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
<dd><p>
            Look for key files (or, in keyset mode,
            <code class="filename">keyset-</code> files) in
            <code class="option">directory</code>.
          </p></dd>
<dt><span class="term">-f <em class="replaceable"><code>file</code></em></span></dt>
<dd>
<p>
            Zone file mode: in place of the keyfile name, the argument is
            the DNS domain name of a zone master file, which can be read
            from <code class="option">file</code>.  If the zone name is the same as
            <code class="option">file</code>, then it may be omitted.
          </p>
<p>
            If <code class="option">file</code> is set to <code class="literal">"-"</code>, then
            the zone data is read from the standard input.  This makes it
            possible to use the output of the <span><strong class="command">dig</strong></span>
            command as input, as in:
          </p>
<p>
            <strong class="userinput"><code>dig dnskey example.com | dnssec-dsfromkey -f - example.com</code></strong>
          </p>
</dd>
<dt><span class="term">-A</span></dt>
<dd><p>
            Include ZSK's when generating DS records.  Without this option,
            only keys which have the KSK flag set will be converted to DS
            records and printed.  Useful only in zone file mode.
          </p></dd>
<dt><span class="term">-l <em class="replaceable"><code>domain</code></em></span></dt>
<dd><p>
            Generate a DLV set instead of a DS set.  The specified
            <code class="option">domain</code> is appended to the name for each
            record in the set.
            The DNSSEC Lookaside Validation (DLV) RR is described
            in RFC 4431.
          </p></dd>
<dt><span class="term">-s</span></dt>
<dd><p>
            Keyset mode: in place of the keyfile name, the argument is
            the DNS domain name of a keyset file.
          </p></dd>
<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
<dd><p>
            Specifies the DNS class (default is IN).  Useful only
            in keyset or zone file mode.
          </p></dd>
<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
<dd><p>
            Sets the debugging level.
          </p></dd>
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2613547"></a><h2>EXAMPLE</h2>
<p>
      To build the SHA-256 DS RR from the
      <strong class="userinput"><code>Kexample.com.+003+26160</code></strong>
      keyfile name, the following command would be issued:
    </p>
<p><strong class="userinput"><code>dnssec-dsfromkey -2 Kexample.com.+003+26160</code></strong>
    </p>
<p>
      The command would print something like:
    </p>
<p><strong class="userinput"><code>example.com. IN DS 26160 5 2 3A1EADA7A74B8D0BA86726B0C227AA85AB8BBD2B2004F41A868A54F0 C5EA0B94</code></strong>
    </p>
</div>
<div class="refsect1" lang="en">
<a name="id2613584"></a><h2>FILES</h2>
<p>
      The keyfile can be designed by the key identification
      <code class="filename">Knnnn.+aaa+iiiii</code> or the full file name
      <code class="filename">Knnnn.+aaa+iiiii.key</code> as generated by
      <span class="refentrytitle">dnssec-keygen</span>(8).
    </p>
<p>
      The keyset file name is built from the <code class="option">directory</code>,
      the string <code class="filename">keyset-</code> and the
      <code class="option">dnsname</code>.
    </p>
</div>
<div class="refsect1" lang="en">
<a name="id2613625"></a><h2>CAVEAT</h2>
<p>
      A keyfile error can give a "file not found" even if the file exists.
    </p>
</div>
<div class="refsect1" lang="en">
<a name="id2613635"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
      <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
      <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
      <em class="citetitle">RFC 3658</em>,
      <em class="citetitle">RFC 4431</em>.
      <em class="citetitle">RFC 4509</em>.
    </p>
</div>
<div class="refsect1" lang="en">
<a name="id2613674"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
    </p>
</div>
</div>
<div class="navfooter">
<hr>
<table width="100%" summary="Navigation footer">
<tr>
<td width="40%" align="left">
<a accesskey="p" href="man.host.html">Prev</a>�</td>
<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch10.html">Up</a></td>
<td width="40%" align="right">�<a accesskey="n" href="man.dnssec-keyfromlabel.html">Next</a>
</td>
</tr>
<tr>
<td width="40%" align="left" valign="top">host�</td>
<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
<td width="40%" align="right" valign="top">�<span class="application">dnssec-keyfromlabel</span>
</td>
</tr>
</table>
</div>
</body>
</html>