man.dnssec-dsfromkey.html revision b6f3a9131ec5bff166be3efb172c0492e53f932b
fb84f9014321c5f33c4682de5661b579fcde318fAndreas Gustafsson - Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
c71b045cdb935188b3781f6da8039d7bdbc51ad5Tinderbox User - Copyright (C) 2000-2003 Internet Software Consortium.
5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User - Permission to use, copy, modify, and/or distribute this software for any
5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User - purpose with or without fee is hereby granted, provided that the above
5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User - copyright notice and this permission notice appear in all copies.
d6fa26d0adaec6c910115be34fe7a5a5f402c14fMark Andrews - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User - PERFORMANCE OF THIS SOFTWARE.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<!-- $Id: man.dnssec-dsfromkey.html,v 1.65 2010/12/17 01:14:02 tbox Exp $ -->
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<link rel="up" href="Bv9ARM.ch10.html" title="Manual pages">
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<link rel="prev" href="man.host.html" title="host">
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<link rel="next" href="man.dnssec-keyfromlabel.html" title="dnssec-keyfromlabel">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<table width="100%" summary="Navigation header">
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<tr><th colspan="3" align="center"><span class="application">dnssec-dsfromkey</span></th></tr>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<a accesskey="p" href="man.host.html">Prev</a>�</td>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<th width="60%" align="center">Manual pages</th>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<td width="20%" align="right">�<a accesskey="n" href="man.dnssec-keyfromlabel.html">Next</a>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<a name="man.dnssec-dsfromkey"></a><div class="titlepage"></div>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<p><span class="application">dnssec-dsfromkey</span> — DNSSEC DS RR generation tool</p>
9700e6d72c3ba0d0c567969ab97d9eff202656d4Tinderbox User<div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code> [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-1</code>] [<code class="option">-2</code>] [<code class="option">-a <em class="replaceable"><code>alg</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] {keyfile}</p></div>
9700e6d72c3ba0d0c567969ab97d9eff202656d4Tinderbox User<div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code> {-s} [<code class="option">-1</code>] [<code class="option">-2</code>] [<code class="option">-a <em class="replaceable"><code>alg</code></em></code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-s</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>file</code></em></code>] [<code class="option">-A</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {dnsname}</p></div>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<p><span><strong class="command">dnssec-dsfromkey</strong></span>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User outputs the Delegation Signer (DS) resource record (RR), as defined in
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User RFC 3658 and RFC 4509, for the given key(s).
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User Use SHA-1 as the digest algorithm (the default is to use
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User both SHA-1 and SHA-256).
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User Use SHA-256 as the digest algorithm.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Select the digest algorithm. The value of
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <code class="option">algorithm</code> must be one of SHA-1 (SHA1) or
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User SHA-256 (SHA256). These values are case insensitive.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Look for key files (or, in keyset mode,
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <code class="filename">keyset-</code> files) in
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="term">-f <em class="replaceable"><code>file</code></em></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Zone file mode: in place of the keyfile name, the argument is
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein the DNS domain name of a zone master file, which can be read
d71e2e0c61df16ff37c9934c371a4a60c08974f7Mark Andrews from <code class="option">file</code>. If the zone name is the same as
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User <code class="option">file</code>, then it may be omitted.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User Include ZSK's when generating DS records. Without this option,
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User only keys which have the KSK flag set will be converted to DS
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein records and printed. Useful only in zone file mode.
03c0efc6892ef2ed17338b2ecbb2c5f23fbad0c9Tinderbox User<dt><span class="term">-l <em class="replaceable"><code>domain</code></em></span></dt>
d8620c7234281056fdfd2ee40cf16636b8281092Tinderbox User Generate a DLV set instead of a DS set. The specified
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <code class="option">domain</code> is appended to the name for each
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User record in the set.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User The DNSSEC Lookaside Validation (DLV) RR is described
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User Keyset mode: in place of the keyfile name, the argument is
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User the DNS domain name of a keyset file.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Specifies the DNS class (default is IN). Useful only
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User in keyset or zone file mode.
b3cbb2f1ad021349e89807f3492df6e4e679cd56Mark Andrews<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
9d557856c2a19ec95ee73245f60a92f8675cf5baTinderbox User Sets the debugging level.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User To build the SHA-256 DS RR from the
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <strong class="userinput"><code>Kexample.com.+003+26160</code></strong>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User keyfile name, the following command would be issued:
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<p><strong class="userinput"><code>dnssec-dsfromkey -2 Kexample.com.+003+26160</code></strong>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein The command would print something like:
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p><strong class="userinput"><code>example.com. IN DS 26160 5 2 3A1EADA7A74B8D0BA86726B0C227AA85AB8BBD2B2004F41A868A54F0 C5EA0B94</code></strong>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User The keyfile can be designed by the key identification
6bcac4b58d16ee91184a72bd4ff05c41538fd932Tinderbox User <code class="filename">Knnnn.+aaa+iiiii</code> or the full file name
6bcac4b58d16ee91184a72bd4ff05c41538fd932Tinderbox User <code class="filename">Knnnn.+aaa+iiiii.key</code> as generated by
6bcac4b58d16ee91184a72bd4ff05c41538fd932Tinderbox User <span class="refentrytitle">dnssec-keygen</span>(8).
6bcac4b58d16ee91184a72bd4ff05c41538fd932Tinderbox User The keyset file name is built from the <code class="option">directory</code>,
6bcac4b58d16ee91184a72bd4ff05c41538fd932Tinderbox User the string <code class="filename">keyset-</code> and the
6bcac4b58d16ee91184a72bd4ff05c41538fd932Tinderbox User A keyfile error can give a "file not found" even if the file exists.
6bcac4b58d16ee91184a72bd4ff05c41538fd932Tinderbox User<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
6bcac4b58d16ee91184a72bd4ff05c41538fd932Tinderbox User <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<p><span class="corpauthor">Internet Systems Consortium</span>
6bcac4b58d16ee91184a72bd4ff05c41538fd932Tinderbox User<table width="100%" summary="Navigation footer">
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<a accesskey="p" href="man.host.html">Prev</a>�</td>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch10.html">Up</a></td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td width="40%" align="right">�<a accesskey="n" href="man.dnssec-keyfromlabel.html">Next</a>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<td width="40%" align="left" valign="top">host�</td>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<td width="40%" align="right" valign="top">�<span class="application">dnssec-keyfromlabel</span>