doc/arm/man.dnssec-dsfromkey.html

	man.dnssec-dsfromkey.html revision f77c5a1336bc11ae235f1b91f1b7cbae1137c3e8
f39e126e990869e33a002763ec02aa0aeb06214aLennart Poettering<!--
f39e126e990869e33a002763ec02aa0aeb06214aLennart Poettering - Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
c2f1db8f83618e60dcded8303d14656d7d26b436Shawn Landden - Copyright (C) 2000-2003 Internet Software Consortium.
f39e126e990869e33a002763ec02aa0aeb06214aLennart Poettering -
f39e126e990869e33a002763ec02aa0aeb06214aLennart Poettering - Permission to use, copy, modify, and/or distribute this software for any
f39e126e990869e33a002763ec02aa0aeb06214aLennart Poettering - purpose with or without fee is hereby granted, provided that the above
f39e126e990869e33a002763ec02aa0aeb06214aLennart Poettering - copyright notice and this permission notice appear in all copies.
f39e126e990869e33a002763ec02aa0aeb06214aLennart Poettering -
f39e126e990869e33a002763ec02aa0aeb06214aLennart Poettering - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
f39e126e990869e33a002763ec02aa0aeb06214aLennart Poettering - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
5430f7f2bc7330f3088b894166bf3524a067e3d8Lennart Poettering - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
5430f7f2bc7330f3088b894166bf3524a067e3d8Lennart Poettering - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
f39e126e990869e33a002763ec02aa0aeb06214aLennart Poettering - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
f39e126e990869e33a002763ec02aa0aeb06214aLennart Poettering - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
f39e126e990869e33a002763ec02aa0aeb06214aLennart Poettering - PERFORMANCE OF THIS SOFTWARE.
f39e126e990869e33a002763ec02aa0aeb06214aLennart Poettering-->
f39e126e990869e33a002763ec02aa0aeb06214aLennart Poettering<!-- $Id: man.dnssec-dsfromkey.html,v 1.90 2011/08/04 01:14:42 tbox Exp $ -->
5430f7f2bc7330f3088b894166bf3524a067e3d8Lennart Poettering<html>
f39e126e990869e33a002763ec02aa0aeb06214aLennart Poettering<head>
5430f7f2bc7330f3088b894166bf3524a067e3d8Lennart Poettering<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
f39e126e990869e33a002763ec02aa0aeb06214aLennart Poettering<title>dnssec-dsfromkey</title>
f39e126e990869e33a002763ec02aa0aeb06214aLennart Poettering<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
f39e126e990869e33a002763ec02aa0aeb06214aLennart Poettering<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
f39e126e990869e33a002763ec02aa0aeb06214aLennart Poettering<link rel="up" href="Bv9ARM.ch10.html" title="Manual pages">
f39e126e990869e33a002763ec02aa0aeb06214aLennart Poettering<link rel="prev" href="man.host.html" title="host">
f39e126e990869e33a002763ec02aa0aeb06214aLennart Poettering<link rel="next" href="man.dnssec-keyfromlabel.html" title="dnssec-keyfromlabel">
f39e126e990869e33a002763ec02aa0aeb06214aLennart Poettering</head>
81527be142678057215665be66e4b3c8306a7ab3Lennart Poettering<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
81527be142678057215665be66e4b3c8306a7ab3Lennart Poettering<div class="navheader">
cbdca8525b4f36297cb9e5cb090a9648763ed1bfLennart Poettering<table width="100%" summary="Navigation header">
f39e126e990869e33a002763ec02aa0aeb06214aLennart Poettering<tr><th colspan="3" align="center"><span class="application">dnssec-dsfromkey</span></th></tr>
cbdca8525b4f36297cb9e5cb090a9648763ed1bfLennart Poettering<tr>
cbdca8525b4f36297cb9e5cb090a9648763ed1bfLennart Poettering<td width="20%" align="left">
cbdca8525b4f36297cb9e5cb090a9648763ed1bfLennart Poettering<a accesskey="p" href="man.host.html">Prev</a>�</td>
f39e126e990869e33a002763ec02aa0aeb06214aLennart Poettering<th width="60%" align="center">Manual pages</th>
a963990ff4ebc7908d3cf82bbd8cf34a42d57b7fLennart Poettering<td width="20%" align="right">�<a accesskey="n" href="man.dnssec-keyfromlabel.html">Next</a>
a963990ff4ebc7908d3cf82bbd8cf34a42d57b7fLennart Poettering</td>
a963990ff4ebc7908d3cf82bbd8cf34a42d57b7fLennart Poettering</tr>
cbdca8525b4f36297cb9e5cb090a9648763ed1bfLennart Poettering</table>
cbdca8525b4f36297cb9e5cb090a9648763ed1bfLennart Poettering<hr>
cbdca8525b4f36297cb9e5cb090a9648763ed1bfLennart Poettering</div>
cbdca8525b4f36297cb9e5cb090a9648763ed1bfLennart Poettering<div class="refentry" lang="en">
cbdca8525b4f36297cb9e5cb090a9648763ed1bfLennart Poettering<a name="man.dnssec-dsfromkey"></a><div class="titlepage"></div>
f39e126e990869e33a002763ec02aa0aeb06214aLennart Poettering<div class="refnamediv">
f39e126e990869e33a002763ec02aa0aeb06214aLennart Poettering<h2>Name</h2>
cbdca8525b4f36297cb9e5cb090a9648763ed1bfLennart Poettering<p><span class="application">dnssec-dsfromkey</span> &#8212; DNSSEC DS RR generation tool</p>
cbdca8525b4f36297cb9e5cb090a9648763ed1bfLennart Poettering</div>
cbdca8525b4f36297cb9e5cb090a9648763ed1bfLennart Poettering<div class="refsynopsisdiv">
cbdca8525b4f36297cb9e5cb090a9648763ed1bfLennart Poettering<h2>Synopsis</h2>
cbdca8525b4f36297cb9e5cb090a9648763ed1bfLennart Poettering<div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code>  [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-1</code>] [<code class="option">-2</code>] [<code class="option">-a <em class="replaceable"><code>alg</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] {keyfile}</p></div>
f39e126e990869e33a002763ec02aa0aeb06214aLennart Poettering<div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code>  {-s} [<code class="option">-1</code>] [<code class="option">-2</code>] [<code class="option">-a <em class="replaceable"><code>alg</code></em></code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-s</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>file</code></em></code>] [<code class="option">-A</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {dnsname}</p></div>
f39e126e990869e33a002763ec02aa0aeb06214aLennart Poettering</div>
4fd052aede13eb3041277c54ac2f5dee6e6c29cfFrederic Crozat<div class="refsect1" lang="en">
f39e126e990869e33a002763ec02aa0aeb06214aLennart Poettering<a name="id2612491"></a><h2>DESCRIPTION</h2>
cbdca8525b4f36297cb9e5cb090a9648763ed1bfLennart Poettering<p><span><strong class="command">dnssec-dsfromkey</strong></span>
cbdca8525b4f36297cb9e5cb090a9648763ed1bfLennart Poettering      outputs the Delegation Signer (DS) resource record (RR), as defined in
f39e126e990869e33a002763ec02aa0aeb06214aLennart Poettering      RFC 3658 and RFC 4509, for the given key(s).
f39e126e990869e33a002763ec02aa0aeb06214aLennart Poettering    </p>
cbdca8525b4f36297cb9e5cb090a9648763ed1bfLennart Poettering</div>
a3eb665e0c12df35e807611582e7332ebed325b1Lennart Poettering<div class="refsect1" lang="en">
cbdca8525b4f36297cb9e5cb090a9648763ed1bfLennart Poettering<a name="id2612505"></a><h2>OPTIONS</h2>
cbdca8525b4f36297cb9e5cb090a9648763ed1bfLennart Poettering<div class="variablelist"><dl>
a3eb665e0c12df35e807611582e7332ebed325b1Lennart Poettering<dt><span class="term">-1</span></dt>
a3eb665e0c12df35e807611582e7332ebed325b1Lennart Poettering<dd><p>
a3eb665e0c12df35e807611582e7332ebed325b1Lennart Poettering            Use SHA-1 as the digest algorithm (the default is to use
a87247dd5dc3892f858e920d09b16cc2a8b9b3c4Lennart Poettering            both SHA-1 and SHA-256).
a3eb665e0c12df35e807611582e7332ebed325b1Lennart Poettering          </p></dd>
a3eb665e0c12df35e807611582e7332ebed325b1Lennart Poettering<dt><span class="term">-2</span></dt>
a3eb665e0c12df35e807611582e7332ebed325b1Lennart Poettering<dd><p>
a87247dd5dc3892f858e920d09b16cc2a8b9b3c4Lennart Poettering            Use SHA-256 as the digest algorithm.
cbdca8525b4f36297cb9e5cb090a9648763ed1bfLennart Poettering          </p></dd>
cbdca8525b4f36297cb9e5cb090a9648763ed1bfLennart Poettering<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
a963990ff4ebc7908d3cf82bbd8cf34a42d57b7fLennart Poettering<dd><p>
cbdca8525b4f36297cb9e5cb090a9648763ed1bfLennart Poettering            Select the digest algorithm. The value of
f39e126e990869e33a002763ec02aa0aeb06214aLennart Poettering            <code class="option">algorithm</code> must be one of SHA-1 (SHA1),
f39e126e990869e33a002763ec02aa0aeb06214aLennart Poettering            SHA-256 (SHA256) or GOST. These values are case insensitive.
f39e126e990869e33a002763ec02aa0aeb06214aLennart Poettering          </p></dd>
f39e126e990869e33a002763ec02aa0aeb06214aLennart Poettering<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
f39e126e990869e33a002763ec02aa0aeb06214aLennart Poettering<dd><p>
f39e126e990869e33a002763ec02aa0aeb06214aLennart Poettering            Look for key files (or, in keyset mode,
f39e126e990869e33a002763ec02aa0aeb06214aLennart Poettering            <code class="filename">keyset-</code> files) in
f39e126e990869e33a002763ec02aa0aeb06214aLennart Poettering            <code class="option">directory</code>.
f39e126e990869e33a002763ec02aa0aeb06214aLennart Poettering          </p></dd>
f39e126e990869e33a002763ec02aa0aeb06214aLennart Poettering<dt><span class="term">-f <em class="replaceable"><code>file</code></em></span></dt>
f39e126e990869e33a002763ec02aa0aeb06214aLennart Poettering<dd>
f39e126e990869e33a002763ec02aa0aeb06214aLennart Poettering<p>
f39e126e990869e33a002763ec02aa0aeb06214aLennart Poettering            Zone file mode: in place of the keyfile name, the argument is
f39e126e990869e33a002763ec02aa0aeb06214aLennart Poettering            the DNS domain name of a zone master file, which can be read
a963990ff4ebc7908d3cf82bbd8cf34a42d57b7fLennart Poettering            from <code class="option">file</code>.  If the zone name is the same as
a963990ff4ebc7908d3cf82bbd8cf34a42d57b7fLennart Poettering            <code class="option">file</code>, then it may be omitted.
a963990ff4ebc7908d3cf82bbd8cf34a42d57b7fLennart Poettering          </p>
a963990ff4ebc7908d3cf82bbd8cf34a42d57b7fLennart Poettering<p>
a963990ff4ebc7908d3cf82bbd8cf34a42d57b7fLennart Poettering            If <code class="option">file</code> is set to <code class="literal">"-"</code>, then
a963990ff4ebc7908d3cf82bbd8cf34a42d57b7fLennart Poettering            the zone data is read from the standard input.  This makes it
a963990ff4ebc7908d3cf82bbd8cf34a42d57b7fLennart Poettering            possible to use the output of the <span><strong class="command">dig</strong></span>
f39e126e990869e33a002763ec02aa0aeb06214aLennart Poettering            command as input, as in:
f39e126e990869e33a002763ec02aa0aeb06214aLennart Poettering          </p>
f39e126e990869e33a002763ec02aa0aeb06214aLennart Poettering<p>
f39e126e990869e33a002763ec02aa0aeb06214aLennart Poettering            <strong class="userinput"><code>dig dnskey example.com | dnssec-dsfromkey -f - example.com</code></strong>
7827b1a10f4dfe2c6771b515f28f7ae22e0ae039Lennart Poettering          </p>
7827b1a10f4dfe2c6771b515f28f7ae22e0ae039Lennart Poettering</dd>
f39e126e990869e33a002763ec02aa0aeb06214aLennart Poettering<dt><span class="term">-A</span></dt>
16e9f408fa9a9626059bdd6c89dc175e06b9e976Lennart Poettering<dd><p>
f39e126e990869e33a002763ec02aa0aeb06214aLennart Poettering            Include ZSK's when generating DS records.  Without this option,
f39e126e990869e33a002763ec02aa0aeb06214aLennart Poettering            only keys which have the KSK flag set will be converted to DS
cbdca8525b4f36297cb9e5cb090a9648763ed1bfLennart Poettering            records and printed.  Useful only in zone file mode.
f39e126e990869e33a002763ec02aa0aeb06214aLennart Poettering          </p></dd>
f39e126e990869e33a002763ec02aa0aeb06214aLennart Poettering<dt><span class="term">-l <em class="replaceable"><code>domain</code></em></span></dt>
f39e126e990869e33a002763ec02aa0aeb06214aLennart Poettering<dd><p>
a963990ff4ebc7908d3cf82bbd8cf34a42d57b7fLennart Poettering            Generate a DLV set instead of a DS set.  The specified
a963990ff4ebc7908d3cf82bbd8cf34a42d57b7fLennart Poettering            <code class="option">domain</code> is appended to the name for each
a963990ff4ebc7908d3cf82bbd8cf34a42d57b7fLennart Poettering            record in the set.
f39e126e990869e33a002763ec02aa0aeb06214aLennart Poettering            The DNSSEC Lookaside Validation (DLV) RR is described
f39e126e990869e33a002763ec02aa0aeb06214aLennart Poettering            in RFC 4431.
cbdca8525b4f36297cb9e5cb090a9648763ed1bfLennart Poettering          </p></dd>
a963990ff4ebc7908d3cf82bbd8cf34a42d57b7fLennart Poettering<dt><span class="term">-s</span></dt>
a963990ff4ebc7908d3cf82bbd8cf34a42d57b7fLennart Poettering<dd><p>
3c1668da6202f1ead3d4d3981b89e9da1a0e98e3Lennart Poettering            Keyset mode: in place of the keyfile name, the argument is
3c1668da6202f1ead3d4d3981b89e9da1a0e98e3Lennart Poettering            the DNS domain name of a keyset file.
3c1668da6202f1ead3d4d3981b89e9da1a0e98e3Lennart Poettering          </p></dd>
3c1668da6202f1ead3d4d3981b89e9da1a0e98e3Lennart Poettering<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
85210bffd8363e491b4c31f2d09404f9869ad0c7Lennart Poettering<dd><p>
85210bffd8363e491b4c31f2d09404f9869ad0c7Lennart Poettering            Specifies the DNS class (default is IN).  Useful only
93b73b064c663d6248bebfbbbd82989b5ca10fc5Lennart Poettering            in keyset or zone file mode.
93b73b064c663d6248bebfbbbd82989b5ca10fc5Lennart Poettering          </p></dd>
f39e126e990869e33a002763ec02aa0aeb06214aLennart Poettering<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
f39e126e990869e33a002763ec02aa0aeb06214aLennart Poettering<dd><p>
cbdca8525b4f36297cb9e5cb090a9648763ed1bfLennart Poettering            Sets the debugging level.
dca6219e04505e9fa10b32e71059ce2abfae1dadLennart Poettering          </p></dd>
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2613473"></a><h2>EXAMPLE</h2>
<p>
      To build the SHA-256 DS RR from the
      <strong class="userinput"><code>Kexample.com.+003+26160</code></strong>
      keyfile name, the following command would be issued:
    </p>
<p><strong class="userinput"><code>dnssec-dsfromkey -2 Kexample.com.+003+26160</code></strong>
    </p>
<p>
      The command would print something like:
    </p>
<p><strong class="userinput"><code>example.com. IN DS 26160 5 2 3A1EADA7A74B8D0BA86726B0C227AA85AB8BBD2B2004F41A868A54F0 C5EA0B94</code></strong>
    </p>
</div>
<div class="refsect1" lang="en">
<a name="id2613509"></a><h2>FILES</h2>
<p>
      The keyfile can be designed by the key identification
      <code class="filename">Knnnn.+aaa+iiiii</code> or the full file name
      <code class="filename">Knnnn.+aaa+iiiii.key</code> as generated by
      <span class="refentrytitle">dnssec-keygen</span>(8).
    </p>
<p>
      The keyset file name is built from the <code class="option">directory</code>,
      the string <code class="filename">keyset-</code> and the
      <code class="option">dnsname</code>.
    </p>
</div>
<div class="refsect1" lang="en">
<a name="id2613550"></a><h2>CAVEAT</h2>
<p>
      A keyfile error can give a "file not found" even if the file exists.
    </p>
</div>
<div class="refsect1" lang="en">
<a name="id2613560"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
      <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
      <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
      <em class="citetitle">RFC 3658</em>,
      <em class="citetitle">RFC 4431</em>.
      <em class="citetitle">RFC 4509</em>.
    </p>
</div>
<div class="refsect1" lang="en">
<a name="id2613600"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
    </p>
</div>
</div>
<div class="navfooter">
<hr>
<table width="100%" summary="Navigation footer">
<tr>
<td width="40%" align="left">
<a accesskey="p" href="man.host.html">Prev</a>�</td>
<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch10.html">Up</a></td>
<td width="40%" align="right">�<a accesskey="n" href="man.dnssec-keyfromlabel.html">Next</a>
</td>
</tr>
<tr>
<td width="40%" align="left" valign="top">host�</td>
<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
<td width="40%" align="right" valign="top">�<span class="application">dnssec-keyfromlabel</span>
</td>
</tr>
</table>
</div>
</body>
</html>