man.dnssec-importkey.html revision 10b865e9187fc77cae02f106ddcc9e03eecdfe06
7aec1d6e253b21f9e9b7ef68b4d81ab9859b51fecindi - Copyright (C) 2004-2015 Internet Systems Consortium, Inc. ("ISC")
7aec1d6e253b21f9e9b7ef68b4d81ab9859b51fecindi - Copyright (C) 2000-2003 Internet Software Consortium.
7aec1d6e253b21f9e9b7ef68b4d81ab9859b51fecindi - Permission to use, copy, modify, and/or distribute this software for any
7aec1d6e253b21f9e9b7ef68b4d81ab9859b51fecindi - purpose with or without fee is hereby granted, provided that the above
7aec1d6e253b21f9e9b7ef68b4d81ab9859b51fecindi - copyright notice and this permission notice appear in all copies.
7aec1d6e253b21f9e9b7ef68b4d81ab9859b51fecindi - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
7aec1d6e253b21f9e9b7ef68b4d81ab9859b51fecindi - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
7aec1d6e253b21f9e9b7ef68b4d81ab9859b51fecindi - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
7aec1d6e253b21f9e9b7ef68b4d81ab9859b51fecindi - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
7aec1d6e253b21f9e9b7ef68b4d81ab9859b51fecindi - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
7aec1d6e253b21f9e9b7ef68b4d81ab9859b51fecindi - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
7aec1d6e253b21f9e9b7ef68b4d81ab9859b51fecindi - PERFORMANCE OF THIS SOFTWARE.
7aec1d6e253b21f9e9b7ef68b4d81ab9859b51fecindi<!-- $Id$ -->
7aec1d6e253b21f9e9b7ef68b4d81ab9859b51fecindi<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
7aec1d6e253b21f9e9b7ef68b4d81ab9859b51fecindi<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
12cc75c814f0c017004a9bbc96429911e008601bcindi<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
7aec1d6e253b21f9e9b7ef68b4d81ab9859b51fecindi<link rel="up" href="Bv9ARM.ch13.html" title="Manual pages">
7aec1d6e253b21f9e9b7ef68b4d81ab9859b51fecindi<link rel="prev" href="man.dnssec-dsfromkey.html" title="dnssec-dsfromkey">
7aec1d6e253b21f9e9b7ef68b4d81ab9859b51fecindi<link rel="next" href="man.dnssec-keyfromlabel.html" title="dnssec-keyfromlabel">
7aec1d6e253b21f9e9b7ef68b4d81ab9859b51fecindi<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
7aec1d6e253b21f9e9b7ef68b4d81ab9859b51fecindi<tr><th colspan="3" align="center"><span class="application">dnssec-importkey</span></th></tr>
7aec1d6e253b21f9e9b7ef68b4d81ab9859b51fecindi<a accesskey="p" href="man.dnssec-dsfromkey.html">Prev</a>�</td>
0eb822a1c0c2bea495647510b75f77f0e57633ebcindi<td width="20%" align="right">�<a accesskey="n" href="man.dnssec-keyfromlabel.html">Next</a>
7aec1d6e253b21f9e9b7ef68b4d81ab9859b51fecindi<a name="man.dnssec-importkey"></a><div class="titlepage"></div>
7aec1d6e253b21f9e9b7ef68b4d81ab9859b51fecindi<p><span class="application">dnssec-importkey</span> — Import DNSKEY records from external systems so they can be managed.</p>
7aec1d6e253b21f9e9b7ef68b4d81ab9859b51fecindi<div class="cmdsynopsis"><p><code class="command">dnssec-importkey</code> [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-h</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] {<code class="option">keyfile</code>}</p></div>
7aec1d6e253b21f9e9b7ef68b4d81ab9859b51fecindi<div class="cmdsynopsis"><p><code class="command">dnssec-importkey</code> {<code class="option">-f <em class="replaceable"><code>filename</code></em></code>} [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-h</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] [<code class="option">dnsname</code>]</p></div>
724365f7556fc4201fdb11766ebc6bd918523130sethg<p><span><strong class="command">dnssec-importkey</strong></span>
7aec1d6e253b21f9e9b7ef68b4d81ab9859b51fecindi reads a public DNSKEY record and generates a pair of
724365f7556fc4201fdb11766ebc6bd918523130sethg .key/.private files. The DNSKEY record may be read from an
7aec1d6e253b21f9e9b7ef68b4d81ab9859b51fecindi existing .key file, in which case a corresponding .private file
7aec1d6e253b21f9e9b7ef68b4d81ab9859b51fecindi will be generated, or it may be read from any other file or
7aec1d6e253b21f9e9b7ef68b4d81ab9859b51fecindi from the standard input, in which case both .key and .private
724365f7556fc4201fdb11766ebc6bd918523130sethg files will be generated.
7aec1d6e253b21f9e9b7ef68b4d81ab9859b51fecindi The newly-created .private file does <span class="emphasis"><em>not</em></span>
7aec1d6e253b21f9e9b7ef68b4d81ab9859b51fecindi contain private key data, and cannot be used for signing.
7aec1d6e253b21f9e9b7ef68b4d81ab9859b51fecindi However, having a .private file makes it possible to set
724365f7556fc4201fdb11766ebc6bd918523130sethg publication (<code class="option">-P</code>) and deletion
7aec1d6e253b21f9e9b7ef68b4d81ab9859b51fecindi (<code class="option">-D</code>) times for the key, which means the
7aec1d6e253b21f9e9b7ef68b4d81ab9859b51fecindi public key can be added to and removed from the DNSKEY RRset
724365f7556fc4201fdb11766ebc6bd918523130sethg on schedule even if the true private key is stored offline.
724365f7556fc4201fdb11766ebc6bd918523130sethg<dt><span class="term">-f <em class="replaceable"><code>filename</code></em></span></dt>
7aec1d6e253b21f9e9b7ef68b4d81ab9859b51fecindi Zone file mode: instead of a public keyfile name, the argument
724365f7556fc4201fdb11766ebc6bd918523130sethg is the DNS domain name of a zone master file, which can be read
7aec1d6e253b21f9e9b7ef68b4d81ab9859b51fecindi from <code class="option">file</code>. If the domain name is the same as
7aec1d6e253b21f9e9b7ef68b4d81ab9859b51fecindi <code class="option">file</code>, then it may be omitted.
0eb822a1c0c2bea495647510b75f77f0e57633ebcindi If <code class="option">file</code> is set to <code class="literal">"-"</code>, then
7aec1d6e253b21f9e9b7ef68b4d81ab9859b51fecindi the zone data is read from the standard input.
724365f7556fc4201fdb11766ebc6bd918523130sethg<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
7aec1d6e253b21f9e9b7ef68b4d81ab9859b51fecindi Sets the directory in which the key files are to reside.
7aec1d6e253b21f9e9b7ef68b4d81ab9859b51fecindi<dt><span class="term">-L <em class="replaceable"><code>ttl</code></em></span></dt>
7aec1d6e253b21f9e9b7ef68b4d81ab9859b51fecindi Sets the default TTL to use for this key when it is converted
7aec1d6e253b21f9e9b7ef68b4d81ab9859b51fecindi into a DNSKEY RR. If the key is imported into a zone,
7aec1d6e253b21f9e9b7ef68b4d81ab9859b51fecindi this is the TTL that will be used for it, unless there was
7aec1d6e253b21f9e9b7ef68b4d81ab9859b51fecindi already a DNSKEY RRset in place, in which case the existing TTL
7aec1d6e253b21f9e9b7ef68b4d81ab9859b51fecindi would take precedence. Setting the default TTL to
7aec1d6e253b21f9e9b7ef68b4d81ab9859b51fecindi <code class="literal">0</code> or <code class="literal">none</code> removes it.
7aec1d6e253b21f9e9b7ef68b4d81ab9859b51fecindi Emit usage message and exit.
7aec1d6e253b21f9e9b7ef68b4d81ab9859b51fecindi<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
7aec1d6e253b21f9e9b7ef68b4d81ab9859b51fecindi Sets the debugging level.
7aec1d6e253b21f9e9b7ef68b4d81ab9859b51fecindi Prints version information.
7aec1d6e253b21f9e9b7ef68b4d81ab9859b51fecindi Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
7aec1d6e253b21f9e9b7ef68b4d81ab9859b51fecindi If the argument begins with a '+' or '-', it is interpreted as
7aec1d6e253b21f9e9b7ef68b4d81ab9859b51fecindi an offset from the present time. For convenience, if such an offset
7aec1d6e253b21f9e9b7ef68b4d81ab9859b51fecindi is followed by one of the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi',
7aec1d6e253b21f9e9b7ef68b4d81ab9859b51fecindi then the offset is computed in years (defined as 365 24-hour days,
0eb822a1c0c2bea495647510b75f77f0e57633ebcindi ignoring leap years), months (defined as 30 24-hour days), weeks,
7aec1d6e253b21f9e9b7ef68b4d81ab9859b51fecindi days, hours, or minutes, respectively. Without a suffix, the offset
7aec1d6e253b21f9e9b7ef68b4d81ab9859b51fecindi is computed in seconds. To explicitly prevent a date from being
7aec1d6e253b21f9e9b7ef68b4d81ab9859b51fecindi set, use 'none' or 'never'.
7aec1d6e253b21f9e9b7ef68b4d81ab9859b51fecindi<dt><span class="term">-P <em class="replaceable"><code>date/offset</code></em></span></dt>
0eb822a1c0c2bea495647510b75f77f0e57633ebcindi Sets the date on which a key is to be published to the zone.
724365f7556fc4201fdb11766ebc6bd918523130sethg After that date, the key will be included in the zone but will
7aec1d6e253b21f9e9b7ef68b4d81ab9859b51fecindi not be used to sign it.
0eb822a1c0c2bea495647510b75f77f0e57633ebcindi<dt><span class="term">-D <em class="replaceable"><code>date/offset</code></em></span></dt>
7aec1d6e253b21f9e9b7ef68b4d81ab9859b51fecindi Sets the date on which the key is to be deleted. After that
7aec1d6e253b21f9e9b7ef68b4d81ab9859b51fecindi date, the key will no longer be included in the zone. (It
7aec1d6e253b21f9e9b7ef68b4d81ab9859b51fecindi may remain in the key repository, however.)
7aec1d6e253b21f9e9b7ef68b4d81ab9859b51fecindi A keyfile can be designed by the key identification
7aec1d6e253b21f9e9b7ef68b4d81ab9859b51fecindi <code class="filename">Knnnn.+aaa+iiiii</code> or the full file name
7aec1d6e253b21f9e9b7ef68b4d81ab9859b51fecindi <code class="filename">Knnnn.+aaa+iiiii.key</code> as generated by
0eb822a1c0c2bea495647510b75f77f0e57633ebcindi<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
7aec1d6e253b21f9e9b7ef68b4d81ab9859b51fecindi <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
0eb822a1c0c2bea495647510b75f77f0e57633ebcindi <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
7aec1d6e253b21f9e9b7ef68b4d81ab9859b51fecindi<p><span class="corpauthor">Internet Systems Consortium</span>
724365f7556fc4201fdb11766ebc6bd918523130sethg<a accesskey="p" href="man.dnssec-dsfromkey.html">Prev</a>�</td>
0eb822a1c0c2bea495647510b75f77f0e57633ebcindi<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch13.html">Up</a></td>
7aec1d6e253b21f9e9b7ef68b4d81ab9859b51fecindi<td width="40%" align="right">�<a accesskey="n" href="man.dnssec-keyfromlabel.html">Next</a>
7aec1d6e253b21f9e9b7ef68b4d81ab9859b51fecindi<span class="application">dnssec-dsfromkey</span>�</td>
7aec1d6e253b21f9e9b7ef68b4d81ab9859b51fecindi<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
7aec1d6e253b21f9e9b7ef68b4d81ab9859b51fecindi<td width="40%" align="right" valign="top">�<span class="application">dnssec-keyfromlabel</span>
7aec1d6e253b21f9e9b7ef68b4d81ab9859b51fecindi<p style="text-align: center;">BIND 9.11.0pre-alpha</p>