man.dnssec-importkey.html revision a8a5c3eb62ea3256fd015fffd12a8a7552331df9
21d1aaa1db4fde9bcad8256491ab72421651aa85Trond Norbye - Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
21d1aaa1db4fde9bcad8256491ab72421651aa85Trond Norbye - Copyright (C) 2000-2003 Internet Software Consortium.
21d1aaa1db4fde9bcad8256491ab72421651aa85Trond Norbye - Permission to use, copy, modify, and/or distribute this software for any
21d1aaa1db4fde9bcad8256491ab72421651aa85Trond Norbye - purpose with or without fee is hereby granted, provided that the above
21d1aaa1db4fde9bcad8256491ab72421651aa85Trond Norbye - copyright notice and this permission notice appear in all copies.
21d1aaa1db4fde9bcad8256491ab72421651aa85Trond Norbye - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
21d1aaa1db4fde9bcad8256491ab72421651aa85Trond Norbye - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
21d1aaa1db4fde9bcad8256491ab72421651aa85Trond Norbye - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
21d1aaa1db4fde9bcad8256491ab72421651aa85Trond Norbye - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
21d1aaa1db4fde9bcad8256491ab72421651aa85Trond Norbye - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
21d1aaa1db4fde9bcad8256491ab72421651aa85Trond Norbye - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
21d1aaa1db4fde9bcad8256491ab72421651aa85Trond Norbye - PERFORMANCE OF THIS SOFTWARE.
21d1aaa1db4fde9bcad8256491ab72421651aa85Trond Norbye<!-- $Id$ -->
21d1aaa1db4fde9bcad8256491ab72421651aa85Trond Norbye<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
21d1aaa1db4fde9bcad8256491ab72421651aa85Trond Norbye<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
21d1aaa1db4fde9bcad8256491ab72421651aa85Trond Norbye<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
21d1aaa1db4fde9bcad8256491ab72421651aa85Trond Norbye<link rel="up" href="Bv9ARM.ch10.html" title="Manual pages">
21d1aaa1db4fde9bcad8256491ab72421651aa85Trond Norbye<link rel="prev" href="man.dnssec-dsfromkey.html" title="dnssec-dsfromkey">
20a0bde399487a651cdeb66fc8b44b2212036355Trond Norbye<link rel="next" href="man.dnssec-keyfromlabel.html" title="dnssec-keyfromlabel">
20a0bde399487a651cdeb66fc8b44b2212036355Trond Norbye<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
20a0bde399487a651cdeb66fc8b44b2212036355Trond Norbye<table width="100%" summary="Navigation header">
8739a8f4d16d06ac76f16ec8b80837cfd2448490Trond Norbye<tr><th colspan="3" align="center"><span class="application">dnssec-importkey</span></th></tr>
20a0bde399487a651cdeb66fc8b44b2212036355Trond Norbye<a accesskey="p" href="man.dnssec-dsfromkey.html">Prev</a>�</td>
20a0bde399487a651cdeb66fc8b44b2212036355Trond Norbye<th width="60%" align="center">Manual pages</th>
20a0bde399487a651cdeb66fc8b44b2212036355Trond Norbye<td width="20%" align="right">�<a accesskey="n" href="man.dnssec-keyfromlabel.html">Next</a>
20a0bde399487a651cdeb66fc8b44b2212036355Trond Norbye<a name="man.dnssec-importkey"></a><div class="titlepage"></div>
21d1aaa1db4fde9bcad8256491ab72421651aa85Trond Norbye<p><span class="application">dnssec-importkey</span> — Import DNSKEY records from external systems so they can be managed.</p>
ef04451832b2553303ae511b4c09ed332eb4c06aKnut Anders Hatlen<div class="cmdsynopsis"><p><code class="command">dnssec-importkey</code> [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-h</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] {<code class="option">keyfile</code>}</p></div>
20a0bde399487a651cdeb66fc8b44b2212036355Trond Norbye<div class="cmdsynopsis"><p><code class="command">dnssec-importkey</code> {<code class="option">-f <em class="replaceable"><code>filename</code></em></code>} [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-h</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] [<code class="option">dnsname</code>]</p></div>
e372bd6df6fcf2bc7f7c925fe702a9e62fd7c466Trond Norbye<p><span><strong class="command">dnssec-importkey</strong></span>
8247ba75ae77540a334b19527df7d963265c590bTrond Norbye reads a public DNSKEY record and generates a pair of
20a0bde399487a651cdeb66fc8b44b2212036355Trond Norbye .key/.private files. The DNSKEY record may be read from an
20a0bde399487a651cdeb66fc8b44b2212036355Trond Norbye existing .key file, in which case a corresponding .private file
20a0bde399487a651cdeb66fc8b44b2212036355Trond Norbye will be generated, or it may be read from any other file or
20a0bde399487a651cdeb66fc8b44b2212036355Trond Norbye from the standard input, in which case both .key and .private
8247ba75ae77540a334b19527df7d963265c590bTrond Norbye files will be generated.
20a0bde399487a651cdeb66fc8b44b2212036355Trond Norbye The newly-created .private file does <span class="emphasis"><em>not</em></span>
20a0bde399487a651cdeb66fc8b44b2212036355Trond Norbye contain private key data, and cannot be used for signing.
f60d84bfe9ece4779c642dfe4849acd35ade9388Trond Norbye However, having a .private file makes it possible to set
f60d84bfe9ece4779c642dfe4849acd35ade9388Trond Norbye publication (<code class="option">-P</code>) and deletion
f60d84bfe9ece4779c642dfe4849acd35ade9388Trond Norbye (<code class="option">-D</code>) times for the key, which means the
f60d84bfe9ece4779c642dfe4849acd35ade9388Trond Norbye public key can be added to and removed from the DNSKEY RRset
20a0bde399487a651cdeb66fc8b44b2212036355Trond Norbye on schedule even if the true private key is stored offline.
20a0bde399487a651cdeb66fc8b44b2212036355Trond Norbye<dt><span class="term">-f <em class="replaceable"><code>filename</code></em></span></dt>
20a0bde399487a651cdeb66fc8b44b2212036355Trond Norbye Zone file mode: instead of a public keyfile name, the argument
20a0bde399487a651cdeb66fc8b44b2212036355Trond Norbye is the DNS domain name of a zone master file, which can be read
20a0bde399487a651cdeb66fc8b44b2212036355Trond Norbye from <code class="option">file</code>. If the domain name is the same as
20a0bde399487a651cdeb66fc8b44b2212036355Trond Norbye <code class="option">file</code>, then it may be omitted.
8247ba75ae77540a334b19527df7d963265c590bTrond Norbye If <code class="option">file</code> is set to <code class="literal">"-"</code>, then
cfb5c66ccd74f4bcab7168acea8daec98f1b39e7Jorgen Austvik the zone data is read from the standard input.
8247ba75ae77540a334b19527df7d963265c590bTrond Norbye<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
bd4999e099547832430739402d07284e957f32ddTrond Norbye Sets the directory in which the key files are to reside.
bd4999e099547832430739402d07284e957f32ddTrond Norbye<dt><span class="term">-L <em class="replaceable"><code>ttl</code></em></span></dt>
20a0bde399487a651cdeb66fc8b44b2212036355Trond Norbye Sets the default TTL to use for this key when it is converted
20a0bde399487a651cdeb66fc8b44b2212036355Trond Norbye into a DNSKEY RR. If the key is imported into a zone,
bd4999e099547832430739402d07284e957f32ddTrond Norbye this is the TTL that will be used for it, unless there was
bd4999e099547832430739402d07284e957f32ddTrond Norbye already a DNSKEY RRset in place, in which case the existing TTL
bd4999e099547832430739402d07284e957f32ddTrond Norbye would take precedence. Setting the default TTL to
bd4999e099547832430739402d07284e957f32ddTrond Norbye <code class="literal">0</code> or <code class="literal">none</code> removes it.
bd4999e099547832430739402d07284e957f32ddTrond Norbye Emit usage message and exit.
bd4999e099547832430739402d07284e957f32ddTrond Norbye<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
bd4999e099547832430739402d07284e957f32ddTrond Norbye Sets the debugging level.
20a0bde399487a651cdeb66fc8b44b2212036355Trond Norbye Prints version information.
bd4999e099547832430739402d07284e957f32ddTrond Norbye Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
bd4999e099547832430739402d07284e957f32ddTrond Norbye If the argument begins with a '+' or '-', it is interpreted as
bd4999e099547832430739402d07284e957f32ddTrond Norbye an offset from the present time. For convenience, if such an offset
bd4999e099547832430739402d07284e957f32ddTrond Norbye is followed by one of the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi',
20a0bde399487a651cdeb66fc8b44b2212036355Trond Norbye then the offset is computed in years (defined as 365 24-hour days,
bd4999e099547832430739402d07284e957f32ddTrond Norbye ignoring leap years), months (defined as 30 24-hour days), weeks,
bd4999e099547832430739402d07284e957f32ddTrond Norbye days, hours, or minutes, respectively. Without a suffix, the offset
bd4999e099547832430739402d07284e957f32ddTrond Norbye is computed in seconds. To explicitly prevent a date from being
8247ba75ae77540a334b19527df7d963265c590bTrond Norbye set, use 'none' or 'never'.
8247ba75ae77540a334b19527df7d963265c590bTrond Norbye<dt><span class="term">-P <em class="replaceable"><code>date/offset</code></em></span></dt>
68a986af15f28e9fd0bdcac5af761097740b21aaJorgen Austvik Sets the date on which a key is to be published to the zone.
68a986af15f28e9fd0bdcac5af761097740b21aaJorgen Austvik After that date, the key will be included in the zone but will
68a986af15f28e9fd0bdcac5af761097740b21aaJorgen Austvik not be used to sign it.
68a986af15f28e9fd0bdcac5af761097740b21aaJorgen Austvik<dt><span class="term">-D <em class="replaceable"><code>date/offset</code></em></span></dt>
68a986af15f28e9fd0bdcac5af761097740b21aaJorgen Austvik Sets the date on which the key is to be deleted. After that
20a0bde399487a651cdeb66fc8b44b2212036355Trond Norbye date, the key will no longer be included in the zone. (It
68a986af15f28e9fd0bdcac5af761097740b21aaJorgen Austvik may remain in the key repository, however.)
68a986af15f28e9fd0bdcac5af761097740b21aaJorgen Austvik A keyfile can be designed by the key identification
68a986af15f28e9fd0bdcac5af761097740b21aaJorgen Austvik <code class="filename">Knnnn.+aaa+iiiii</code> or the full file name
68a986af15f28e9fd0bdcac5af761097740b21aaJorgen Austvik <code class="filename">Knnnn.+aaa+iiiii.key</code> as generated by
68a986af15f28e9fd0bdcac5af761097740b21aaJorgen Austvik <span class="refentrytitle">dnssec-keygen</span>(8).
21d1aaa1db4fde9bcad8256491ab72421651aa85Trond Norbye<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
f047d5a360b7e2a2d0f3f72611a1cee970baa6fcTrond Norbye <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
f047d5a360b7e2a2d0f3f72611a1cee970baa6fcTrond Norbye <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
bd4999e099547832430739402d07284e957f32ddTrond Norbye<p><span class="corpauthor">Internet Systems Consortium</span>
bd4999e099547832430739402d07284e957f32ddTrond Norbye<table width="100%" summary="Navigation footer">
20a0bde399487a651cdeb66fc8b44b2212036355Trond Norbye<a accesskey="p" href="man.dnssec-dsfromkey.html">Prev</a>�</td>
f047d5a360b7e2a2d0f3f72611a1cee970baa6fcTrond Norbye<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch10.html">Up</a></td>
f047d5a360b7e2a2d0f3f72611a1cee970baa6fcTrond Norbye<td width="40%" align="right">�<a accesskey="n" href="man.dnssec-keyfromlabel.html">Next</a>
21d1aaa1db4fde9bcad8256491ab72421651aa85Trond Norbye<span class="application">dnssec-dsfromkey</span>�</td>
21d1aaa1db4fde9bcad8256491ab72421651aa85Trond Norbye<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
1088c21d4f10d85cf7094adbd80c4b9697e833a9Dan Price<td width="40%" align="right" valign="top">�<span class="application">dnssec-keyfromlabel</span>
20a0bde399487a651cdeb66fc8b44b2212036355Trond Norbye<p style="text-align: center;">BIND Version 9.11</p>