man.dnssec-importkey.html revision de283bda6a902c2102a795192eeab3a769001c7d
ba8183e1a0c699f5b5131a03e157fc7e39ed3009vboxsync - Copyright (C) 2004-2015 Internet Systems Consortium, Inc. ("ISC")
ba8183e1a0c699f5b5131a03e157fc7e39ed3009vboxsync - Copyright (C) 2000-2003 Internet Software Consortium.
ba8183e1a0c699f5b5131a03e157fc7e39ed3009vboxsync - Permission to use, copy, modify, and/or distribute this software for any
ba8183e1a0c699f5b5131a03e157fc7e39ed3009vboxsync - purpose with or without fee is hereby granted, provided that the above
2b821db1fc1a1e0641081be52d2c044ebc24c8bcvboxsync - copyright notice and this permission notice appear in all copies.
ba8183e1a0c699f5b5131a03e157fc7e39ed3009vboxsync - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
ba8183e1a0c699f5b5131a03e157fc7e39ed3009vboxsync - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
ba8183e1a0c699f5b5131a03e157fc7e39ed3009vboxsync - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
ba8183e1a0c699f5b5131a03e157fc7e39ed3009vboxsync - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
ba8183e1a0c699f5b5131a03e157fc7e39ed3009vboxsync - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
ba8183e1a0c699f5b5131a03e157fc7e39ed3009vboxsync - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
ba8183e1a0c699f5b5131a03e157fc7e39ed3009vboxsync - PERFORMANCE OF THIS SOFTWARE.
ba8183e1a0c699f5b5131a03e157fc7e39ed3009vboxsync<!-- $Id$ -->
ba8183e1a0c699f5b5131a03e157fc7e39ed3009vboxsync<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
ba8183e1a0c699f5b5131a03e157fc7e39ed3009vboxsync<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
81afddc2a9738b6bde1c1c01db0cf62eed9e6b04vboxsync<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
ba8183e1a0c699f5b5131a03e157fc7e39ed3009vboxsync<link rel="up" href="Bv9ARM.ch13.html" title="Manual pages">
ba8183e1a0c699f5b5131a03e157fc7e39ed3009vboxsync<link rel="prev" href="man.dnssec-dsfromkey.html" title="dnssec-dsfromkey">
ba8183e1a0c699f5b5131a03e157fc7e39ed3009vboxsync<link rel="next" href="man.dnssec-keyfromlabel.html" title="dnssec-keyfromlabel">
ba8183e1a0c699f5b5131a03e157fc7e39ed3009vboxsync<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
2b821db1fc1a1e0641081be52d2c044ebc24c8bcvboxsync<tr><th colspan="3" align="center"><span class="application">dnssec-importkey</span></th></tr>
ba8183e1a0c699f5b5131a03e157fc7e39ed3009vboxsync<a accesskey="p" href="man.dnssec-dsfromkey.html">Prev</a>�</td>
ba8183e1a0c699f5b5131a03e157fc7e39ed3009vboxsync<td width="20%" align="right">�<a accesskey="n" href="man.dnssec-keyfromlabel.html">Next</a>
6747811f5505e9275a79882daf73942490558270vboxsync<a name="man.dnssec-importkey"></a><div class="titlepage"></div>
2b821db1fc1a1e0641081be52d2c044ebc24c8bcvboxsync<p><span class="application">dnssec-importkey</span> — Import DNSKEY records from external systems so they can be managed.</p>
ba8183e1a0c699f5b5131a03e157fc7e39ed3009vboxsync<div class="cmdsynopsis"><p><code class="command">dnssec-importkey</code> [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-h</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] {<code class="option">keyfile</code>}</p></div>
ba8183e1a0c699f5b5131a03e157fc7e39ed3009vboxsync<div class="cmdsynopsis"><p><code class="command">dnssec-importkey</code> {<code class="option">-f <em class="replaceable"><code>filename</code></em></code>} [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-h</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] [<code class="option">dnsname</code>]</p></div>
ba8183e1a0c699f5b5131a03e157fc7e39ed3009vboxsync<p><span><strong class="command">dnssec-importkey</strong></span>
ba8183e1a0c699f5b5131a03e157fc7e39ed3009vboxsync reads a public DNSKEY record and generates a pair of
ba8183e1a0c699f5b5131a03e157fc7e39ed3009vboxsync .key/.private files. The DNSKEY record may be read from an
ba8183e1a0c699f5b5131a03e157fc7e39ed3009vboxsync existing .key file, in which case a corresponding .private file
ba8183e1a0c699f5b5131a03e157fc7e39ed3009vboxsync will be generated, or it may be read from any other file or
ba8183e1a0c699f5b5131a03e157fc7e39ed3009vboxsync from the standard input, in which case both .key and .private
ba8183e1a0c699f5b5131a03e157fc7e39ed3009vboxsync files will be generated.
ba8183e1a0c699f5b5131a03e157fc7e39ed3009vboxsync The newly-created .private file does <span class="emphasis"><em>not</em></span>
ba8183e1a0c699f5b5131a03e157fc7e39ed3009vboxsync contain private key data, and cannot be used for signing.
ba8183e1a0c699f5b5131a03e157fc7e39ed3009vboxsync However, having a .private file makes it possible to set
ba8183e1a0c699f5b5131a03e157fc7e39ed3009vboxsync publication (<code class="option">-P</code>) and deletion
ba8183e1a0c699f5b5131a03e157fc7e39ed3009vboxsync (<code class="option">-D</code>) times for the key, which means the
ba8183e1a0c699f5b5131a03e157fc7e39ed3009vboxsync public key can be added to and removed from the DNSKEY RRset
ba8183e1a0c699f5b5131a03e157fc7e39ed3009vboxsync on schedule even if the true private key is stored offline.
ba8183e1a0c699f5b5131a03e157fc7e39ed3009vboxsync<dt><span class="term">-f <em class="replaceable"><code>filename</code></em></span></dt>
ba8183e1a0c699f5b5131a03e157fc7e39ed3009vboxsync Zone file mode: instead of a public keyfile name, the argument
ba8183e1a0c699f5b5131a03e157fc7e39ed3009vboxsync is the DNS domain name of a zone master file, which can be read
ba8183e1a0c699f5b5131a03e157fc7e39ed3009vboxsync from <code class="option">file</code>. If the domain name is the same as
ba8183e1a0c699f5b5131a03e157fc7e39ed3009vboxsync <code class="option">file</code>, then it may be omitted.
ba8183e1a0c699f5b5131a03e157fc7e39ed3009vboxsync If <code class="option">file</code> is set to <code class="literal">"-"</code>, then
8e0616c621e9632ac793dc6d38c40e34cf487bd2vboxsync the zone data is read from the standard input.
2b821db1fc1a1e0641081be52d2c044ebc24c8bcvboxsync<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
8e0616c621e9632ac793dc6d38c40e34cf487bd2vboxsync Sets the directory in which the key files are to reside.
ba8183e1a0c699f5b5131a03e157fc7e39ed3009vboxsync<dt><span class="term">-L <em class="replaceable"><code>ttl</code></em></span></dt>
23a9871a0529153e9acd72f2892d1daba911b620vboxsync Sets the default TTL to use for this key when it is converted
9960b537f41818c96be5b4426013af0854278fe2vboxsync into a DNSKEY RR. If the key is imported into a zone,
23a9871a0529153e9acd72f2892d1daba911b620vboxsync this is the TTL that will be used for it, unless there was
9960b537f41818c96be5b4426013af0854278fe2vboxsync already a DNSKEY RRset in place, in which case the existing TTL
23a9871a0529153e9acd72f2892d1daba911b620vboxsync would take precedence. Setting the default TTL to
23a9871a0529153e9acd72f2892d1daba911b620vboxsync <code class="literal">0</code> or <code class="literal">none</code> removes it.
ba8183e1a0c699f5b5131a03e157fc7e39ed3009vboxsync Emit usage message and exit.
ba8183e1a0c699f5b5131a03e157fc7e39ed3009vboxsync<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
ba8183e1a0c699f5b5131a03e157fc7e39ed3009vboxsync Sets the debugging level.
ba8183e1a0c699f5b5131a03e157fc7e39ed3009vboxsync Prints version information.
ba8183e1a0c699f5b5131a03e157fc7e39ed3009vboxsync Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
ba8183e1a0c699f5b5131a03e157fc7e39ed3009vboxsync If the argument begins with a '+' or '-', it is interpreted as
ba8183e1a0c699f5b5131a03e157fc7e39ed3009vboxsync an offset from the present time. For convenience, if such an offset
ba8183e1a0c699f5b5131a03e157fc7e39ed3009vboxsync is followed by one of the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi',
ba8183e1a0c699f5b5131a03e157fc7e39ed3009vboxsync then the offset is computed in years (defined as 365 24-hour days,
ba8183e1a0c699f5b5131a03e157fc7e39ed3009vboxsync ignoring leap years), months (defined as 30 24-hour days), weeks,
ba8183e1a0c699f5b5131a03e157fc7e39ed3009vboxsync days, hours, or minutes, respectively. Without a suffix, the offset
ba8183e1a0c699f5b5131a03e157fc7e39ed3009vboxsync is computed in seconds. To explicitly prevent a date from being
ba8183e1a0c699f5b5131a03e157fc7e39ed3009vboxsync set, use 'none' or 'never'.
ba8183e1a0c699f5b5131a03e157fc7e39ed3009vboxsync<dt><span class="term">-P <em class="replaceable"><code>date/offset</code></em></span></dt>
4d8251400411b4dcf2c86b5b0376a326ff45938cvboxsync Sets the date on which a key is to be published to the zone.
ed24120b1d8a2eddf4291a9654cf45b2372135abvboxsync After that date, the key will be included in the zone but will
5d69af51557e9e9db029ecd243e820383af49b18vboxsync not be used to sign it.
ed24120b1d8a2eddf4291a9654cf45b2372135abvboxsync<dt><span class="term">-D <em class="replaceable"><code>date/offset</code></em></span></dt>
ed24120b1d8a2eddf4291a9654cf45b2372135abvboxsync Sets the date on which the key is to be deleted. After that
ed24120b1d8a2eddf4291a9654cf45b2372135abvboxsync date, the key will no longer be included in the zone. (It
ed24120b1d8a2eddf4291a9654cf45b2372135abvboxsync may remain in the key repository, however.)
ba8183e1a0c699f5b5131a03e157fc7e39ed3009vboxsync A keyfile can be designed by the key identification
ba8183e1a0c699f5b5131a03e157fc7e39ed3009vboxsync <code class="filename">Knnnn.+aaa+iiiii</code> or the full file name
9eea21d61089fe62b80ef3f4549600091c2b1967vboxsync <code class="filename">Knnnn.+aaa+iiiii.key</code> as generated by
4d8251400411b4dcf2c86b5b0376a326ff45938cvboxsync <span class="refentrytitle">dnssec-keygen</span>(8).
9eea21d61089fe62b80ef3f4549600091c2b1967vboxsync<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
9eea21d61089fe62b80ef3f4549600091c2b1967vboxsync <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
9eea21d61089fe62b80ef3f4549600091c2b1967vboxsync <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
9eea21d61089fe62b80ef3f4549600091c2b1967vboxsync<p><span class="corpauthor">Internet Systems Consortium</span>
817d003403ed9395143bd4ba88fbd9cb60e5eeebvboxsync<a accesskey="p" href="man.dnssec-dsfromkey.html">Prev</a>�</td>
817d003403ed9395143bd4ba88fbd9cb60e5eeebvboxsync<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch13.html">Up</a></td>
ba8183e1a0c699f5b5131a03e157fc7e39ed3009vboxsync<td width="40%" align="right">�<a accesskey="n" href="man.dnssec-keyfromlabel.html">Next</a>
e06a7c97712c2fb5d6a55a2b80e774913ed91d1avboxsync<span class="application">dnssec-dsfromkey</span>�</td>
4d8251400411b4dcf2c86b5b0376a326ff45938cvboxsync<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
ba8183e1a0c699f5b5131a03e157fc7e39ed3009vboxsync<td width="40%" align="right" valign="top">�<span class="application">dnssec-keyfromlabel</span>
ba8183e1a0c699f5b5131a03e157fc7e39ed3009vboxsync<p style="text-align: center;">BIND 9.11.0pre-alpha</p>