man.dnssec-settime.html revision 8ec3c085233cedb22b05da36e2773c8f357a7e45
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater - Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
229ea4644b3a7d9c7fdaa43888e7f55ba01e2ee3Automatic Updater - Copyright (C) 2000-2003 Internet Software Consortium.
1167fc7904c5f0a472f8df207ac46dd52c7f1ec8Automatic Updater - Permission to use, copy, modify, and/or distribute this software for any
0c39b3ed9409ecb277d5e32fa763a4e4d6598df8Automatic Updater - purpose with or without fee is hereby granted, provided that the above
46da3117812814a29432a8d9a9ccf8acdbfdadceAutomatic Updater - copyright notice and this permission notice appear in all copies.
cd0aa2d941d1438fabb5337f1f38c49478edf71dAutomatic Updater - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
90ff38a0d8deaf5f9c2aa5916d99b2e572d28738Automatic Updater - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
ac4e70ff8955669341f435bc0a734a17c01af124Mark Andrews - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
6c6a121295b30772cbf3dd75a51fb9d883051a0eAutomatic Updater - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater - PERFORMANCE OF THIS SOFTWARE.
e171a4137c6ba348957e61b7c4c3541493c0da02Automatic Updater<!-- $Id: man.dnssec-settime.html,v 1.11 2009/10/06 01:14:41 tbox Exp $ -->
3cc98b8ecedcbc8465f1cf2740b966b315662430Automatic Updater<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
e171a4137c6ba348957e61b7c4c3541493c0da02Automatic Updater<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
831f79c4310a7d38fc3475ccfff531b2b2535641Automatic Updater<link rel="up" href="Bv9ARM.ch10.html" title="Manual pages">
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<link rel="prev" href="man.dnssec-revoke.html" title="dnssec-revoke">
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater<link rel="next" href="man.dnssec-signzone.html" title="dnssec-signzone">
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater<table width="100%" summary="Navigation header">
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater<tr><th colspan="3" align="center"><span class="application">dnssec-settime</span></th></tr>
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater<a accesskey="p" href="man.dnssec-revoke.html">Prev</a>�</td>
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater<th width="60%" align="center">Manual pages</th>
aa9c561961e9d877946ebaa8795fa2be054ab7bfEvan Hunt<td width="20%" align="right">�<a accesskey="n" href="man.dnssec-signzone.html">Next</a>
aa9c561961e9d877946ebaa8795fa2be054ab7bfEvan Hunt<a name="man.dnssec-settime"></a><div class="titlepage"></div>
aa9c561961e9d877946ebaa8795fa2be054ab7bfEvan Hunt<p><span class="application">dnssec-settime</span> — Set the key timing metadata for a DNSSEC key</p>
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater<div class="cmdsynopsis"><p><code class="command">dnssec-settime</code> [<code class="option">-f</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-h</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] {keyfile}</p></div>
cdfc81e048bd34c1d628380247bda6b80a89e20eAutomatic Updater<a name="id2609757"></a><h2>DESCRIPTION</h2>
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater<p><span><strong class="command">dnssec-settime</strong></span>
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater reads a DNSSEC private key file and sets the key timing metadata
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater as specified by the <code class="option">-P</code>, <code class="option">-A</code>,
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater <code class="option">-R</code>, <code class="option">-I</code>, and <code class="option">-D</code>
eabc9c3c07cd956d3c436bd7614cb162dabdda76Mark Andrews options. The metadata can then be used by
eabc9c3c07cd956d3c436bd7614cb162dabdda76Mark Andrews <span><strong class="command">dnssec-signzone</strong></span> or other signing software to
eabc9c3c07cd956d3c436bd7614cb162dabdda76Mark Andrews determine when a key is to be published, whether it should be
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington used for signing a zone, etc.
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater If none of these options is set on the command line,
129090f0f6f91753b4a085ab635e28549fd018adAutomatic Updater then <span><strong class="command">dnssec-settime</strong></span> simply prints the key timing
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews metadata already stored in the key.
930f6069e5aa157cf6987cdafd412f5757a5a558Automatic Updater When key metadata fields are changed, both files of a key
80faf1588895fd26490f82f95a7a1b771df1c324Automatic Updater pair (<code class="filename">Knnnn.+aaa+iiiii.key</code> and
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews <code class="filename">Knnnn.+aaa+iiiii.private</code>) are regenerated.
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater Metadata fields are stored in the private file. A human-readable
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews description of the metadata is also placed in comments in the key
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater Force an update of an old-format key with no metadata fields.
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson Without this option, <span><strong class="command">dnssec-settime</strong></span> will
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater fail when attempting to update a legacy key. With this option,
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater the key will be recreated in the new format, but with the
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson original key data retained. The key's creation date will be
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater set to the present time.
dd65eb1efb40b1c47d57963192bfc54873b219beAutomatic Updater<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
b1265b5a06df36d490d4bdf54284fb133a1f5a84Automatic Updater Sets the directory in which the key files are to reside.
0c39b3ed9409ecb277d5e32fa763a4e4d6598df8Automatic Updater Emit usage message and exit.
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
f9119ad8f6114b2255e7545bf5cd187f4db0a89bAutomatic Updater Sets the debugging level.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<dt><span class="term">-E <em class="replaceable"><code>engine</code></em></span></dt>
08e3b6797706a13054bad749dea04e94b514b8e7Automatic Updater Use the given OpenSSL engine. When compiled with PKCS#11 support
dd65eb1efb40b1c47d57963192bfc54873b219beAutomatic Updater it defaults to pcks11, the empty name resets it to no engine.
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater If the argument begins with a '+' or '-', it is interpreted as
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews an offset from the present time. For convenience, if such an offset
0c39b3ed9409ecb277d5e32fa763a4e4d6598df8Automatic Updater is followed by one of the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi',
0c39b3ed9409ecb277d5e32fa763a4e4d6598df8Automatic Updater then the offset is computed in years (defined as 365 24-hour days,
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater ignoring leap years), months (defined as 30 24-hour days), weeks,
cdfc81e048bd34c1d628380247bda6b80a89e20eAutomatic Updater days, hours, or minutes, respectively. Without a suffix, the offset
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater is computed in seconds. To unset a date, use 'none'.
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater<dt><span class="term">-P <em class="replaceable"><code>date/offset</code></em></span></dt>
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater Sets the date on which a key is to be published to the zone.
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater After that date, the key will be included in the zone but will
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson not be used to sign it.
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews<dt><span class="term">-A <em class="replaceable"><code>date/offset</code></em></span></dt>
dd65eb1efb40b1c47d57963192bfc54873b219beAutomatic Updater Sets the date on which the key is to be activated. After that
dd65eb1efb40b1c47d57963192bfc54873b219beAutomatic Updater date, the key will be included and the zone and used to sign
133e6d43fa82e80d3798be4de00f4540f485ec6cAutomatic Updater<dt><span class="term">-R <em class="replaceable"><code>date/offset</code></em></span></dt>
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater Sets the date on which the key is to be revoked. After that
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson date, the key will be flagged as revoked. It will be included
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater in the zone and will be used to sign it.
27794bebe2634b5ac374e78972649c79300b876aAutomatic Updater<dt><span class="term">-I <em class="replaceable"><code>date/offset</code></em></span></dt>
0ce87e5749aabb8eef1e0a37e4bd6e6ffa1d7196Automatic Updater Sets the date on which the key is to be retired. After that
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater date, the key will still be included in the zone, but it
229ea4644b3a7d9c7fdaa43888e7f55ba01e2ee3Automatic Updater will not be used to sign it.
3e5340279d8875d136a4dd815cccad0044aa2644Automatic Updater<dt><span class="term">-D <em class="replaceable"><code>date/offset</code></em></span></dt>
f4029eb7463e99df00618de89f0bee5ac062a237Automatic Updater Sets the date on which the key is to be deleted. After that
19b3dc94bce93fa76bd7e066f9298630dbc9dcb4Automatic Updater date, the key will no longer be included in the zone. (It
d145b64cacc8d9cda51f9924ec70cd4661c3e2cfAutomatic Updater may remain in the key repository, however.)
e628576d3b3d91c8954679077f4c208f1e43b433Automatic Updater<a name="id2610008"></a><h2>PRINTING OPTIONS</h2>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">dnssec-settime</strong></span> can also be used to print the
bc0a53583d92309bebcf93c408e2f3247ebd3d3cAutomatic Updater timing metadata associated with a key.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Print times in UNIX epoch format.
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater<dt><span class="term">-p <em class="replaceable"><code>C/P/A/R/U/D/all</code></em></span></dt>
3f616e6f846be57b1717c6beaba0f74de9d5a7c6Automatic Updater Print a specific metadata value or set of metadata values.
c453a50776145e9c1c3fc9c846cfa11f42505081Automatic Updater The <code class="option">-p</code> option may be followed by one or more
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater of the following letters to indicate which value or values to print:
19b3dc94bce93fa76bd7e066f9298630dbc9dcb4Automatic Updater <code class="option">C</code> for the creation date,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <code class="option">P</code> for the publication date,
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater <code class="option">A</code> for the activation date,
7f94d9a8162c9a96b56e66176702b66e79d8e1a2Automatic Updater <code class="option">R</code> for the revokation date,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <code class="option">U</code> for the unpublication date, or
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <code class="option">D</code> for the deletion date.
f7a71eef29bcbf892270460269c79664f600cffdAutomatic Updater To print all of the metadata, use <code class="option">-p all</code>.
96ea71632887c58a9d00f47eb318bf76b35903c3Mark Andrews<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
80faf1588895fd26490f82f95a7a1b771df1c324Automatic Updater<p><span class="corpauthor">Internet Systems Consortium</span>
765c97d56ccddc9d7904c7d9ff2e2d825d9687e4Automatic Updater<table width="100%" summary="Navigation footer">
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<a accesskey="p" href="man.dnssec-revoke.html">Prev</a>�</td>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch10.html">Up</a></td>
3f616e6f846be57b1717c6beaba0f74de9d5a7c6Automatic Updater<td width="40%" align="right">�<a accesskey="n" href="man.dnssec-signzone.html">Next</a>
3e5340279d8875d136a4dd815cccad0044aa2644Automatic Updater<span class="application">dnssec-revoke</span>�</td>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater<td width="40%" align="right" valign="top">�<span class="application">dnssec-signzone</span>