man.dnssec-settime.html revision 88a2182a1ad4fc7af07272af6b05b74db7f28e52
d67d8d3162b0d9cac99842fc7da74e8371453046vboxsync - Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
37136b5ecb07042e5ba50f86849a79d1cba5d5f1vboxsync - Copyright (C) 2000-2003 Internet Software Consortium.
d67d8d3162b0d9cac99842fc7da74e8371453046vboxsync - Permission to use, copy, modify, and/or distribute this software for any
37136b5ecb07042e5ba50f86849a79d1cba5d5f1vboxsync - purpose with or without fee is hereby granted, provided that the above
c58f1213e628a545081c70e26c6b67a841cff880vboxsync - copyright notice and this permission notice appear in all copies.
37136b5ecb07042e5ba50f86849a79d1cba5d5f1vboxsync - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
37136b5ecb07042e5ba50f86849a79d1cba5d5f1vboxsync - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
37136b5ecb07042e5ba50f86849a79d1cba5d5f1vboxsync - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
37136b5ecb07042e5ba50f86849a79d1cba5d5f1vboxsync - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
37136b5ecb07042e5ba50f86849a79d1cba5d5f1vboxsync - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
37136b5ecb07042e5ba50f86849a79d1cba5d5f1vboxsync - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
37136b5ecb07042e5ba50f86849a79d1cba5d5f1vboxsync - PERFORMANCE OF THIS SOFTWARE.
37136b5ecb07042e5ba50f86849a79d1cba5d5f1vboxsync<!-- $Id$ -->
c14daac2bac51584dd4b94bf9ab51ed5b6f654aavboxsync<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
c14daac2bac51584dd4b94bf9ab51ed5b6f654aavboxsync<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
37136b5ecb07042e5ba50f86849a79d1cba5d5f1vboxsync<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
c14daac2bac51584dd4b94bf9ab51ed5b6f654aavboxsync<link rel="up" href="Bv9ARM.ch10.html" title="Manual pages">
37136b5ecb07042e5ba50f86849a79d1cba5d5f1vboxsync<link rel="prev" href="man.dnssec-revoke.html" title="dnssec-revoke">
37136b5ecb07042e5ba50f86849a79d1cba5d5f1vboxsync<link rel="next" href="man.dnssec-signzone.html" title="dnssec-signzone">
37136b5ecb07042e5ba50f86849a79d1cba5d5f1vboxsync<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
37136b5ecb07042e5ba50f86849a79d1cba5d5f1vboxsync<tr><th colspan="3" align="center"><span class="application">dnssec-settime</span></th></tr>
37136b5ecb07042e5ba50f86849a79d1cba5d5f1vboxsync<a accesskey="p" href="man.dnssec-revoke.html">Prev</a>�</td>
37136b5ecb07042e5ba50f86849a79d1cba5d5f1vboxsync<td width="20%" align="right">�<a accesskey="n" href="man.dnssec-signzone.html">Next</a>
aa4bcf0a4b2db3ac352b56a291d49cb8d4b66d32vboxsync<a name="man.dnssec-settime"></a><div class="titlepage"></div>
37136b5ecb07042e5ba50f86849a79d1cba5d5f1vboxsync<p><span class="application">dnssec-settime</span> — Set the key timing metadata for a DNSSEC key</p>
5a4d5e0a9fbeedae85826992b32e19a14fe4c01bvboxsync<div class="cmdsynopsis"><p><code class="command">dnssec-settime</code> [<code class="option">-f</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-h</code>] [<code class="option">-V</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] {keyfile}</p></div>
40b7f0c2d3f97e0c6171f34f96ec3e05eea44d72vboxsync<p><span><strong class="command">dnssec-settime</strong></span>
d67d8d3162b0d9cac99842fc7da74e8371453046vboxsync reads a DNSSEC private key file and sets the key timing metadata
78df3a3ca20e014e0d9eb72cd7bb72711255d5f6vboxsync as specified by the <code class="option">-P</code>, <code class="option">-A</code>,
e43535ace2499e7f8ef8822186047979bd58d464vboxsync <code class="option">-R</code>, <code class="option">-I</code>, and <code class="option">-D</code>
d67d8d3162b0d9cac99842fc7da74e8371453046vboxsync options. The metadata can then be used by
d67d8d3162b0d9cac99842fc7da74e8371453046vboxsync <span><strong class="command">dnssec-signzone</strong></span> or other signing software to
d67d8d3162b0d9cac99842fc7da74e8371453046vboxsync determine when a key is to be published, whether it should be
d67d8d3162b0d9cac99842fc7da74e8371453046vboxsync used for signing a zone, etc.
d67d8d3162b0d9cac99842fc7da74e8371453046vboxsync If none of these options is set on the command line,
d67d8d3162b0d9cac99842fc7da74e8371453046vboxsync then <span><strong class="command">dnssec-settime</strong></span> simply prints the key timing
a7aa94e0115a73841f34ebbfa00f63fa1904e51fvboxsync metadata already stored in the key.
0e5731ab59b4ecead38375f26eeea698f00b19fdvboxsync When key metadata fields are changed, both files of a key
0e5731ab59b4ecead38375f26eeea698f00b19fdvboxsync pair (<code class="filename">Knnnn.+aaa+iiiii.key</code> and
a7aa94e0115a73841f34ebbfa00f63fa1904e51fvboxsync <code class="filename">Knnnn.+aaa+iiiii.private</code>) are regenerated.
a7aa94e0115a73841f34ebbfa00f63fa1904e51fvboxsync Metadata fields are stored in the private file. A human-readable
a7aa94e0115a73841f34ebbfa00f63fa1904e51fvboxsync description of the metadata is also placed in comments in the key
e91f2a55ed5a30342ec79ce273f3f4bad8283336vboxsync file. The private file's permissions are always set to be
32bf313cd8c0de52ef27b486f15945c55c94b038vboxsync inaccessible to anyone other than the owner (mode 0600).
bec9452711598b56e648192360cab88a6c3535e8vboxsync Force an update of an old-format key with no metadata fields.
d67d8d3162b0d9cac99842fc7da74e8371453046vboxsync Without this option, <span><strong class="command">dnssec-settime</strong></span> will
d67d8d3162b0d9cac99842fc7da74e8371453046vboxsync fail when attempting to update a legacy key. With this option,
d67d8d3162b0d9cac99842fc7da74e8371453046vboxsync the key will be recreated in the new format, but with the
683eff3070b1b86fe71b71af7fda82766ea19d17vboxsync original key data retained. The key's creation date will be
683eff3070b1b86fe71b71af7fda82766ea19d17vboxsync set to the present time. If no other values are specified,
d1c36fd86d36726777e3d6f9d040573e0aaf30devboxsync then the key's publication and activation dates will also
d1c36fd86d36726777e3d6f9d040573e0aaf30devboxsync be set to the present time.
d67d8d3162b0d9cac99842fc7da74e8371453046vboxsync<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
d67d8d3162b0d9cac99842fc7da74e8371453046vboxsync Sets the directory in which the key files are to reside.
d67d8d3162b0d9cac99842fc7da74e8371453046vboxsync<dt><span class="term">-L <em class="replaceable"><code>ttl</code></em></span></dt>
d67d8d3162b0d9cac99842fc7da74e8371453046vboxsync Sets the default TTL to use for this key when it is converted
d67d8d3162b0d9cac99842fc7da74e8371453046vboxsync into a DNSKEY RR. If the key is imported into a zone,
d67d8d3162b0d9cac99842fc7da74e8371453046vboxsync this is the TTL that will be used for it, unless there was
d67d8d3162b0d9cac99842fc7da74e8371453046vboxsync already a DNSKEY RRset in place, in which case the existing TTL
d67d8d3162b0d9cac99842fc7da74e8371453046vboxsync would take precedence. Setting the default TTL to
c14daac2bac51584dd4b94bf9ab51ed5b6f654aavboxsync <code class="literal">0</code> or <code class="literal">none</code> removes it.
2f655f58f4f10aed9b9b07d1379093ef469ba682vboxsync Emit usage message and exit.
c14daac2bac51584dd4b94bf9ab51ed5b6f654aavboxsync Prints version information.
37136b5ecb07042e5ba50f86849a79d1cba5d5f1vboxsync<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
c14daac2bac51584dd4b94bf9ab51ed5b6f654aavboxsync Sets the debugging level.
c14daac2bac51584dd4b94bf9ab51ed5b6f654aavboxsync<dt><span class="term">-E <em class="replaceable"><code>engine</code></em></span></dt>
b39c3fa81cadaec00ebb2e7170a8db96998b7032vboxsync Specifies the cryptographic hardware to use, when applicable.
b39c3fa81cadaec00ebb2e7170a8db96998b7032vboxsync When BIND is built with OpenSSL PKCS#11 support, this defaults
b39c3fa81cadaec00ebb2e7170a8db96998b7032vboxsync to the string "pkcs11", which identifies an OpenSSL engine
c14daac2bac51584dd4b94bf9ab51ed5b6f654aavboxsync that can drive a cryptographic accelerator or hardware service
2f655f58f4f10aed9b9b07d1379093ef469ba682vboxsync module. When BIND is built with native PKCS#11 cryptography
2f655f58f4f10aed9b9b07d1379093ef469ba682vboxsync (--enable-native-pkcs11), it defaults to the path of the PKCS#11
37136b5ecb07042e5ba50f86849a79d1cba5d5f1vboxsync provider library specified via "--with-pkcs11".
c14daac2bac51584dd4b94bf9ab51ed5b6f654aavboxsync Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
37136b5ecb07042e5ba50f86849a79d1cba5d5f1vboxsync If the argument begins with a '+' or '-', it is interpreted as
c14daac2bac51584dd4b94bf9ab51ed5b6f654aavboxsync an offset from the present time. For convenience, if such an offset
715e49c31b15c23c17a9ce3be42a75e7c48d4b78vboxsync is followed by one of the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi',
715e49c31b15c23c17a9ce3be42a75e7c48d4b78vboxsync then the offset is computed in years (defined as 365 24-hour days,
715e49c31b15c23c17a9ce3be42a75e7c48d4b78vboxsync ignoring leap years), months (defined as 30 24-hour days), weeks,
715e49c31b15c23c17a9ce3be42a75e7c48d4b78vboxsync days, hours, or minutes, respectively. Without a suffix, the offset
715e49c31b15c23c17a9ce3be42a75e7c48d4b78vboxsync is computed in seconds. To unset a date, use 'none' or 'never'.