man.dnssec-settime.html revision e4adb07cc1f8253b3c39aeeeb3ea03dc5b7011cc
fc2381b901eb162810f54a11cc512b95f55a60dfAutomatic Updater - Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
71cef386fae61275b03e203825680b39fedaa8c6Tinderbox User - Copyright (C) 2000-2003 Internet Software Consortium.
5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User - Permission to use, copy, modify, and/or distribute this software for any
5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User - purpose with or without fee is hereby granted, provided that the above
5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User - copyright notice and this permission notice appear in all copies.
d6fa26d0adaec6c910115be34fe7a5a5f402c14fMark Andrews - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
fc2381b901eb162810f54a11cc512b95f55a60dfAutomatic Updater - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
fc2381b901eb162810f54a11cc512b95f55a60dfAutomatic Updater - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
fc2381b901eb162810f54a11cc512b95f55a60dfAutomatic Updater - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
cd32f419a8a5432fbb139f56ee73cbf68b9350ccTinderbox User - PERFORMANCE OF THIS SOFTWARE.
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User<!-- $Id: man.dnssec-settime.html,v 1.20 2009/10/27 01:14:44 tbox Exp $ -->
fc2381b901eb162810f54a11cc512b95f55a60dfAutomatic Updater<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
fc2381b901eb162810f54a11cc512b95f55a60dfAutomatic Updater<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
fc2381b901eb162810f54a11cc512b95f55a60dfAutomatic Updater<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
fc2381b901eb162810f54a11cc512b95f55a60dfAutomatic Updater<link rel="up" href="Bv9ARM.ch10.html" title="Manual pages">
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<link rel="prev" href="man.dnssec-revoke.html" title="dnssec-revoke">
fc2381b901eb162810f54a11cc512b95f55a60dfAutomatic Updater<link rel="next" href="man.dnssec-signzone.html" title="dnssec-signzone">
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
fc2381b901eb162810f54a11cc512b95f55a60dfAutomatic Updater<table width="100%" summary="Navigation header">
fc2381b901eb162810f54a11cc512b95f55a60dfAutomatic Updater<tr><th colspan="3" align="center"><span class="application">dnssec-settime</span></th></tr>
fc2381b901eb162810f54a11cc512b95f55a60dfAutomatic Updater<a accesskey="p" href="man.dnssec-revoke.html">Prev</a>�</td>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<th width="60%" align="center">Manual pages</th>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<td width="20%" align="right">�<a accesskey="n" href="man.dnssec-signzone.html">Next</a>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<a name="man.dnssec-settime"></a><div class="titlepage"></div>
fc2381b901eb162810f54a11cc512b95f55a60dfAutomatic Updater<p><span class="application">dnssec-settime</span> — Set the key timing metadata for a DNSSEC key</p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<div class="cmdsynopsis"><p><code class="command">dnssec-settime</code> [<code class="option">-f</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-h</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] {keyfile}</p></div>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<p><span><strong class="command">dnssec-settime</strong></span>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User reads a DNSSEC private key file and sets the key timing metadata
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User as specified by the <code class="option">-P</code>, <code class="option">-A</code>,
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <code class="option">-R</code>, <code class="option">-I</code>, and <code class="option">-D</code>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User options. The metadata can then be used by
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <span><strong class="command">dnssec-signzone</strong></span> or other signing software to
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User determine when a key is to be published, whether it should be
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User used for signing a zone, etc.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User If none of these options is set on the command line,
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt then <span><strong class="command">dnssec-settime</strong></span> simply prints the key timing
fc2381b901eb162810f54a11cc512b95f55a60dfAutomatic Updater metadata already stored in the key.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User When key metadata fields are changed, both files of a key
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User pair (<code class="filename">Knnnn.+aaa+iiiii.key</code> and
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <code class="filename">Knnnn.+aaa+iiiii.private</code>) are regenerated.
7e71f05d8643aca84914437c900cb716444507e4Tinderbox User Metadata fields are stored in the private file. A human-readable
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User description of the metadata is also placed in comments in the key
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User Force an update of an old-format key with no metadata fields.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User Without this option, <span><strong class="command">dnssec-settime</strong></span> will
fc2381b901eb162810f54a11cc512b95f55a60dfAutomatic Updater fail when attempting to update a legacy key. With this option,
fc2381b901eb162810f54a11cc512b95f55a60dfAutomatic Updater the key will be recreated in the new format, but with the
fc2381b901eb162810f54a11cc512b95f55a60dfAutomatic Updater original key data retained. The key's creation date will be
fc2381b901eb162810f54a11cc512b95f55a60dfAutomatic Updater set to the present time.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User Sets the directory in which the key files are to reside.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User Emit usage message and exit.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
fc2381b901eb162810f54a11cc512b95f55a60dfAutomatic Updater Sets the debugging level.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<dt><span class="term">-E <em class="replaceable"><code>engine</code></em></span></dt>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User Use the given OpenSSL engine. When compiled with PKCS#11 support
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User it defaults to pcks11, the empty name resets it to no engine.
fc2381b901eb162810f54a11cc512b95f55a60dfAutomatic Updater<a name="id2609739"></a><h2>TIMING OPTIONS</h2>
fc2381b901eb162810f54a11cc512b95f55a60dfAutomatic Updater Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User If the argument begins with a '+' or '-', it is interpreted as
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User an offset from the present time. For convenience, if such an offset
fc2381b901eb162810f54a11cc512b95f55a60dfAutomatic Updater is followed by one of the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi',
fc2381b901eb162810f54a11cc512b95f55a60dfAutomatic Updater then the offset is computed in years (defined as 365 24-hour days,
fc2381b901eb162810f54a11cc512b95f55a60dfAutomatic Updater ignoring leap years), months (defined as 30 24-hour days), weeks,
fc2381b901eb162810f54a11cc512b95f55a60dfAutomatic Updater days, hours, or minutes, respectively. Without a suffix, the offset
fc2381b901eb162810f54a11cc512b95f55a60dfAutomatic Updater is computed in seconds. To unset a date, use 'none'.
cd32f419a8a5432fbb139f56ee73cbf68b9350ccTinderbox User<dt><span class="term">-P <em class="replaceable"><code>date/offset</code></em></span></dt>
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User Sets the date on which a key is to be published to the zone.
fc2381b901eb162810f54a11cc512b95f55a60dfAutomatic Updater After that date, the key will be included in the zone but will
fc2381b901eb162810f54a11cc512b95f55a60dfAutomatic Updater not be used to sign it.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<dt><span class="term">-A <em class="replaceable"><code>date/offset</code></em></span></dt>
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User Sets the date on which the key is to be activated. After that
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User date, the key will be included in the zone and used to sign
fc2381b901eb162810f54a11cc512b95f55a60dfAutomatic Updater<dt><span class="term">-R <em class="replaceable"><code>date/offset</code></em></span></dt>
fc2381b901eb162810f54a11cc512b95f55a60dfAutomatic Updater Sets the date on which the key is to be revoked. After that
fc2381b901eb162810f54a11cc512b95f55a60dfAutomatic Updater date, the key will be flagged as revoked. It will be included