"Fossies" - the Fresh Open Source Software Archive

Member "bind-9.16.7/doc/man/dnssec-dsfromkey.8in" (4 Sep 2020, 4928 Bytes) of package /linux/misc/dns/bind9/9.16.7/bind-9.16.7.tar.xz:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file.

    1 .\" Man page generated from reStructuredText.
    2 .
    3 .TH "DNSSEC-DSFROMKEY" "8" "@RELEASE_DATE@" "@BIND9_VERSION@" "BIND 9"
    4 .SH NAME
    5 dnssec-dsfromkey \- DNSSEC DS RR generation tool
    6 .
    7 .nr rst2man-indent-level 0
    8 .
    9 .de1 rstReportMargin
   10 \\$1 \\n[an-margin]
   11 level \\n[rst2man-indent-level]
   12 level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
   13 -
   14 \\n[rst2man-indent0]
   15 \\n[rst2man-indent1]
   16 \\n[rst2man-indent2]
   17 ..
   18 .de1 INDENT
   19 .\" .rstReportMargin pre:
   20 . RS \\$1
   21 . nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
   22 . nr rst2man-indent-level +1
   23 .\" .rstReportMargin post:
   24 ..
   25 .de UNINDENT
   26 . RE
   27 .\" indent \\n[an-margin]
   28 .\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
   29 .nr rst2man-indent-level -1
   30 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
   31 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
   32 ..
   33 .SH SYNOPSIS
   34 .sp
   35 \fBdnssec\-dsfromkey\fP [ \fB\-1\fP | \fB\-2\fP | \fB\-a\fP alg ] [ \fB\-C\fP ] [\fB\-T\fP TTL] [\fB\-v\fP level] [\fB\-K\fP directory] {keyfile}
   36 .sp
   37 \fBdnssec\-dsfromkey\fP [ \fB\-1\fP | \fB\-2\fP | \fB\-a\fP alg ] [ \fB\-C\fP ] [\fB\-T\fP TTL] [\fB\-v\fP level] [\fB\-c\fP class] [\fB\-A\fP] {\fB\-f\fP file} [dnsname]
   38 .sp
   39 \fBdnssec\-dsfromkey\fP [ \fB\-1\fP | \fB\-2\fP | \fB\-a\fP alg ] [ \fB\-C\fP ] [\fB\-T\fP TTL] [\fB\-v\fP level] [\fB\-c\fP class] [\fB\-K\fP directory] {\fB\-s\fP} {dnsname}
   40 .sp
   41 \fBdnssec\-dsfromkey\fP [ \fB\-h\fP | \fB\-V\fP ]
   42 .SH DESCRIPTION
   43 .sp
   44 The \fBdnssec\-dsfromkey\fP command outputs DS (Delegation Signer) resource records
   45 (RRs), or CDS (Child DS) RRs with the \fB\-C\fP option.
   46 .sp
   47 The input keys can be specified in a number of ways:
   48 .sp
   49 By default, \fBdnssec\-dsfromkey\fP reads a key file named like
   50 \fBKnnnn.+aaa+iiiii.key\fP, as generated by \fBdnssec\-keygen\fP\&.
   51 .sp
   52 With the \fB\-f file\fP option, \fBdnssec\-dsfromkey\fP reads keys from a zone
   53 file or partial zone file (which can contain just the DNSKEY records).
   54 .sp
   55 With the \fB\-s\fP option, \fBdnssec\-dsfromkey\fP reads a \fBkeyset\-\fP file,
   56 as generated by \fBdnssec\-keygen\fP \fB\-C\fP\&.
   57 .SH OPTIONS
   58 .INDENT 0.0
   59 .TP
   60 \fB\-1\fP
   61 An abbreviation for \fB\-a SHA1\fP
   62 .TP
   63 \fB\-2\fP
   64 An abbreviation for \fB\-a SHA\-256\fP
   65 .TP
   66 \fB\-a\fP algorithm
   67 Specify a digest algorithm to use when converting DNSKEY records to
   68 DS records. This option can be repeated, so that multiple DS records
   69 are created for each DNSKEY record.
   70 .sp
   71 The algorithm must be one of SHA\-1, SHA\-256, or SHA\-384. These values
   72 are case insensitive, and the hyphen may be omitted. If no algorithm
   73 is specified, the default is SHA\-256.
   74 .TP
   75 \fB\-A\fP
   76 Include ZSKs when generating DS records. Without this option, only
   77 keys which have the KSK flag set will be converted to DS records and
   78 printed. Useful only in \fB\-f\fP zone file mode.
   79 .TP
   80 \fB\-c\fP class
   81 Specifies the DNS class (default is IN). Useful only in \fB\-s\fP keyset
   82 or \fB\-f\fP zone file mode.
   83 .TP
   84 \fB\-C\fP
   85 Generate CDS records rather than DS records.
   86 .TP
   87 \fB\-f\fP file
   88 Zone file mode: \fBdnssec\-dsfromkey\fP\(aqs final dnsname argument is the
   89 DNS domain name of a zone whose master file can be read from
   90 \fBfile\fP\&. If the zone name is the same as \fBfile\fP, then it may be
   91 omitted.
   92 .sp
   93 If file is \fB"\-"\fP, then the zone data is read from the standard
   94 input. This makes it possible to use the output of the \fBdig\fP
   95 command as input, as in:
   96 .sp
   97 \fBdig dnskey example.com | dnssec\-dsfromkey \-f \- example.com\fP
   98 .TP
   99 \fB\-h\fP
  100 Prints usage information.
  101 .TP
  102 \fB\-K\fP directory
  103 Look for key files or \fBkeyset\-\fP files in \fBdirectory\fP\&.
  104 .TP
  105 \fB\-s\fP
  106 Keyset mode: \fBdnssec\-dsfromkey\fP\(aqs final dnsname argument is the DNS
  107 domain name used to locate a \fBkeyset\-\fP file.
  108 .TP
  109 \fB\-T\fP TTL
  110 Specifies the TTL of the DS records. By default the TTL is omitted.
  111 .TP
  112 \fB\-v\fP level
  113 Sets the debugging level.
  114 .TP
  115 \fB\-V\fP
  116 Prints version information.
  117 .UNINDENT
  118 .SH EXAMPLE
  119 .sp
  120 To build the SHA\-256 DS RR from the \fBKexample.com.+003+26160\fP keyfile
  121 name, you can issue the following command:
  122 .sp
  123 \fBdnssec\-dsfromkey \-2 Kexample.com.+003+26160\fP
  124 .sp
  125 The command would print something like:
  126 .sp
  127 \fBexample.com. IN DS 26160 5 2 3A1EADA7A74B8D0BA86726B0C227AA85AB8BBD2B2004F41A868A54F0C5EA0B94\fP
  128 .SH FILES
  129 .sp
  130 The keyfile can be designated by the key identification
  131 \fBKnnnn.+aaa+iiiii\fP or the full file name \fBKnnnn.+aaa+iiiii.key\fP as
  132 generated by dnssec\-keygen8.
  133 .sp
  134 The keyset file name is built from the \fBdirectory\fP, the string
  135 \fBkeyset\-\fP and the \fBdnsname\fP\&.
  136 .SH CAVEAT
  137 .sp
  138 A keyfile error can give a "file not found" even if the file exists.
  139 .SH SEE ALSO
  140 .sp
  141 \fBdnssec\-keygen(8)\fP, \fBdnssec\-signzone(8)\fP, BIND 9 Administrator Reference Manual,
  142 \fI\%RFC 3658\fP (DS RRs), \fI\%RFC 4509\fP (SHA\-256 for DS RRs),
  143 \fI\%RFC 6605\fP (SHA\-384 for DS RRs), \fI\%RFC 7344\fP (CDS and CDNSKEY RRs).
  144 .SH AUTHOR
  145 Internet Systems Consortium
  146 .SH COPYRIGHT
  147 2020, Internet Systems Consortium
  148 .\" Generated by docutils manpage writer.
  149 .