ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity

regen master

Browse Source
This commit is contained in:
Tinderbox User
2016-12-07 01:05:34 +00:00
parent 1b8ce3b330
commit 16fde7f0b3
110 changed files with 15840 additions and 7769 deletions
Download Patch File Download Diff File Expand all files Collapse all files

141
bin/python/dnssec-coverage.html
View File

@@ -14,22 +14,47 @@
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
<a name="man.dnssec-coverage"></a><div class="titlepage"></div>
<div class="refnamediv">
<div class="refnamediv">
<h2>Name</h2>
<p><span class="application">dnssec-coverage</span> &#8212; checks future DNSKEY coverage for a zone</p>
<p>
<span class="application">dnssec-coverage</span>
&#8212; checks future DNSKEY coverage for a zone
</p>
</div>
<div class="refsynopsisdiv">
<div class="refsynopsisdiv">
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p><code class="command">dnssec-coverage</code> [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-l <em class="replaceable"><code>length</code></em></code>] [<code class="option">-f <em class="replaceable"><code>file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>DNSKEY TTL</code></em></code>] [<code class="option">-m <em class="replaceable"><code>max TTL</code></em></code>] [<code class="option">-r <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-c <em class="replaceable"><code>compilezone path</code></em></code>] [<code class="option">-k</code>] [<code class="option">-z</code>] [zone...]</p></div>
</div>
<div class="refsection">
<div class="cmdsynopsis"><p>
<code class="command">dnssec-coverage</code>
[<code class="option">-K <em class="replaceable"><code>directory</code></em></code>]
[<code class="option">-l <em class="replaceable"><code>length</code></em></code>]
[<code class="option">-f <em class="replaceable"><code>file</code></em></code>]
[<code class="option">-d <em class="replaceable"><code>DNSKEY TTL</code></em></code>]
[<code class="option">-m <em class="replaceable"><code>max TTL</code></em></code>]
[<code class="option">-r <em class="replaceable"><code>interval</code></em></code>]
[<code class="option">-c <em class="replaceable"><code>compilezone path</code></em></code>]
[<code class="option">-k</code>]
[<code class="option">-z</code>]
[zone...]
</p></div>
</div>
<div class="refsection">
<a name="id-1.7"></a><h2>DESCRIPTION</h2>
<p><span class="command"><strong>dnssec-coverage</strong></span>
<p><span class="command"><strong>dnssec-coverage</strong></span>
verifies that the DNSSEC keys for a given zone or a set of zones
have timing metadata set properly to ensure no future lapses in DNSSEC
coverage.
</p>
<p>
<p>
If <code class="option">zone</code> is specified, then keys found in
the key repository matching that zone are scanned, and an ordered
list is generated of the events scheduled for that key (i.e.,
@@ -42,47 +67,54 @@
key is rolled, and cached data signed by the prior key has not had
time to expire from resolver caches.
</p>
<p>
<p>
If <code class="option">zone</code> is not specified, then all keys in the
key repository will be scanned, and all zones for which there are
keys will be analyzed. (Note: This method of reporting is only
accurate if all the zones that have keys in a given repository
share the same TTL parameters.)
</p>
</div>
<div class="refsection">
</div>
<div class="refsection">
<a name="id-1.8"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl class="variablelist">
<div class="variablelist"><dl class="variablelist">
<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
<dd><p>
<dd>
<p>
Sets the directory in which keys can be found. Defaults to the
current working directory.
</p></dd>
</p>
</dd>
<dt><span class="term">-f <em class="replaceable"><code>file</code></em></span></dt>
<dd><p>
<dd>
<p>
If a <code class="option">file</code> is specified, then the zone is
read from that file; the largest TTL and the DNSKEY TTL are
determined directly from the zone data, and the
<code class="option">-m</code> and <code class="option">-d</code> options do
not need to be specified on the command line.
</p></dd>
</p>
</dd>
<dt><span class="term">-l <em class="replaceable"><code>duration</code></em></span></dt>
<dd>
<p>
<p>
The length of time to check for DNSSEC coverage. Key events
scheduled further into the future than <code class="option">duration</code>
will be ignored, and assumed to be correct.
</p>
<p>
<p>
The value of <code class="option">duration</code> can be set in seconds,
or in larger units of time by adding a suffix: 'mi' for minutes,
'h' for hours, 'd' for days, 'w' for weeks, 'mo' for months,
'y' for years.
</p>
</dd>
</dd>
<dt><span class="term">-m <em class="replaceable"><code>maximum TTL</code></em></span></dt>
<dd>
<p>
<p>
Sets the value to be used as the maximum TTL for the zone or
zones being analyzed when determining whether there is a
possibility of validation failure. When a zone-signing key is
@@ -91,26 +123,26 @@
before that key can be purged from the DNSKEY RRset. If that
condition does not apply, a warning will be generated.
</p>
<p>
<p>
The length of the TTL can be set in seconds, or in larger units
of time by adding a suffix: 'mi' for minutes, 'h' for hours,
'd' for days, 'w' for weeks, 'mo' for months, 'y' for years.
</p>
<p>
<p>
This option is not necessary if the <code class="option">-f</code> has
been used to specify a zone file. If <code class="option">-f</code> has
been specified, this option may still be used; it will override
the value found in the file.
</p>
<p>
<p>
If this option is not used and the maximum TTL cannot be retrieved
from a zone file, a warning is generated and a default value of
1 week is used.
</p>
</dd>
</dd>
<dt><span class="term">-d <em class="replaceable"><code>DNSKEY TTL</code></em></span></dt>
<dd>
<p>
<p>
Sets the value to be used as the DNSKEY TTL for the zone or
zones being analyzed when determining whether there is a
possibility of validation failure. When a key is rolled (that
@@ -119,12 +151,12 @@
the new key is activated and begins generating signatures. If
that condition does not apply, a warning will be generated.
</p>
<p>
<p>
The length of the TTL can be set in seconds, or in larger units
of time by adding a suffix: 'mi' for minutes, 'h' for hours,
'd' for days, 'w' for weeks, 'mo' for months, 'y' for years.
</p>
<p>
<p>
This option is not necessary if <code class="option">-f</code> has
been used to specify a zone file from which the TTL
of the DNSKEY RRset can be read, or if a default key TTL was
@@ -133,15 +165,15 @@
this option may still be used; it will override the values
found in the zone file or the key file.
</p>
<p>
<p>
If this option is not used and the key TTL cannot be retrieved
from the zone file or the key file, then a warning is generated
and a default value of 1 day is used.
</p>
</dd>
</dd>
<dt><span class="term">-r <em class="replaceable"><code>resign interval</code></em></span></dt>
<dd>
<p>
<p>
Sets the value to be used as the resign interval for the zone
or zones being analyzed when determining whether there is a
possibility of validation failure. This value defaults to
@@ -151,37 +183,54 @@
<code class="filename">named.conf</code>, then it should also be
changed here.
</p>
<p>
<p>
The length of the interval can be set in seconds, or in larger
units of time by adding a suffix: 'mi' for minutes, 'h' for hours,
'd' for days, 'w' for weeks, 'mo' for months, 'y' for years.
</p>
</dd>
</dd>
<dt><span class="term">-k</span></dt>
<dd><p>
<dd>
<p>
Only check KSK coverage; ignore ZSK events. Cannot be
used with <code class="option">-z</code>.
</p></dd>
</p>
</dd>
<dt><span class="term">-z</span></dt>
<dd><p>
<dd>
<p>
Only check ZSK coverage; ignore KSK events. Cannot be
used with <code class="option">-k</code>.
</p></dd>
</p>
</dd>
<dt><span class="term">-c <em class="replaceable"><code>compilezone path</code></em></span></dt>
<dd><p>
<dd>
<p>
Specifies a path to a <span class="command"><strong>named-compilezone</strong></span> binary.
Used for testing.
</p></dd>
</p>
</dd>
</dl></div>
</div>
<div class="refsection">
</div>
<div class="refsection">
<a name="id-1.9"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">dnssec-checkds</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-dsfromkey</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>
<p>
<span class="citerefentry">
<span class="refentrytitle">dnssec-checkds</span>(8)
</span>,
<span class="citerefentry">
<span class="refentrytitle">dnssec-dsfromkey</span>(8)
</span>,
<span class="citerefentry">
<span class="refentrytitle">dnssec-keygen</span>(8)
</span>,
<span class="citerefentry">
<span class="refentrytitle">dnssec-signzone</span>(8)
</span>
</p>
</div>
</div>
</div></body>
</html>