97 lines
2.5 KiB
Plaintext
97 lines
2.5 KiB
Plaintext
.\" Man page generated from reStructuredText.
|
|
.
|
|
.TH "DNSSEC-CHECKDS" "8" "@RELEASE_DATE@" "@BIND9_VERSION@" "BIND 9"
|
|
.SH NAME
|
|
dnssec-checkds \- DNSSEC delegation consistency checking tool
|
|
.
|
|
.nr rst2man-indent-level 0
|
|
.
|
|
.de1 rstReportMargin
|
|
\\$1 \\n[an-margin]
|
|
level \\n[rst2man-indent-level]
|
|
level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
|
|
-
|
|
\\n[rst2man-indent0]
|
|
\\n[rst2man-indent1]
|
|
\\n[rst2man-indent2]
|
|
..
|
|
.de1 INDENT
|
|
.\" .rstReportMargin pre:
|
|
. RS \\$1
|
|
. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
|
|
. nr rst2man-indent-level +1
|
|
.\" .rstReportMargin post:
|
|
..
|
|
.de UNINDENT
|
|
. RE
|
|
.\" indent \\n[an-margin]
|
|
.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
|
|
.nr rst2man-indent-level -1
|
|
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
|
|
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
|
|
..
|
|
.SH SYNOPSIS
|
|
.sp
|
|
\fBdnssec\-checkds\fP [\fB\-d\fP\fIdig path\fP] [\fB\-D\fP\fIdsfromkey path\fP]
|
|
[\fB\-f\fP\fIfile\fP] [\fB\-l\fP\fIdomain\fP] [\fB\-s\fP\fIfile\fP] {zone}
|
|
.SH DESCRIPTION
|
|
.sp
|
|
\fBdnssec\-checkds\fP verifies the correctness of Delegation Signer (DS)
|
|
resource records for keys in a specified zone.
|
|
.SH OPTIONS
|
|
.sp
|
|
\fB\-a\fP \fIalgorithm\fP
|
|
.INDENT 0.0
|
|
.INDENT 3.5
|
|
Specify a digest algorithm to use when converting the zones DNSKEY
|
|
records to expected DS records. This option can be repeated, so that
|
|
multiple records are checked for each DNSKEY record.
|
|
.sp
|
|
The \fIalgorithm\fP must be one of SHA\-1, SHA\-256, or SHA\-384. These
|
|
values are case insensitive, and the hyphen may be omitted. If no
|
|
algorithm is specified, the default is SHA\-256.
|
|
.UNINDENT
|
|
.UNINDENT
|
|
.sp
|
|
\fB\-f\fP \fIfile\fP
|
|
.INDENT 0.0
|
|
.INDENT 3.5
|
|
If a \fBfile\fP is specified, then the zone is read from that file to
|
|
find the DNSKEY records. If not, then the DNSKEY records for the zone
|
|
are looked up in the DNS.
|
|
.UNINDENT
|
|
.UNINDENT
|
|
.sp
|
|
\fB\-s\fP \fIfile\fP
|
|
.INDENT 0.0
|
|
.INDENT 3.5
|
|
Specifies a prepared dsset file, such as would be generated by
|
|
\fBdnssec\-signzone\fP, to use as a source for the DS RRset instead of
|
|
querying the parent.
|
|
.UNINDENT
|
|
.UNINDENT
|
|
.sp
|
|
\fB\-d\fP \fIdig path\fP
|
|
.INDENT 0.0
|
|
.INDENT 3.5
|
|
Specifies a path to a \fBdig\fP binary. Used for testing.
|
|
.UNINDENT
|
|
.UNINDENT
|
|
.sp
|
|
\fB\-D\fP \fIdsfromkey path\fP
|
|
.INDENT 0.0
|
|
.INDENT 3.5
|
|
Specifies a path to a \fBdnssec\-dsfromkey\fP binary. Used for testing.
|
|
.UNINDENT
|
|
.UNINDENT
|
|
.SH SEE ALSO
|
|
.sp
|
|
\fBdnssec\-dsfromkey\fP(8), \fBdnssec\-keygen\fP(8),
|
|
\fBdnssec\-signzone\fP(8),
|
|
.SH AUTHOR
|
|
Internet Systems Consortium
|
|
.SH COPYRIGHT
|
|
2020, Internet Systems Consortium
|
|
.\" Generated by docutils manpage writer.
|
|
.
|