ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
Files
b82ff5b738bfd2829c16a2d8ad086c86f8bd2beb
bind9/doc/man/dnssec-dsfromkey.1in
Michal Nowak 4419606c9d Revise installation locations for BIND binaries 
Move BIND binaries which are neither daemons nor administrative programs
to $bindir.  This results in only the following binaries being left in
$sbindir:

  - ddns-confgen
  - named
  - rndc
  - rndc-confgen
  - tsig-confgen
2020-06-04 13:19:23 +02:00

150 lines
4.8 KiB
Plaintext
Raw Blame History

.\" Man page generated from reStructuredText.
.
.TH "DNSSEC-DSFROMKEY" "1" "@RELEASE_DATE@" "@PACKAGE_VERSION@" "BIND 9"
.SH NAME
dnssec-dsfromkey \- DNSSEC DS RR generation tool
.
.nr rst2man-indent-level 0
.
.de1 rstReportMargin
\\$1 \\n[an-margin]
level \\n[rst2man-indent-level]
level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
-
\\n[rst2man-indent0]
\\n[rst2man-indent1]
\\n[rst2man-indent2]
..
.de1 INDENT
.\" .rstReportMargin pre:
. RS \\$1
. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
. nr rst2man-indent-level +1
.\" .rstReportMargin post:
..
.de UNINDENT
. RE
.\" indent \\n[an-margin]
.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
.nr rst2man-indent-level -1
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.SH SYNOPSIS
.sp
\fBdnssec\-dsfromkey\fP [ \fB\-1\fP | \fB\-2\fP | \fB\-a\fP alg ] [ \fB\-C\fP ] [\fB\-T\fP TTL] [\fB\-v\fP level] [\fB\-K\fP directory] {keyfile}
.sp
\fBdnssec\-dsfromkey\fP [ \fB\-1\fP | \fB\-2\fP | \fB\-a\fP alg ] [ \fB\-C\fP ] [\fB\-T\fP TTL] [\fB\-v\fP level] [\fB\-c\fP class] [\fB\-A\fP] {\fB\-f\fP file} [dnsname]
.sp
\fBdnssec\-dsfromkey\fP [ \fB\-1\fP | \fB\-2\fP | \fB\-a\fP alg ] [ \fB\-C\fP ] [\fB\-T\fP TTL] [\fB\-v\fP level] [\fB\-c\fP class] [\fB\-K\fP directory] {\fB\-s\fP} {dnsname}
.sp
\fBdnssec\-dsfromkey\fP [ \fB\-h\fP | \fB\-V\fP ]
.SH DESCRIPTION
.sp
The \fBdnssec\-dsfromkey\fP command outputs DS (Delegation Signer) resource records
(RRs), or CDS (Child DS) RRs with the \fB\-C\fP option.
.sp
The input keys can be specified in a number of ways:
.sp
By default, \fBdnssec\-dsfromkey\fP reads a key file named like
\fBKnnnn.+aaa+iiiii.key\fP, as generated by \fBdnssec\-keygen\fP\&.
.sp
With the \fB\-f file\fP option, \fBdnssec\-dsfromkey\fP reads keys from a zone
file or partial zone file (which can contain just the DNSKEY records).
.sp
With the \fB\-s\fP option, \fBdnssec\-dsfromkey\fP reads a \fBkeyset\-\fP file,
as generated by \fBdnssec\-keygen\fP \fB\-C\fP\&.
.SH OPTIONS
.INDENT 0.0
.TP
\fB\-1\fP
An abbreviation for \fB\-a SHA1\fP
.TP
\fB\-2\fP
An abbreviation for \fB\-a SHA\-256\fP
.TP
\fB\-a\fP algorithm
Specify a digest algorithm to use when converting DNSKEY records to
DS records. This option can be repeated, so that multiple DS records
are created for each DNSKEY record.
.sp
The algorithm must be one of SHA\-1, SHA\-256, or SHA\-384. These values
are case insensitive, and the hyphen may be omitted. If no algorithm
is specified, the default is SHA\-256.
.TP
\fB\-A\fP
Include ZSKs when generating DS records. Without this option, only
keys which have the KSK flag set will be converted to DS records and
printed. Useful only in \fB\-f\fP zone file mode.
.TP
\fB\-c\fP class
Specifies the DNS class (default is IN). Useful only in \fB\-s\fP keyset
or \fB\-f\fP zone file mode.
.TP
\fB\-C\fP
Generate CDS records rather than DS records.
.TP
\fB\-f\fP file
Zone file mode: \fBdnssec\-dsfromkey\fP\(aqs final dnsname argument is the
DNS domain name of a zone whose master file can be read from
\fBfile\fP\&. If the zone name is the same as \fBfile\fP, then it may be
omitted.
.sp
If file is \fB"\-"\fP, then the zone data is read from the standard
input. This makes it possible to use the output of the \fBdig\fP
command as input, as in:
.sp
\fBdig dnskey example.com | dnssec\-dsfromkey \-f \- example.com\fP
.TP
\fB\-h\fP
Prints usage information.
.TP
\fB\-K\fP directory
Look for key files or \fBkeyset\-\fP files in \fBdirectory\fP\&.
.TP
\fB\-s\fP
Keyset mode: \fBdnssec\-dsfromkey\fP\(aqs final dnsname argument is the DNS
domain name used to locate a \fBkeyset\-\fP file.
.TP
\fB\-T\fP TTL
Specifies the TTL of the DS records. By default the TTL is omitted.
.TP
\fB\-v\fP level
Sets the debugging level.
.TP
\fB\-V\fP
Prints version information.
.UNINDENT
.SH EXAMPLE
.sp
To build the SHA\-256 DS RR from the \fBKexample.com.+003+26160\fP keyfile
name, you can issue the following command:
.sp
\fBdnssec\-dsfromkey \-2 Kexample.com.+003+26160\fP
.sp
The command would print something like:
.sp
\fBexample.com. IN DS 26160 5 2 3A1EADA7A74B8D0BA86726B0C227AA85AB8BBD2B2004F41A868A54F0C5EA0B94\fP
.SH FILES
.sp
The keyfile can be designated by the key identification
\fBKnnnn.+aaa+iiiii\fP or the full file name \fBKnnnn.+aaa+iiiii.key\fP as
generated by dnssec\-keygen8.
.sp
The keyset file name is built from the \fBdirectory\fP, the string
\fBkeyset\-\fP and the \fBdnsname\fP\&.
.SH CAVEAT
.sp
A keyfile error can give a "file not found" even if the file exists.
.SH SEE ALSO
.sp
\fBdnssec\-keygen(8)\fP, \fBdnssec\-signzone(8)\fP, BIND 9 Administrator Reference Manual,
\fI\%RFC 3658\fP (DS RRs), \fI\%RFC 4509\fP (SHA\-256 for DS RRs),
\fI\%RFC 6605\fP (SHA\-384 for DS RRs), \fI\%RFC 7344\fP (CDS and CDNSKEY RRs).
.SH AUTHOR
Internet Systems Consortium
.SH COPYRIGHT
2020, Internet Systems Consortium
.\" Generated by docutils manpage writer.
.
View Git Blame Copy Permalink