man.dnssec-settime.html 8.52 KB
Newer Older
Automatic Updater's avatar
Automatic Updater committed
1
<!--
Automatic Updater's avatar
regen  
Automatic Updater committed
2 3 4
 - Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
 - Copyright (C) 2000-2003 Internet Software Consortium.
 - 
Automatic Updater's avatar
Automatic Updater committed
5 6 7
 - Permission to use, copy, modify, and/or distribute this software for any
 - purpose with or without fee is hereby granted, provided that the above
 - copyright notice and this permission notice appear in all copies.
Automatic Updater's avatar
regen  
Automatic Updater committed
8
 - 
Automatic Updater's avatar
Automatic Updater committed
9 10
 - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
 - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
Automatic Updater's avatar
regen  
Automatic Updater committed
11
 - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
Automatic Updater's avatar
Automatic Updater committed
12 13 14 15 16
 - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
 - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
 - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 - PERFORMANCE OF THIS SOFTWARE.
-->
Automatic Updater's avatar
regen  
Automatic Updater committed
17
<!-- $Id: man.dnssec-settime.html,v 1.5 2009/08/27 01:14:39 tbox Exp $ -->
Automatic Updater's avatar
Automatic Updater committed
18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>dnssec-settime</title>
<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="up" href="Bv9ARM.ch10.html" title="Manual pages">
<link rel="prev" href="man.dnssec-revoke.html" title="dnssec-revoke">
<link rel="next" href="man.dnssec-signzone.html" title="dnssec-signzone">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
<div class="navheader">
<table width="100%" summary="Navigation header">
<tr><th colspan="3" align="center"><span class="application">dnssec-settime</span></th></tr>
<tr>
<td width="20%" align="left">
<a accesskey="p" href="man.dnssec-revoke.html">Prev</a> </td>
<th width="60%" align="center">Manual pages</th>
<td width="20%" align="right"> <a accesskey="n" href="man.dnssec-signzone.html">Next</a>
</td>
</tr>
</table>
<hr>
</div>
<div class="refentry" lang="en">
<a name="man.dnssec-settime"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p><span class="application">dnssec-settime</span> &#8212; Set the key timing metadata for a DNSSEC key</p>
</div>
<div class="refsynopsisdiv">
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p><code class="command">dnssec-settime</code>  [<code class="option">-fr</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-U <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-h</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {keyfile}</p></div>
</div>
<div class="refsect1" lang="en">
Automatic Updater's avatar
regen  
Automatic Updater committed
53
<a name="id2608986"></a><h2>DESCRIPTION</h2>
Automatic Updater's avatar
Automatic Updater committed
54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77
<p><span><strong class="command">dnssec-settime</strong></span>
      reads a DNSSEC private key file and sets the key timing metadata
      as specified by the <code class="option">-P</code>, <code class="option">-A</code>,
      <code class="option">-R</code>, <code class="option">-U</code>, and <code class="option">-D</code>
      options.  The metadata can then be used by
      <span><strong class="command">dnssec-signzone</strong></span> or other signing software to
      determine when a key is to be published, whether it should be
      used for signing a zone, etc.
    </p>
<p>
      If none of these options is set on the command line,
      then <span><strong class="command">dnssec-settime</strong></span> simply prints the key timing
      metadata already stored in the key.
    </p>
<p>
      When key metadata fields are changed, both files of a key
      pair (<code class="filename">Knnnn.+aaa+iiiii.key</code> and
      <code class="filename">Knnnn.+aaa+iiiii.private</code>) are regenerated.
      Metadata fields are stored in the private file.  A human-readable
      description of the metadata is also placed in comments in the key
      file.
    </p>
</div>
<div class="refsect1" lang="en">
Automatic Updater's avatar
regen  
Automatic Updater committed
78
<a name="id2609045"></a><h2>OPTIONS</h2>
Automatic Updater's avatar
Automatic Updater committed
79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103
<div class="variablelist"><dl>
<dt><span class="term">-f</span></dt>
<dd><p>
	    Force an update of an old-format key with no metadata fields.
            Without this option, <span><strong class="command">dnssec-settime</strong></span> will
            fail when attempting to update a legacy key.  With this option,
            the key will be recreated in the new format, but with the
            original key data retained.  The key's creation date will be
            set to the present time. 
	  </p></dd>
<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
<dd><p>
            Sets the directory in which the key files are to reside.
          </p></dd>
<dt><span class="term">-h</span></dt>
<dd><p>
	    Emit usage message and exit.
	  </p></dd>
<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
<dd><p>
            Sets the debugging level.
          </p></dd>
</dl></div>
</div>
<div class="refsect1" lang="en">
Automatic Updater's avatar
regen  
Automatic Updater committed
104
<a name="id2609122"></a><h2>TIMING OPTIONS</h2>
Automatic Updater's avatar
Automatic Updater committed
105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148
<p>
      Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
      If the argument begins with a '+' or '-', it is interpreted as
      an offset from the present time.  If such an offset is followed
      by one of the characters 'y', 'm', 'w', 'd', or 'h', then the
      offset is computed in years, months, weeks, days, or hours,
      respectively; otherwise it is computed in seconds.
    </p>
<div class="variablelist"><dl>
<dt><span class="term">-P <em class="replaceable"><code>date/offset</code></em></span></dt>
<dd><p>
            Sets the date on which a key is to be published to the zone.
            After that date, the key will be included in the zone but will
            not be used to sign it.
          </p></dd>
<dt><span class="term">-A <em class="replaceable"><code>date/offset</code></em></span></dt>
<dd><p>
            Sets the date on which the key is to be activated.  After that
            date, the key will be included and the zone and used to sign
            it.
          </p></dd>
<dt><span class="term">-R <em class="replaceable"><code>date/offset</code></em></span></dt>
<dd><p>
            Sets the date on which the key is to be revoked.  After that
            date, the key will be flagged as revoked.  It will be included
            in the zone and will be used to sign it.
          </p></dd>
<dt><span class="term">-U <em class="replaceable"><code>date/offset</code></em></span></dt>
<dd><p>
            Sets the date on which the key is to be unpublished.  After that
            date, the key will no longer be included in the zone, but it
            may remain in the key repository.
          </p></dd>
<dt><span class="term">-D <em class="replaceable"><code>date/offset</code></em></span></dt>
<dd><p>
            Sets the date on which the key is to be deleted.  After that
            date, the key can be removed from the key repository.
            NOTE: Keys are not currently deleted automatically; this field
            is included for informational purposes and for future
            development.
          </p></dd>
</dl></div>
</div>
<div class="refsect1" lang="en">
Automatic Updater's avatar
regen  
Automatic Updater committed
149
<a name="id2609288"></a><h2>SEE ALSO</h2>
Automatic Updater's avatar
Automatic Updater committed
150 151 152 153 154 155 156
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
      <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
      <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
      <em class="citetitle">RFC 5011</em>.
    </p>
</div>
<div class="refsect1" lang="en">
Automatic Updater's avatar
regen  
Automatic Updater committed
157
<a name="id2609321"></a><h2>AUTHOR</h2>
Automatic Updater's avatar
Automatic Updater committed
158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182
<p><span class="corpauthor">Internet Systems Consortium</span>
    </p>
</div>
</div>
<div class="navfooter">
<hr>
<table width="100%" summary="Navigation footer">
<tr>
<td width="40%" align="left">
<a accesskey="p" href="man.dnssec-revoke.html">Prev</a> </td>
<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch10.html">Up</a></td>
<td width="40%" align="right"> <a accesskey="n" href="man.dnssec-signzone.html">Next</a>
</td>
</tr>
<tr>
<td width="40%" align="left" valign="top">
<span class="application">dnssec-revoke</span> </td>
<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
<td width="40%" align="right" valign="top"> <span class="application">dnssec-signzone</span>
</td>
</tr>
</table>
</div>
</body>
</html>