dnssec-dsfromkey.8 3.47 KB
Newer Older
1 2 3
.\" Copyright (C) 2008 Internet Systems Consortium, Inc. ("ISC")
.\" 
.\" Permission to use, copy, modify, and distribute this software for any
4 5
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
6
.\" 
7 8
.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
9
.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
10 11 12 13 14
.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
15
.\" $Id: dnssec-dsfromkey.8,v 1.6 2009/06/17 06:51:43 each Exp $
16 17 18
.\"
.hy 0
.ad l
19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40
.\"Generated by db2man.xsl. Don't modify this, modify the source.
.de Sh \" Subsection
.br
.if t .Sp
.ne 5
.PP
\fB\\$1\fR
.PP
..
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Ip \" List item
.br
.ie \\n(.$>=3 .ne \\$3
.el .ne 3
.IP "\\$1" \\$2
..
.TH "DNSSEC-DSFROMKEY" 8 "November 29, 2008" "" ""
.SH NAME
dnssec-dsfromkey \- DNSSEC DS RR generation tool
41 42
.SH "SYNOPSIS"
.HP 17
43
\fBdnssec\-dsfromkey\fR [\fB\-v\ \fIlevel\fR\fR] [\fB\-1\fR] [\fB\-2\fR] [\fB\-a\ \fIalg\fR\fR] {keyfile}
44
.HP 17
45
\fBdnssec\-dsfromkey\fR {\-s} [\fB\-v\ \fIlevel\fR\fR] [\fB\-1\fR] [\fB\-2\fR] [\fB\-a\ \fIalg\fR\fR] [\fB\-c\ \fIclass\fR\fR] [\fB\-d\ \fIdir\fR\fR] {dnsname}
46 47
.SH "DESCRIPTION"
.PP
48
\fBdnssec\-dsfromkey\fR outputs the Delegation Signer (DS) resource record (RR), as defined in RFC 3658 and RFC 4509, for the given key(s)\&.
49
.SH "OPTIONS"
50
.TP
51
\-1
52 53
Use SHA\-1 as the digest algorithm (the default is to use both SHA\-1 and SHA\-256)\&.
.TP
54
\-2
55 56
Use SHA\-256 as the digest algorithm\&.
.TP
57
\-a \fIalgorithm\fR
58 59
Select the digest algorithm\&. The value of \fBalgorithm\fR must be one of SHA\-1 (SHA1) or SHA\-256 (SHA256)\&. These values are case insensitive\&.
.TP
60
\-v \fIlevel\fR
61 62 63 64 65
Sets the debugging level\&.
.TP
\-l \fIdomain\fR
Generate a DLV set instead of a DS set\&. The specified \fBdomain\fR is appended to the name for each record in the set\&.
.TP
66
\-s
67 68
Keyset mode: in place of the keyfile name, the argument is the DNS domain name of a keyset file\&. Following options make sense only in this mode\&.
.TP
69
\-c \fIclass\fR
70 71
Specifies the DNS class (default is IN), useful only in the keyset mode\&.
.TP
72
\-d \fIdirectory\fR
73
Look for \fIkeyset\fR files in \fBdirectory\fR as the directory, ignored when not in the keyset mode\&.
74 75
.SH "EXAMPLE"
.PP
76
To build the SHA\-256 DS RR from the \fBKexample\&.com\&.+003+26160\fR keyfile name, the following command would be issued:
77
.PP
78
\fBdnssec\-dsfromkey \-2 Kexample\&.com\&.+003+26160\fR 
79 80 81
.PP
The command would print something like:
.PP
82
\fBexample\&.com\&. IN DS 26160 5 2 3A1EADA7A74B8D0BA86726B0C227AA85AB8BBD2B2004F41A868A54F0 C5EA0B94\fR 
83 84
.SH "FILES"
.PP
85
The keyfile can be designed by the key identification \fIKnnnn\&.+aaa+iiiii\fR or the full file name \fIKnnnn\&.+aaa+iiiii\&.key\fR as generated by dnssec\-keygen(8)\&.
86
.PP
87
The keyset file name is built from the \fBdirectory\fR, the string \fIkeyset\-\fR and the \fBdnsname\fR\&.
88 89
.SH "CAVEAT"
.PP
90
A keyfile error can give a "file not found" even if the file exists\&.
91 92
.SH "SEE ALSO"
.PP
93
\fBdnssec\-keygen\fR(8), \fBdnssec\-signzone\fR(8), BIND 9 Administrator Reference Manual, RFC 3658, RFC 4509\&.
94 95
.SH "AUTHOR"
.PP
96
Internet Systems Consortium