dnssec-dsfromkey.8 3.49 KB
Newer Older
Automatic Updater's avatar
Automatic Updater committed
1 2 3
.\" Copyright (C) 2008  Internet Systems Consortium, Inc. ("ISC")
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
4 5
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
Automatic Updater's avatar
Automatic Updater committed
6
.\"
7 8
.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
Automatic Updater's avatar
Automatic Updater committed
9
.\" AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
10 11 12 13 14
.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
Automatic Updater's avatar
regen  
Automatic Updater committed
15
.\" $Id: dnssec-dsfromkey.8,v 1.5 2008/11/08 01:11:47 tbox Exp $
16 17 18
.\"
.hy 0
.ad l
Automatic Updater's avatar
regen  
Automatic Updater committed
19
.\"     Title: dnssec\-dsfromkey
20
.\"    Author: 
Automatic Updater's avatar
regen  
Automatic Updater committed
21
.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
Automatic Updater's avatar
regen  
Automatic Updater committed
22
.\"      Date: November 29, 2008
23 24 25
.\"    Manual: BIND9
.\"    Source: BIND9
.\"
Automatic Updater's avatar
regen  
Automatic Updater committed
26
.TH "DNSSEC\-DSFROMKEY" "8" "November 29, 2008" "BIND9" "BIND9"
27 28 29 30 31
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.SH "NAME"
Automatic Updater's avatar
regen  
Automatic Updater committed
32
dnssec\-dsfromkey \- DNSSEC DS RR generation tool
33 34 35 36 37 38 39 40
.SH "SYNOPSIS"
.HP 17
\fBdnssec\-dsfromkey\fR [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-1\fR] [\fB\-2\fR] [\fB\-a\ \fR\fB\fIalg\fR\fR] {keyfile}
.HP 17
\fBdnssec\-dsfromkey\fR {\-s} [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-1\fR] [\fB\-2\fR] [\fB\-a\ \fR\fB\fIalg\fR\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-d\ \fR\fB\fIdir\fR\fR] {dnsname}
.SH "DESCRIPTION"
.PP
\fBdnssec\-dsfromkey\fR
Automatic Updater's avatar
regen  
Automatic Updater committed
41
outputs the Delegation Signer (DS) resource record (RR), as defined in RFC 3658 and RFC 4509, for the given key(s).
42 43 44 45
.SH "OPTIONS"
.PP
\-1
.RS 4
Automatic Updater's avatar
regen  
Automatic Updater committed
46
Use SHA\-1 as the digest algorithm (the default is to use both SHA\-1 and SHA\-256).
47 48 49 50
.RE
.PP
\-2
.RS 4
Automatic Updater's avatar
regen  
Automatic Updater committed
51
Use SHA\-256 as the digest algorithm.
52 53 54 55
.RE
.PP
\-a \fIalgorithm\fR
.RS 4
Automatic Updater's avatar
regen  
Automatic Updater committed
56
Select the digest algorithm. The value of
57
\fBalgorithm\fR
Automatic Updater's avatar
regen  
Automatic Updater committed
58
must be one of SHA\-1 (SHA1) or SHA\-256 (SHA256). These values are case insensitive.
59 60 61 62
.RE
.PP
\-v \fIlevel\fR
.RS 4
Automatic Updater's avatar
regen  
Automatic Updater committed
63
Sets the debugging level.
64 65 66 67
.RE
.PP
\-s
.RS 4
Automatic Updater's avatar
regen  
Automatic Updater committed
68
Keyset mode: in place of the keyfile name, the argument is the DNS domain name of a keyset file. Following options make sense only in this mode.
69 70 71 72
.RE
.PP
\-c \fIclass\fR
.RS 4
Automatic Updater's avatar
regen  
Automatic Updater committed
73
Specifies the DNS class (default is IN), useful only in the keyset mode.
74 75 76 77 78 79 80 81
.RE
.PP
\-d \fIdirectory\fR
.RS 4
Look for
\fIkeyset\fR
files in
\fBdirectory\fR
Automatic Updater's avatar
regen  
Automatic Updater committed
82
as the directory, ignored when not in the keyset mode.
83 84 85 86
.RE
.SH "EXAMPLE"
.PP
To build the SHA\-256 DS RR from the
Automatic Updater's avatar
regen  
Automatic Updater committed
87
\fBKexample.com.+003+26160\fR
88 89
keyfile name, the following command would be issued:
.PP
Automatic Updater's avatar
regen  
Automatic Updater committed
90
\fBdnssec\-dsfromkey \-2 Kexample.com.+003+26160\fR
91 92 93
.PP
The command would print something like:
.PP
Automatic Updater's avatar
regen  
Automatic Updater committed
94
\fBexample.com. IN DS 26160 5 2 3A1EADA7A74B8D0BA86726B0C227AA85AB8BBD2B2004F41A868A54F0 C5EA0B94\fR
95 96 97
.SH "FILES"
.PP
The keyfile can be designed by the key identification
Automatic Updater's avatar
regen  
Automatic Updater committed
98
\fIKnnnn.+aaa+iiiii\fR
99
or the full file name
Automatic Updater's avatar
regen  
Automatic Updater committed
100
\fIKnnnn.+aaa+iiiii.key\fR
Automatic Updater's avatar
regen  
Automatic Updater committed
101
as generated by
Automatic Updater's avatar
regen  
Automatic Updater committed
102
dnssec\-keygen(8).
103 104 105 106 107
.PP
The keyset file name is built from the
\fBdirectory\fR, the string
\fIkeyset\-\fR
and the
Automatic Updater's avatar
regen  
Automatic Updater committed
108
\fBdnsname\fR.
109 110
.SH "CAVEAT"
.PP
Automatic Updater's avatar
regen  
Automatic Updater committed
111
A keyfile error can give a "file not found" even if the file exists.
112 113
.SH "SEE ALSO"
.PP
Automatic Updater's avatar
regen  
Automatic Updater committed
114 115
\fBdnssec\-keygen\fR(8),
\fBdnssec\-signzone\fR(8),
116 117
BIND 9 Administrator Reference Manual,
RFC 3658,
Automatic Updater's avatar
regen  
Automatic Updater committed
118
RFC 4509.
119 120 121 122 123 124
.SH "AUTHOR"
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
Copyright \(co 2008 Internet Systems Consortium, Inc. ("ISC")
.br