Skip to content
GitLab
Menu
Projects
Groups
Snippets
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
ISC Open Source Projects
BIND
Commits
529a6b52
Commit
529a6b52
authored
Jul 31, 2000
by
Brian Wellington
Browse files
358. [cleanup] Rename the intermediate files used by the dnssec
programs.
parent
862a026a
Changes
13
Hide whitespace changes
Inline
Side-by-side
CHANGES
View file @
529a6b52
358. [cleanup] Rename the intermediate files used by the dnssec
programs.
357. [bug] The zone file parser crashed when seeing a quoted
$INCLUDE.
...
...
bin/dnssec/dnssec-makekeyset.8
View file @
529a6b52
...
...
@@ -13,7 +13,7 @@
.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.\" $Id: dnssec-makekeyset.8,v 1.
5
2000/07/
27 09:42:33 tale
Exp $
.\" $Id: dnssec-makekeyset.8,v 1.
6
2000/07/
31 15:28:19 bwelling
Exp $
.\"
.Dd Jun 30, 2000
.Dt DNSSEC-MAKEKEYSET 8
...
...
@@ -147,14 +147,14 @@ to print a short summary of its options and arguments.
If
.Nm dnssec-makekeyset
is successful, it creates a file name of the form
.Ar
nnnn.
keyset .
.Ar keyset
-nnnn.
.
This file contains the KEY and SIG records for domain
.Dv nnnn ,
the domain name part from the key file identifier produced when
.Nm dnssec-keygen
created the domain's public and private keys.
The
.Ar
.
keyset
.Ar keyset
file can then be transferred to the DNS administrator of the parent
zone for them to sign the contents with
.Xr dnssec-signkey 8 .
...
...
@@ -174,7 +174,7 @@ the command line when running
.Pp
.Nm dnssec-makekeyset
will create a file called
.Pa example.com.
keyset
.Pa
keyset-
example.com.
containing a SIG and KEY record for
.Dv example.com.
These records will have a TTL of 86400 seconds (1 day).
...
...
@@ -184,7 +184,7 @@ The SIG record becomes valid at noon UTC on July 1st 2000 and expires
The DNS administrator for
.Dv example.com
could then send
.Pa example.com.
keyset
.Pa
keyset-
example.com.
to the DNS administrator for
.Dv .com
so that they could sign the resource records in the file.
...
...
bin/dnssec/dnssec-makekeyset.c
View file @
529a6b52
...
...
@@ -17,7 +17,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dnssec-makekeyset.c,v 1.
29
2000/07/3
0 20:53:49
bwelling Exp $ */
/* $Id: dnssec-makekeyset.c,v 1.
30
2000/07/3
1 15:28:12
bwelling Exp $ */
#include <config.h>
...
...
@@ -103,6 +103,8 @@ usage(void) {
fprintf
(
stderr
,
"
\t\t
SIG end time - "
"absolute|from start|from now (now + 30 days)
\n
"
);
fprintf
(
stderr
,
"
\t
-t ttl
\n
"
);
fprintf
(
stderr
,
"
\t
-p
\n
"
);
fprintf
(
stderr
,
"
\t\t
use pseudorandom data (faster but less secure)
\n
"
);
fprintf
(
stderr
,
"
\t
-r randomdev:
\n
"
);
fprintf
(
stderr
,
"
\t\t
a file containing random data
\n
"
);
fprintf
(
stderr
,
"
\t
-v level:
\n
"
);
...
...
@@ -138,6 +140,8 @@ main(int argc, char *argv[]) {
isc_log_t
*
log
=
NULL
;
keynode_t
*
keynode
;
dns_name_t
*
savedname
=
NULL
;
unsigned
int
eflags
;
isc_boolean_t
pseudorandom
=
ISC_FALSE
;
result
=
isc_mem_create
(
0
,
0
,
&
mctx
);
if
(
result
!=
ISC_R_SUCCESS
)
...
...
@@ -146,7 +150,7 @@ main(int argc, char *argv[]) {
dns_result_register
();
while
((
ch
=
isc_commandline_parse
(
argc
,
argv
,
"s:e:t:r:v:h"
))
!=
-
1
)
while
((
ch
=
isc_commandline_parse
(
argc
,
argv
,
"s:e:t:r:v:
p
h"
))
!=
-
1
)
{
switch
(
ch
)
{
case
's'
:
...
...
@@ -184,6 +188,10 @@ main(int argc, char *argv[]) {
fatal
(
"verbose level must be numeric"
);
break
;
case
'p'
:
pseudorandom
=
ISC_TRUE
;
break
;
case
'h'
:
default:
usage
();
...
...
@@ -200,8 +208,10 @@ main(int argc, char *argv[]) {
setup_entropy
(
mctx
,
randomfile
,
&
ectx
);
if
(
randomfile
!=
NULL
)
isc_mem_free
(
mctx
,
randomfile
);
result
=
dst_lib_init
(
mctx
,
ectx
,
ISC_ENTROPY_BLOCKING
|
ISC_ENTROPY_GOODONLY
);
eflags
=
ISC_ENTROPY_BLOCKING
;
if
(
!
pseudorandom
)
eflags
|=
ISC_ENTROPY_GOODONLY
;
result
=
dst_lib_init
(
mctx
,
ectx
,
eflags
);
if
(
result
!=
ISC_R_SUCCESS
)
fatal
(
"could not initialize dst"
);
...
...
@@ -266,12 +276,12 @@ main(int argc, char *argv[]) {
}
if
(
output
==
NULL
)
{
output
=
isc_mem_allocate
(
mctx
,
strlen
(
namestr
)
+
strlen
(
"keyset"
)
+
1
);
strlen
(
"keyset-"
)
+
strlen
(
namestr
)
+
1
);
if
(
output
==
NULL
)
fatal
(
"out of memory"
);
strcpy
(
output
,
namestr
);
strcat
(
output
,
"keyset"
);
strcpy
(
output
,
"keyset-"
);
strcat
(
output
,
namestr
);
}
if
(
domain
==
NULL
)
{
dns_fixedname_init
(
&
fdomain
);
...
...
bin/dnssec/dnssec-signkey.8
View file @
529a6b52
...
...
@@ -13,7 +13,7 @@
.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.\" $Id: dnssec-signkey.8,v 1.
6
2000/07/
27 09:42:34 tale
Exp $
.\" $Id: dnssec-signkey.8,v 1.
7
2000/07/
31 15:28:20 bwelling
Exp $
.\"
.Dd Jun 30, 2000
.Dt DNSSEC-SIGNKEY 8
...
...
@@ -34,7 +34,7 @@
.Nm dnssec-signkey
is used to sign a key set for a child zone.
Typically this would be provided by a
.Ar
.
keyset
.Ar keyset
file generated by
.Xr dnssec-makekeyset 8 .
This provides a mechanism for a DNSSEC-aware zone to sign the keys of
...
...
@@ -43,7 +43,7 @@ The child zone's key set gets signed with the zone keys for its parent
zone.
.Ar keyset
will be the pathname of the child zone's
.Ar
.
keyset
.Ar keyset
file.
Each
.Ar keyfile
...
...
@@ -102,7 +102,7 @@ The default level is zero.
When
.Nm dnssec-signkey
completes successfully, it generates a file called
.Ar
nnnn.
signedkey
.Ar signedkey
-nnnn.
containing the signed keys for child zone
.Ar nnnn .
The keys from the
...
...
@@ -125,13 +125,13 @@ The DNS administrator for a DNSSEC-aware
zone would use the following command to make
.Nm dnssec-signkey
sign the
.Ar
.
keyset
.Ar keyset
file for
.Dv example.com
created in the example shown in the man page for
.Xr dnssec-makekeyset 8 :
.Pp
.Dl # dnssec-signkey example.com.
keyset
Kcom.+003+51944
.Dl # dnssec-signkey
keyset-
example.com. Kcom.+003+51944
.Pp
where
.Dv Kcom.+003+51944
...
...
@@ -143,7 +143,7 @@ zone.
.Pp
.Nm dnssec-signkey
will produce a file called
.Dv example.com.
signedkey
.Dv
signedkey-
example.com.
which has the keys for
.Dv example.com
signed by the
...
...
bin/dnssec/dnssec-signkey.c
View file @
529a6b52
...
...
@@ -17,7 +17,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dnssec-signkey.c,v 1.2
8
2000/0
6/22 21:49:03 tale
Exp $ */
/* $Id: dnssec-signkey.c,v 1.2
9
2000/0
7/31 15:28:13 bwelling
Exp $ */
#include <config.h>
...
...
@@ -212,14 +212,14 @@ main(int argc, char *argv[]) {
setup_logging
(
verbose
,
mctx
,
&
log
);
if
(
strlen
(
argv
[
0
])
<
8
||
strcmp
(
argv
[
0
]
+
strlen
(
argv
[
0
])
-
7
,
".keyset"
)
!=
0
)
fatal
(
"keyset file must end in .keyset"
);
if
(
strlen
(
argv
[
0
])
<
8
||
strncmp
(
argv
[
0
],
"keyset-"
,
7
)
!=
0
)
fatal
(
"keyset file '%s' must start with keyset-"
,
argv
[
0
]);
dns_fixedname_init
(
&
fdomain
);
domain
=
dns_fixedname_name
(
&
fdomain
);
isc_buffer_init
(
&
b
,
argv
[
0
],
strlen
(
argv
[
0
])
-
7
);
isc_buffer_add
(
&
b
,
strlen
(
argv
[
0
])
-
7
);
isc_buffer_init
(
&
b
,
argv
[
0
]
+
strlen
(
"keyset-"
),
strlen
(
argv
[
0
])
-
strlen
(
"keyset-"
));
isc_buffer_add
(
&
b
,
strlen
(
argv
[
0
])
-
strlen
(
"keyset-"
));
result
=
dns_name_fromtext
(
domain
,
&
b
,
dns_rootname
,
ISC_FALSE
,
NULL
);
if
(
result
!=
ISC_R_SUCCESS
)
fatal
(
"'%s' does not contain a valid domain name"
,
argv
[
0
]);
...
...
@@ -230,11 +230,11 @@ main(int argc, char *argv[]) {
tdomain
[
r
.
length
]
=
0
;
output
=
isc_mem_allocate
(
mctx
,
strlen
(
tdomain
)
+
strlen
(
"signedkey"
)
+
1
);
strlen
(
"signedkey-"
)
+
strlen
(
tdomain
)
+
1
);
if
(
output
==
NULL
)
fatal
(
"out of memory"
);
strcpy
(
output
,
tdomain
);
strcat
(
output
,
"signedkey"
);
strcpy
(
output
,
"signedkey-"
);
strcat
(
output
,
tdomain
);
db
=
NULL
;
result
=
dns_db_create
(
mctx
,
"rbt"
,
domain
,
dns_dbtype_zone
,
...
...
bin/dnssec/dnssec-signzone.8
View file @
529a6b52
...
...
@@ -13,7 +13,7 @@
.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.\" $Id: dnssec-signzone.8,v 1.
8
2000/07/
27 09:42:35 tale
Exp $
.\" $Id: dnssec-signzone.8,v 1.
9
2000/07/
31 15:28:21 bwelling
Exp $
.\"
.Dd Jun 30, 2000
.Dt DNSSEC-SIGNZONE 8
...
...
@@ -40,7 +40,7 @@
.Nm dnssec-signzone
is used to sign a zone.
Any
.Ar
.
signedkey
.Ar signedkey
files for the zone to be signed should be present in the current
directory, along with the keys that will be used to sign the zone.
If no
...
...
@@ -57,7 +57,7 @@ Each
argument would be an identification string for a key created with
.Xr dnssec-keygen 8 .
If the zone to be signed has any secure subzones, the
.Ar
.
signedkey
.Ar signedkey
files for those subzones need to be available in the
current working directory used by
.Nm dnssec-signzone .
...
...
@@ -222,18 +222,14 @@ The zone file for this zone is
which is the same as the origin, so there is no need to use the
.Fl o
option to set the origin.
This zone file contains the keyset for
.Dv example.com
that was created by
.Xr dnssec-makekeyset 8 .
The zone's keys were either appended to the zone file or
incorporated using a
.Dv $INCLUDE
statement.
If there was a
.Ar
.
signedkey
.Ar signedkey
file from the parent zone - i.e.
.Dv example.com.
signedkey
.Dv
signedkey-
example.com.
- it should be present in the current directory.
This allows the parent zone's signature to be included in the signed
version of the
...
...
@@ -258,5 +254,4 @@ so that it can be loaded by the name server.
.Sh SEE ALSO
.Xr RFC2535,
.Xr dnssec-keygen 8 ,
.Xr dnssec-makekeyset 8 ,
.Xr dnssec-signkey 8 .
bin/dnssec/dnssec-signzone.c
View file @
529a6b52
...
...
@@ -17,7 +17,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dnssec-signzone.c,v 1.8
1
2000/0
6/22 21:49:04 tale
Exp $ */
/* $Id: dnssec-signzone.c,v 1.8
2
2000/0
7/31 15:28:14 bwelling
Exp $ */
#include <config.h>
...
...
@@ -512,18 +512,19 @@ importparentsig(dns_db_t *db, dns_dbversion_t *version, dns_dbnode_t *node,
{
unsigned
char
filename
[
256
];
isc_buffer_t
b
;
isc_region_t
r
;
dns_db_t
*
newdb
=
NULL
;
dns_dbnode_t
*
newnode
=
NULL
;
dns_rdataset_t
newset
,
sigset
;
dns_rdata_t
rdata
,
newrdata
;
isc_result_t
result
;
isc_buffer_init
(
&
b
,
filename
,
sizeof
(
filename
)
-
10
);
isc_buffer_init
(
&
b
,
filename
,
sizeof
(
filename
));
isc_buffer_putstr
(
&
b
,
"signedkey-"
);
result
=
dns_name_totext
(
name
,
ISC_FALSE
,
&
b
);
check_result
(
result
,
"dns_name_totext()"
);
isc_buffer_usedregion
(
&
b
,
&
r
);
strcpy
((
char
*
)
r
.
base
+
r
.
length
,
"signedkey"
);
if
(
isc_buffer_availablelength
(
&
b
)
==
0
)
fatal
(
"name '%s' is too long"
,
nametostr
(
name
));
isc_buffer_putmem
(
&
b
,
""
,
1
);
result
=
dns_db_create
(
mctx
,
"rbt"
,
name
,
dns_dbtype_zone
,
dns_db_class
(
db
),
0
,
NULL
,
&
newdb
);
check_result
(
result
,
"dns_db_create()"
);
...
...
@@ -588,7 +589,6 @@ static isc_boolean_t
haschildkey
(
dns_db_t
*
db
,
dns_name_t
*
name
)
{
unsigned
char
filename
[
256
];
isc_buffer_t
b
;
isc_region_t
r
;
dns_db_t
*
newdb
=
NULL
;
dns_dbnode_t
*
newnode
=
NULL
;
dns_rdataset_t
set
,
sigset
;
...
...
@@ -601,11 +601,13 @@ haschildkey(dns_db_t *db, dns_name_t *name) {
dns_rdataset_init
(
&
set
);
dns_rdataset_init
(
&
sigset
);
isc_buffer_init
(
&
b
,
filename
,
sizeof
(
filename
)
-
10
);
isc_buffer_init
(
&
b
,
filename
,
sizeof
(
filename
));
isc_buffer_putstr
(
&
b
,
"signedkey-"
);
result
=
dns_name_totext
(
name
,
ISC_FALSE
,
&
b
);
check_result
(
result
,
"dns_name_totext()"
);
isc_buffer_usedregion
(
&
b
,
&
r
);
strcpy
((
char
*
)
r
.
base
+
r
.
length
,
"signedkey"
);
if
(
isc_buffer_availablelength
(
&
b
)
==
0
)
fatal
(
"name '%s' is too long"
,
nametostr
(
name
));
isc_buffer_putmem
(
&
b
,
""
,
1
);
result
=
dns_db_create
(
mctx
,
"rbt"
,
name
,
dns_dbtype_zone
,
dns_db_class
(
db
),
0
,
NULL
,
&
newdb
);
check_result
(
result
,
"dns_db_create()"
);
...
...
@@ -839,6 +841,10 @@ signname(dns_db_t *db, dns_dbversion_t *version, dns_dbnode_t *node,
signset
(
db
,
version
,
node
,
name
,
&
keyset
);
alreadyhavenullkey:
dns_rdataset_disassociate
(
&
keyset
);
}
else
if
(
isdelegation
)
{
vbprintf
(
2
,
"child key for %s found
\n
"
,
nametostr
(
name
));
}
#endif
}
...
...
bin/tests/system/dnssec/clean.sh
View file @
529a6b52
...
...
@@ -15,9 +15,9 @@
# NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
# WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
# $Id: clean.sh,v 1.
6
2000/07/
27 09:39:19 tale
Exp $
# $Id: clean.sh,v 1.
7
2000/07/
31 15:28:15 bwelling
Exp $
rm
-f
*
/K
*
*
/
.
keyset
*
/
*
.keyset
*
/
*
.
signedkey
*
/
*
.signed
*
/trusted.conf
rm
-f
*
/K
*
*
/keyset
-
*
*
/signedkey
-
*
*
/
*
.signed
*
/trusted.conf
rm
-f
ns1/root.db ns2/example.db ns3/secure.example.db
rm
-f
ns3/unsecure.example.db ns3/bogus.example.db
rm
-f
dig.out.
*
...
...
bin/tests/system/dnssec/ns1/sign.sh
View file @
529a6b52
...
...
@@ -15,7 +15,7 @@
# NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
# WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
# $Id: sign.sh,v 1.
8
2000/07/
27 09:39:24 tale
Exp $
# $Id: sign.sh,v 1.
9
2000/07/
31 15:28:16 bwelling
Exp $
SYSTEMTESTTOP
=
../..
.
$SYSTEMTESTTOP
/conf.sh
...
...
@@ -30,11 +30,11 @@ keyname=`$KEYGEN -a RSA -b 768 -n zone -r $RANDFILE $zone`
(
cd
../ns2
&&
sh sign.sh
)
cp
../ns2/example.
keyset
.
cp
../ns2/
keyset-
example.
.
$KEYSIGNER
-r
$RANDFILE
example.
keyset
$keyname
$KEYSIGNER
-r
$RANDFILE
keyset-
example.
$keyname
cat
example.
signedkey
>>
../ns2/example.db.signed
cat
signedkey
-example.
>>
../ns2/example.db.signed
$KEYSETTOOL
-r
$RANDFILE
-t
3600
$keyname
...
...
bin/tests/system/dnssec/ns2/sign.sh
View file @
529a6b52
...
...
@@ -15,7 +15,7 @@
# NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
# WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
# $Id: sign.sh,v 1.1
1
2000/07/
27 09:39:31 tale
Exp $
# $Id: sign.sh,v 1.1
2
2000/07/
31 15:28:18 bwelling
Exp $
SYSTEMTESTTOP
=
../..
.
$SYSTEMTESTTOP
/conf.sh
...
...
@@ -33,21 +33,21 @@ keyname=`$KEYGEN -r $RANDFILE -a RSA -b 768 -n zone $zone`
(
cd
../ns3
&&
sh sign.sh
)
cp
../ns3/secure.example.
keyset
.
cp
../ns3/
keyset-
secure.example.
.
$KEYSIGNER
-r
$RANDFILE
secure.example.
keyset
$keyname
$KEYSIGNER
-r
$RANDFILE
keyset-
secure.example.
$keyname
# This will leave two copies of the child's zone key in the signed db file;
# that shouldn't cause any problems.
cat
secure.example.
signedkey
>>
../ns3/secure.example.db.signed
cat
signedkey-
secure.example.
>>
../ns3/secure.example.db.signed
cp
../ns3/bogus.example.
keyset
.
cp
../ns3/
keyset-
bogus.example.
.
$KEYSIGNER
-r
$RANDFILE
bogus.example.
keyset
$keyname
$KEYSIGNER
-r
$RANDFILE
keyset-
bogus.example.
$keyname
# This will leave two copies of the child's zone key in the signed db file;
# that shouldn't cause any problems.
cat
bogus.example.
signedkey
>>
../ns3/bogus.example.db.signed
cat
signedkey-
bogus.example.
>>
../ns3/bogus.example.db.signed
$KEYSETTOOL
-r
$RANDFILE
-t
3600
$keyname
...
...
doc/man/dnssec/dnssec-makekeyset.8
View file @
529a6b52
...
...
@@ -13,7 +13,7 @@
.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.\" $Id: dnssec-makekeyset.8,v 1.
5
2000/07/
27 09:42:33 tale
Exp $
.\" $Id: dnssec-makekeyset.8,v 1.
6
2000/07/
31 15:28:19 bwelling
Exp $
.\"
.Dd Jun 30, 2000
.Dt DNSSEC-MAKEKEYSET 8
...
...
@@ -147,14 +147,14 @@ to print a short summary of its options and arguments.
If
.Nm dnssec-makekeyset
is successful, it creates a file name of the form
.Ar
nnnn.
keyset .
.Ar keyset
-nnnn.
.
This file contains the KEY and SIG records for domain
.Dv nnnn ,
the domain name part from the key file identifier produced when
.Nm dnssec-keygen
created the domain's public and private keys.
The
.Ar
.
keyset
.Ar keyset
file can then be transferred to the DNS administrator of the parent
zone for them to sign the contents with
.Xr dnssec-signkey 8 .
...
...
@@ -174,7 +174,7 @@ the command line when running
.Pp
.Nm dnssec-makekeyset
will create a file called
.Pa example.com.
keyset
.Pa
keyset-
example.com.
containing a SIG and KEY record for
.Dv example.com.
These records will have a TTL of 86400 seconds (1 day).
...
...
@@ -184,7 +184,7 @@ The SIG record becomes valid at noon UTC on July 1st 2000 and expires
The DNS administrator for
.Dv example.com
could then send
.Pa example.com.
keyset
.Pa
keyset-
example.com.
to the DNS administrator for
.Dv .com
so that they could sign the resource records in the file.
...
...
doc/man/dnssec/dnssec-signkey.8
View file @
529a6b52
...
...
@@ -13,7 +13,7 @@
.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.\" $Id: dnssec-signkey.8,v 1.
6
2000/07/
27 09:42:34 tale
Exp $
.\" $Id: dnssec-signkey.8,v 1.
7
2000/07/
31 15:28:20 bwelling
Exp $
.\"
.Dd Jun 30, 2000
.Dt DNSSEC-SIGNKEY 8
...
...
@@ -34,7 +34,7 @@
.Nm dnssec-signkey
is used to sign a key set for a child zone.
Typically this would be provided by a
.Ar
.
keyset
.Ar keyset
file generated by
.Xr dnssec-makekeyset 8 .
This provides a mechanism for a DNSSEC-aware zone to sign the keys of
...
...
@@ -43,7 +43,7 @@ The child zone's key set gets signed with the zone keys for its parent
zone.
.Ar keyset
will be the pathname of the child zone's
.Ar
.
keyset
.Ar keyset
file.
Each
.Ar keyfile
...
...
@@ -102,7 +102,7 @@ The default level is zero.
When
.Nm dnssec-signkey
completes successfully, it generates a file called
.Ar
nnnn.
signedkey
.Ar signedkey
-nnnn.
containing the signed keys for child zone
.Ar nnnn .
The keys from the
...
...
@@ -125,13 +125,13 @@ The DNS administrator for a DNSSEC-aware
zone would use the following command to make
.Nm dnssec-signkey
sign the
.Ar
.
keyset
.Ar keyset
file for
.Dv example.com
created in the example shown in the man page for
.Xr dnssec-makekeyset 8 :
.Pp
.Dl # dnssec-signkey example.com.
keyset
Kcom.+003+51944
.Dl # dnssec-signkey
keyset-
example.com. Kcom.+003+51944
.Pp
where
.Dv Kcom.+003+51944
...
...
@@ -143,7 +143,7 @@ zone.
.Pp
.Nm dnssec-signkey
will produce a file called
.Dv example.com.
signedkey
.Dv
signedkey-
example.com.
which has the keys for
.Dv example.com
signed by the
...
...
doc/man/dnssec/dnssec-signzone.8
View file @
529a6b52
...
...
@@ -13,7 +13,7 @@
.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.\" $Id: dnssec-signzone.8,v 1.
8
2000/07/
27 09:42:35 tale
Exp $
.\" $Id: dnssec-signzone.8,v 1.
9
2000/07/
31 15:28:21 bwelling
Exp $
.\"
.Dd Jun 30, 2000
.Dt DNSSEC-SIGNZONE 8
...
...
@@ -40,7 +40,7 @@
.Nm dnssec-signzone
is used to sign a zone.
Any
.Ar
.
signedkey
.Ar signedkey
files for the zone to be signed should be present in the current
directory, along with the keys that will be used to sign the zone.
If no
...
...
@@ -57,7 +57,7 @@ Each
argument would be an identification string for a key created with
.Xr dnssec-keygen 8 .
If the zone to be signed has any secure subzones, the
.Ar
.
signedkey
.Ar signedkey
files for those subzones need to be available in the
current working directory used by
.Nm dnssec-signzone .
...
...
@@ -222,18 +222,14 @@ The zone file for this zone is
which is the same as the origin, so there is no need to use the
.Fl o
option to set the origin.
This zone file contains the keyset for
.Dv example.com
that was created by
.Xr dnssec-makekeyset 8 .
The zone's keys were either appended to the zone file or
incorporated using a
.Dv $INCLUDE
statement.
If there was a
.Ar
.
signedkey
.Ar signedkey
file from the parent zone - i.e.
.Dv example.com.
signedkey
.Dv
signedkey-
example.com.
- it should be present in the current directory.
This allows the parent zone's signature to be included in the signed
version of the
...
...
@@ -258,5 +254,4 @@ so that it can be loaded by the name server.
.Sh SEE ALSO
.Xr RFC2535,
.Xr dnssec-keygen 8 ,
.Xr dnssec-makekeyset 8 ,
.Xr dnssec-signkey 8 .
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment