DNSSEC policy can be read from a configuration file (default
/etc/dnssec\&.policy), from which the key parameters, publication and rollover schedule, and desired coverage duration for any given zone can be determined\&. This file may be used to define individual DNSSEC policies on a per\-zone basis, or to set a default policy used for all zones\&.
/etc/dnssec\-policy\&.conf), from which the key parameters, publication and rollover schedule, and desired coverage duration for any given zone can be determined\&. This file may be used to define individual DNSSEC policies on a per\-zone basis, or to set a default policy used for all zones\&.
.PP
When
\fBdnssec\-keymgr\fR
...
...
@@ -79,7 +79,7 @@ If
\fB\-c\fR
is specified, then the DNSSEC policy is read from
\fBfile\fR\&. (If not specified, then the policy is read from
/etc/policy\&.conf; if that file doesn\*(Aqt exist, a built\-in global default policy is used\&.)
/etc/dnssec\-policy\&.conf; if that file doesn\*(Aqt exist, a built\-in global default policy is used\&.)
<spanclass="refentrytitle"><ahref="man.delv.html">delv</a></span><spanclass="refpurpose">— DNS lookup and validation utility</span>
</dt>
<dt>
<spanclass="refentrytitle"><ahref="man.nslookup.html">nslookup</a></span><spanclass="refpurpose">— query Internet name servers interactively</span>
<spanclass="refentrytitle"><ahref="man.dnssec-keymgr.html"><spanclass="application">dnssec-keymgr</span></a></span><spanclass="refpurpose">— Ensures correct DNSKEY coverage for a zone based on a defined policy</span>
</dt>
<dt>
<spanclass="refentrytitle"><ahref="man.dnssec-revoke.html"><spanclass="application">dnssec-revoke</span></a></span><spanclass="refpurpose">— set the REVOKED bit on a DNSSEC key</span>
<spanclass="refentrytitle"><ahref="man.delv.html">delv</a></span><spanclass="refpurpose">— DNS lookup and validation utility</span>
</dt>
<dt>
<spanclass="refentrytitle"><ahref="man.nslookup.html">nslookup</a></span><spanclass="refpurpose">— query Internet name servers interactively</span>
<spanclass="refentrytitle"><ahref="man.dnssec-keymgr.html"><spanclass="application">dnssec-keymgr</span></a></span><spanclass="refpurpose">— Ensures correct DNSKEY coverage for a zone based on a defined policy</span>
</dt>
<dt>
<spanclass="refentrytitle"><ahref="man.dnssec-revoke.html"><spanclass="application">dnssec-revoke</span></a></span><spanclass="refpurpose">— set the REVOKED bit on a DNSSEC key</span>