6318052d9e
lots of new features compared to 9.4.x, including: Full NSEC3 support Automatic zone re-signing New update-policy methods tcp-self and 6to4-self DHCID support. More detailed statistics counters including those supported in BIND 8. Faster ACL processing. Efficient LRU cache-cleaning mechanism. NSID support.
125 lines
3.5 KiB
Groff
125 lines
3.5 KiB
Groff
.\" Copyright (C) 2008 Internet Systems Consortium, Inc. ("ISC")
|
|
.\"
|
|
.\" Permission to use, copy, modify, and/or distribute this software for any
|
|
.\" purpose with or without fee is hereby granted, provided that the above
|
|
.\" copyright notice and this permission notice appear in all copies.
|
|
.\"
|
|
.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
|
|
.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
|
|
.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
|
|
.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
|
|
.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
|
|
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
|
|
.\" PERFORMANCE OF THIS SOFTWARE.
|
|
.\"
|
|
.\" $Id: dnssec-dsfromkey.8,v 1.5 2008/11/08 01:11:47 tbox Exp $
|
|
.\"
|
|
.hy 0
|
|
.ad l
|
|
.\" Title: dnssec\-dsfromkey
|
|
.\" Author:
|
|
.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
|
|
.\" Date: November 29, 2008
|
|
.\" Manual: BIND9
|
|
.\" Source: BIND9
|
|
.\"
|
|
.TH "DNSSEC\-DSFROMKEY" "8" "November 29, 2008" "BIND9" "BIND9"
|
|
.\" disable hyphenation
|
|
.nh
|
|
.\" disable justification (adjust text to left margin only)
|
|
.ad l
|
|
.SH "NAME"
|
|
dnssec\-dsfromkey \- DNSSEC DS RR generation tool
|
|
.SH "SYNOPSIS"
|
|
.HP 17
|
|
\fBdnssec\-dsfromkey\fR [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-1\fR] [\fB\-2\fR] [\fB\-a\ \fR\fB\fIalg\fR\fR] {keyfile}
|
|
.HP 17
|
|
\fBdnssec\-dsfromkey\fR {\-s} [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-1\fR] [\fB\-2\fR] [\fB\-a\ \fR\fB\fIalg\fR\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-d\ \fR\fB\fIdir\fR\fR] {dnsname}
|
|
.SH "DESCRIPTION"
|
|
.PP
|
|
\fBdnssec\-dsfromkey\fR
|
|
outputs the Delegation Signer (DS) resource record (RR), as defined in RFC 3658 and RFC 4509, for the given key(s).
|
|
.SH "OPTIONS"
|
|
.PP
|
|
\-1
|
|
.RS 4
|
|
Use SHA\-1 as the digest algorithm (the default is to use both SHA\-1 and SHA\-256).
|
|
.RE
|
|
.PP
|
|
\-2
|
|
.RS 4
|
|
Use SHA\-256 as the digest algorithm.
|
|
.RE
|
|
.PP
|
|
\-a \fIalgorithm\fR
|
|
.RS 4
|
|
Select the digest algorithm. The value of
|
|
\fBalgorithm\fR
|
|
must be one of SHA\-1 (SHA1) or SHA\-256 (SHA256). These values are case insensitive.
|
|
.RE
|
|
.PP
|
|
\-v \fIlevel\fR
|
|
.RS 4
|
|
Sets the debugging level.
|
|
.RE
|
|
.PP
|
|
\-s
|
|
.RS 4
|
|
Keyset mode: in place of the keyfile name, the argument is the DNS domain name of a keyset file. Following options make sense only in this mode.
|
|
.RE
|
|
.PP
|
|
\-c \fIclass\fR
|
|
.RS 4
|
|
Specifies the DNS class (default is IN), useful only in the keyset mode.
|
|
.RE
|
|
.PP
|
|
\-d \fIdirectory\fR
|
|
.RS 4
|
|
Look for
|
|
\fIkeyset\fR
|
|
files in
|
|
\fBdirectory\fR
|
|
as the directory, ignored when not in the keyset mode.
|
|
.RE
|
|
.SH "EXAMPLE"
|
|
.PP
|
|
To build the SHA\-256 DS RR from the
|
|
\fBKexample.com.+003+26160\fR
|
|
keyfile name, the following command would be issued:
|
|
.PP
|
|
\fBdnssec\-dsfromkey \-2 Kexample.com.+003+26160\fR
|
|
.PP
|
|
The command would print something like:
|
|
.PP
|
|
\fBexample.com. IN DS 26160 5 2 3A1EADA7A74B8D0BA86726B0C227AA85AB8BBD2B2004F41A868A54F0 C5EA0B94\fR
|
|
.SH "FILES"
|
|
.PP
|
|
The keyfile can be designed by the key identification
|
|
\fIKnnnn.+aaa+iiiii\fR
|
|
or the full file name
|
|
\fIKnnnn.+aaa+iiiii.key\fR
|
|
as generated by
|
|
dnssec\-keygen(8).
|
|
.PP
|
|
The keyset file name is built from the
|
|
\fBdirectory\fR, the string
|
|
\fIkeyset\-\fR
|
|
and the
|
|
\fBdnsname\fR.
|
|
.SH "CAVEAT"
|
|
.PP
|
|
A keyfile error can give a "file not found" even if the file exists.
|
|
.SH "SEE ALSO"
|
|
.PP
|
|
\fBdnssec\-keygen\fR(8),
|
|
\fBdnssec\-signzone\fR(8),
|
|
BIND 9 Administrator Reference Manual,
|
|
RFC 3658,
|
|
RFC 4509.
|
|
.SH "AUTHOR"
|
|
.PP
|
|
Internet Systems Consortium
|
|
.SH "COPYRIGHT"
|
|
Copyright \(co 2008 Internet Systems Consortium, Inc. ("ISC")
|
|
.br
|