2012-06-28 03:06:00 -04:00
|
|
|
<!--
|
2018-02-23 03:53:12 -05:00
|
|
|
- Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
2012-06-28 03:06:00 -04:00
|
|
|
-
|
2016-06-27 00:56:38 -04:00
|
|
|
- This Source Code Form is subject to the terms of the Mozilla Public
|
|
|
|
|
- License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
|
|
|
- file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
2018-02-23 03:53:12 -05:00
|
|
|
-
|
|
|
|
|
- See the COPYRIGHT file distributed with this work for additional
|
|
|
|
|
- information regarding copyright ownership.
|
2012-06-28 03:06:00 -04:00
|
|
|
-->
|
2015-10-06 01:45:21 -04:00
|
|
|
|
2015-10-06 00:59:35 -04:00
|
|
|
<!-- Converted by db4-upgrade version 1.0 -->
|
2016-12-06 18:49:55 -05:00
|
|
|
<refentry xmlns:db="http://docbook.org/ns/docbook" version="5.0" xml:id="man.dnssec-checkds">
|
2015-10-06 00:59:35 -04:00
|
|
|
<info>
|
|
|
|
|
<date>2013-01-01</date>
|
|
|
|
|
</info>
|
2012-06-28 03:06:00 -04:00
|
|
|
<refentryinfo>
|
2015-10-06 00:59:35 -04:00
|
|
|
<corpname>ISC</corpname>
|
|
|
|
|
<corpauthor>Internet Systems Consortium, Inc.</corpauthor>
|
2012-06-28 03:06:00 -04:00
|
|
|
</refentryinfo>
|
|
|
|
|
|
|
|
|
|
<refmeta>
|
|
|
|
|
<refentrytitle><application>dnssec-checkds</application></refentrytitle>
|
|
|
|
|
<manvolnum>8</manvolnum>
|
|
|
|
|
<refmiscinfo>BIND9</refmiscinfo>
|
|
|
|
|
</refmeta>
|
|
|
|
|
|
|
|
|
|
<refnamediv>
|
2012-11-25 17:44:26 -05:00
|
|
|
<refname><application>dnssec-checkds</application></refname>
|
2015-11-05 13:01:07 -05:00
|
|
|
<refpurpose>DNSSEC delegation consistency checking tool</refpurpose>
|
2012-06-28 03:06:00 -04:00
|
|
|
</refnamediv>
|
|
|
|
|
|
|
|
|
|
<docinfo>
|
|
|
|
|
<copyright>
|
|
|
|
|
<year>2012</year>
|
2013-01-01 18:45:47 -05:00
|
|
|
<year>2013</year>
|
2014-02-27 18:46:22 -05:00
|
|
|
<year>2014</year>
|
2015-10-06 19:45:23 -04:00
|
|
|
<year>2015</year>
|
2016-06-27 00:56:38 -04:00
|
|
|
<year>2016</year>
|
2017-10-03 19:45:48 -04:00
|
|
|
<year>2017</year>
|
2018-02-23 03:53:12 -05:00
|
|
|
<year>2018</year>
|
2019-01-01 18:20:43 -05:00
|
|
|
<year>2019</year>
|
2012-06-28 03:06:00 -04:00
|
|
|
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
|
|
|
|
|
</copyright>
|
|
|
|
|
</docinfo>
|
|
|
|
|
|
|
|
|
|
<refsynopsisdiv>
|
2015-10-06 00:59:35 -04:00
|
|
|
<cmdsynopsis sepchar=" ">
|
2012-11-25 17:44:26 -05:00
|
|
|
<command>dnssec-checkds</command>
|
2015-10-06 00:59:35 -04:00
|
|
|
<arg choice="opt" rep="norepeat"><option>-d <replaceable class="parameter">dig path</replaceable></option></arg>
|
|
|
|
|
<arg choice="opt" rep="norepeat"><option>-D <replaceable class="parameter">dsfromkey path</replaceable></option></arg>
|
|
|
|
|
<arg choice="opt" rep="norepeat"><option>-f <replaceable class="parameter">file</replaceable></option></arg>
|
2017-10-27 00:05:11 -04:00
|
|
|
<arg choice="opt" rep="norepeat"><option>-l <replaceable class="parameter">domain</replaceable></option></arg>
|
|
|
|
|
<arg choice="opt" rep="norepeat"><option>-s <replaceable class="parameter">file</replaceable></option></arg>
|
2015-10-06 00:59:35 -04:00
|
|
|
<arg choice="req" rep="norepeat">zone</arg>
|
2017-10-27 00:05:11 -04:00
|
|
|
</cmdsynopsis>
|
2012-06-28 03:06:00 -04:00
|
|
|
</refsynopsisdiv>
|
|
|
|
|
|
2015-10-06 00:59:35 -04:00
|
|
|
<refsection><info><title>DESCRIPTION</title></info>
|
2015-10-22 01:09:46 -04:00
|
|
|
|
2012-06-28 03:06:00 -04:00
|
|
|
<para><command>dnssec-checkds</command>
|
|
|
|
|
verifies the correctness of Delegation Signer (DS) or DNSSEC
|
|
|
|
|
Lookaside Validation (DLV) resource records for keys in a specified
|
|
|
|
|
zone.
|
|
|
|
|
</para>
|
2015-10-06 00:59:35 -04:00
|
|
|
</refsection>
|
2012-06-28 03:06:00 -04:00
|
|
|
|
2015-10-06 00:59:35 -04:00
|
|
|
<refsection><info><title>OPTIONS</title></info>
|
2015-10-22 01:09:46 -04:00
|
|
|
|
2012-06-28 03:06:00 -04:00
|
|
|
<variablelist>
|
2019-02-04 08:46:51 -05:00
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
|
<term>-a <replaceable class="parameter">algorithm</replaceable></term>
|
|
|
|
|
<listitem>
|
|
|
|
|
<para>
|
|
|
|
|
Specify a digest algorithm to use when converting the
|
|
|
|
|
zone's DNSKEY records to expected DS or DLV records. This
|
|
|
|
|
option can be repeated, so that multiple records are
|
|
|
|
|
checked for each DNSKEY record.
|
|
|
|
|
</para>
|
|
|
|
|
<para>
|
|
|
|
|
The <replaceable>algorithm</replaceable> must be one of
|
|
|
|
|
SHA-1, SHA-256, or SHA-384. These values are case insensitive,
|
|
|
|
|
and the hyphen may be omitted. If no algorithm is specified,
|
|
|
|
|
the default is SHA-256.
|
|
|
|
|
</para>
|
|
|
|
|
</listitem>
|
|
|
|
|
</varlistentry>
|
|
|
|
|
|
2012-06-28 03:06:00 -04:00
|
|
|
<varlistentry>
|
|
|
|
|
<term>-f <replaceable class="parameter">file</replaceable></term>
|
|
|
|
|
<listitem>
|
|
|
|
|
<para>
|
|
|
|
|
If a <option>file</option> is specified, then the zone is
|
|
|
|
|
read from that file to find the DNSKEY records. If not,
|
|
|
|
|
then the DNSKEY records for the zone are looked up in the DNS.
|
|
|
|
|
</para>
|
|
|
|
|
</listitem>
|
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
|
<term>-l <replaceable class="parameter">domain</replaceable></term>
|
|
|
|
|
<listitem>
|
|
|
|
|
<para>
|
2015-10-22 01:09:46 -04:00
|
|
|
Check for a DLV record in the specified lookaside domain,
|
2012-06-28 03:06:00 -04:00
|
|
|
instead of checking for a DS record in the zone's parent.
|
|
|
|
|
</para>
|
|
|
|
|
</listitem>
|
|
|
|
|
</varlistentry>
|
|
|
|
|
|
2017-10-27 00:05:11 -04:00
|
|
|
<varlistentry>
|
|
|
|
|
<term>-s <replaceable class="parameter">file</replaceable></term>
|
|
|
|
|
<listitem>
|
|
|
|
|
<para>
|
|
|
|
|
Specifies a prepared dsset file, such as would be generated
|
|
|
|
|
by <command>dnssec-signzone</command>, to use as a source for
|
|
|
|
|
the DS RRset instead of querying the parent.
|
|
|
|
|
</para>
|
|
|
|
|
</listitem>
|
|
|
|
|
</varlistentry>
|
|
|
|
|
|
2012-06-28 03:06:00 -04:00
|
|
|
<varlistentry>
|
|
|
|
|
<term>-d <replaceable class="parameter">dig path</replaceable></term>
|
|
|
|
|
<listitem>
|
|
|
|
|
<para>
|
|
|
|
|
Specifies a path to a <command>dig</command> binary. Used
|
|
|
|
|
for testing.
|
|
|
|
|
</para>
|
|
|
|
|
</listitem>
|
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
|
<term>-D <replaceable class="parameter">dsfromkey path</replaceable></term>
|
|
|
|
|
<listitem>
|
|
|
|
|
<para>
|
|
|
|
|
Specifies a path to a <command>dnssec-dsfromkey</command> binary.
|
|
|
|
|
Used for testing.
|
|
|
|
|
</para>
|
|
|
|
|
</listitem>
|
|
|
|
|
</varlistentry>
|
|
|
|
|
</variablelist>
|
2015-10-06 00:59:35 -04:00
|
|
|
</refsection>
|
2012-06-28 03:06:00 -04:00
|
|
|
|
2015-10-06 00:59:35 -04:00
|
|
|
<refsection><info><title>SEE ALSO</title></info>
|
2015-10-22 01:09:46 -04:00
|
|
|
|
2012-06-28 03:06:00 -04:00
|
|
|
<para><citerefentry>
|
|
|
|
|
<refentrytitle>dnssec-dsfromkey</refentrytitle><manvolnum>8</manvolnum>
|
|
|
|
|
</citerefentry>,
|
|
|
|
|
<citerefentry>
|
|
|
|
|
<refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
|
|
|
|
|
</citerefentry>,
|
|
|
|
|
<citerefentry>
|
|
|
|
|
<refentrytitle>dnssec-signzone</refentrytitle><manvolnum>8</manvolnum>
|
|
|
|
|
</citerefentry>,
|
|
|
|
|
</para>
|
2015-10-06 00:59:35 -04:00
|
|
|
</refsection>
|
2012-06-28 03:06:00 -04:00
|
|
|
|
2015-10-06 00:59:35 -04:00
|
|
|
</refentry>
|
