upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-02-12 15:23:06 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
bind9/bin/python/dnssec-checkds.8
Tinderbox User 05f2241fcb prep 9.15.8
2020-01-16 08:01:20 +00:00

95 lines
3.1 KiB
Groff
Raw Blame History

.\" Copyright (C) 2012-2020 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
.\" file, You can obtain one at http://mozilla.org/MPL/2.0/.
.\"
.hy 0
.ad l
'\" t
.\" Title: dnssec-checkds
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
.\" Date: 2013-01-01
.\" Manual: BIND9
.\" Source: ISC
.\" Language: English
.\"
.TH "DNSSEC\-CHECKDS" "8" "2013\-01\-01" "ISC" "BIND9"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
dnssec-checkds \- DNSSEC delegation consistency checking tool
.SH "SYNOPSIS"
.HP \w'\fBdnssec\-checkds\fR\ 'u
\fBdnssec\-checkds\fR [\fB\-d\ \fR\fB\fIdig\ path\fR\fR] [\fB\-D\ \fR\fB\fIdsfromkey\ path\fR\fR] [\fB\-f\ \fR\fB\fIfile\fR\fR] [\fB\-l\ \fR\fB\fIdomain\fR\fR] [\fB\-s\ \fR\fB\fIfile\fR\fR] {zone}
.SH "DESCRIPTION"
.PP
\fBdnssec\-checkds\fR
verifies the correctness of Delegation Signer (DS) resource records for keys in a specified zone\&.
.SH "OPTIONS"
.PP
\-a \fIalgorithm\fR
.RS 4
Specify a digest algorithm to use when converting the zone\*(Aqs DNSKEY records to expected DS records\&. This option can be repeated, so that multiple records are checked for each DNSKEY record\&.
.sp
The
\fIalgorithm\fR
must be one of SHA\-1, SHA\-256, or SHA\-384\&. These values are case insensitive, and the hyphen may be omitted\&. If no algorithm is specified, the default is SHA\-256\&.
.RE
.PP
\-f \fIfile\fR
.RS 4
If a
\fBfile\fR
is specified, then the zone is read from that file to find the DNSKEY records\&. If not, then the DNSKEY records for the zone are looked up in the DNS\&.
.RE
.PP
\-s \fIfile\fR
.RS 4
Specifies a prepared dsset file, such as would be generated by
\fBdnssec\-signzone\fR, to use as a source for the DS RRset instead of querying the parent\&.
.RE
.PP
\-d \fIdig path\fR
.RS 4
Specifies a path to a
\fBdig\fR
binary\&. Used for testing\&.
.RE
.PP
\-D \fIdsfromkey path\fR
.RS 4
Specifies a path to a
\fBdnssec\-dsfromkey\fR
binary\&. Used for testing\&.
.RE
.SH "SEE ALSO"
.PP
\fBdnssec-dsfromkey\fR(8),
\fBdnssec-keygen\fR(8),
\fBdnssec-signzone\fR(8),
.SH "AUTHOR"
.PP
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
Copyright \(co 2012-2020 Internet Systems Consortium, Inc. ("ISC")
.br
Reference in a new issue View git blame Copy permalink