diff options
Diffstat (limited to 'contrib/bind9/bin/dnssec/dnssec-dsfromkey.html')
| -rw-r--r-- | contrib/bind9/bin/dnssec/dnssec-dsfromkey.html | 67 |
1 files changed, 44 insertions, 23 deletions
diff --git a/contrib/bind9/bin/dnssec/dnssec-dsfromkey.html b/contrib/bind9/bin/dnssec/dnssec-dsfromkey.html index 618648118dd6..54cc1ab61ca2 100644 --- a/contrib/bind9/bin/dnssec/dnssec-dsfromkey.html +++ b/contrib/bind9/bin/dnssec/dnssec-dsfromkey.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2008 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2008-2010 Internet Systems Consortium, Inc. ("ISC") - - Permission to use, copy, modify, and/or distribute this software for any - purpose with or without fee is hereby granted, provided that the above @@ -13,7 +13,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: dnssec-dsfromkey.html,v 1.5.14.1 2010-05-19 02:06:11 tbox Exp $ --> +<!-- $Id: dnssec-dsfromkey.html,v 1.13 2010-12-24 01:14:19 tbox Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> @@ -28,18 +28,18 @@ </div> <div class="refsynopsisdiv"> <h2>Synopsis</h2> -<div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code> [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-1</code>] [<code class="option">-2</code>] [<code class="option">-a <em class="replaceable"><code>alg</code></em></code>] {keyfile}</p></div> -<div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code> {-s} [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-1</code>] [<code class="option">-2</code>] [<code class="option">-a <em class="replaceable"><code>alg</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-d <em class="replaceable"><code>dir</code></em></code>] {dnsname}</p></div> +<div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code> [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-1</code>] [<code class="option">-2</code>] [<code class="option">-a <em class="replaceable"><code>alg</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] {keyfile}</p></div> +<div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code> {-s} [<code class="option">-1</code>] [<code class="option">-2</code>] [<code class="option">-a <em class="replaceable"><code>alg</code></em></code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-s</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>file</code></em></code>] [<code class="option">-A</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {dnsname}</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543424"></a><h2>DESCRIPTION</h2> +<a name="id2543464"></a><h2>DESCRIPTION</h2> <p><span><strong class="command">dnssec-dsfromkey</strong></span> outputs the Delegation Signer (DS) resource record (RR), as defined in RFC 3658 and RFC 4509, for the given key(s). </p> </div> <div class="refsect1" lang="en"> -<a name="id2543435"></a><h2>OPTIONS</h2> +<a name="id2543476"></a><h2>OPTIONS</h2> <div class="variablelist"><dl> <dt><span class="term">-1</span></dt> <dd><p> @@ -53,34 +53,54 @@ <dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt> <dd><p> Select the digest algorithm. The value of - <code class="option">algorithm</code> must be one of SHA-1 (SHA1) or - SHA-256 (SHA256). These values are case insensitive. + <code class="option">algorithm</code> must be one of SHA-1 (SHA1), + SHA-256 (SHA256) or GOST. These values are case insensitive. </p></dd> -<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt> +<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt> <dd><p> - Sets the debugging level. + Look for key files (or, in keyset mode, + <code class="filename">keyset-</code> files) in + <code class="option">directory</code>. + </p></dd> +<dt><span class="term">-f <em class="replaceable"><code>file</code></em></span></dt> +<dd><p> + Zone file mode: in place of the keyfile name, the argument is + the DNS domain name of a zone master file, which can be read + from <code class="option">file</code>. If the zone name is the same as + <code class="option">file</code>, then it may be omitted. + </p></dd> +<dt><span class="term">-A</span></dt> +<dd><p> + Include ZSK's when generating DS records. Without this option, + only keys which have the KSK flag set will be converted to DS + records and printed. Useful only in zone file mode. + </p></dd> +<dt><span class="term">-l <em class="replaceable"><code>domain</code></em></span></dt> +<dd><p> + Generate a DLV set instead of a DS set. The specified + <code class="option">domain</code> is appended to the name for each + record in the set. + The DNSSEC Lookaside Validation (DLV) RR is described + in RFC 4431. </p></dd> <dt><span class="term">-s</span></dt> <dd><p> Keyset mode: in place of the keyfile name, the argument is - the DNS domain name of a keyset file. Following options make sense - only in this mode. + the DNS domain name of a keyset file. </p></dd> <dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt> <dd><p> - Specifies the DNS class (default is IN), useful only - in the keyset mode. + Specifies the DNS class (default is IN). Useful only + in keyset or zone file mode. </p></dd> -<dt><span class="term">-d <em class="replaceable"><code>directory</code></em></span></dt> +<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt> <dd><p> - Look for <code class="filename">keyset</code> files in - <code class="option">directory</code> as the directory, ignored when - not in the keyset mode. + Sets the debugging level. </p></dd> </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2543563"></a><h2>EXAMPLE</h2> +<a name="id2543662"></a><h2>EXAMPLE</h2> <p> To build the SHA-256 DS RR from the <strong class="userinput"><code>Kexample.com.+003+26160</code></strong> @@ -95,7 +115,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543593"></a><h2>FILES</h2> +<a name="id2543692"></a><h2>FILES</h2> <p> The keyfile can be designed by the key identification <code class="filename">Knnnn.+aaa+iiiii</code> or the full file name @@ -109,22 +129,23 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543628"></a><h2>CAVEAT</h2> +<a name="id2543728"></a><h2>CAVEAT</h2> <p> A keyfile error can give a "file not found" even if the file exists. </p> </div> <div class="refsect1" lang="en"> -<a name="id2543638"></a><h2>SEE ALSO</h2> +<a name="id2543737"></a><h2>SEE ALSO</h2> <p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>, <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>, <em class="citetitle">BIND 9 Administrator Reference Manual</em>, <em class="citetitle">RFC 3658</em>, + <em class="citetitle">RFC 4431</em>. <em class="citetitle">RFC 4509</em>. </p> </div> <div class="refsect1" lang="en"> -<a name="id2543674"></a><h2>AUTHOR</h2> +<a name="id2543777"></a><h2>AUTHOR</h2> <p><span class="corpauthor">Internet Systems Consortium</span> </p> </div> |