--- /dev/null
+.TH zkt-conf 8 "February 22, 2010" "ZKT 1.0" ""
+\" turn off hyphenation
+.\" if n .nh
+.nh
+.SH NAME
+zkt-conf \(em Secure DNS zone key config tool
+
+.SH SYNOPSYS
+.na
+.B zkt-conf
+.RB [ \-V
+.IR "name" ]
+.RB [ \-w ]
+.B \-d
+.RB [ \-O
+.IR "optstr" ]
+.br
+.B zkt-conf
+.RB [ \-V
+.IR "name" ]
+.RB [ \-w ]
+.RB [ \-s ]
+.RB [ \-c
+.IR "file" ]
+.RB [ \-O
+.IR "optstr" ]
+.br
+.B zkt-conf
+.RB [ \-V
+.IR "name" ]
+.RB [ \-w ]
+.B \-l
+.RB [ \-a ]
+.RB [ \-c
+.IR "file" ]
+.RB [ \-O
+.IR "optstr" ]
+
+.B zkt-conf
+.RB [ \-c
+.IR "file" ]
+.RB [ \-w ]
+.I "zonefile"
+
+.br
+.ad
+.SH DESCRIPTION
+The
+.I zkt-conf
+command helps to create and show a config file for use by
+the Zone Key Tool commands, which are currently
+.I zkt-ls(8) ,
+.I zkt-keyman(8) ,
+and
+.IR zkt-signer(8) .
+.PP
+In general, the ZKT commands uses up to three consequitive sources for config
+parameter settings:
+.IP
+a)
+The build-in default parameters
+.IP
+b)
+The side wide config file or the file specified with option -c
+overloads the built-in vars.
+The file is
+.I /var/named/dnssec.conf
+or the one set by the environment variable ZKT_CONFFILE.
+.IP
+c)
+The local config file
+.I dnssec.conf
+in the current zone directory also overloads the parameter read so far.
+.PP
+Because of the overload feature, none of the config files has to have
+a complete parameter set.
+Typically the local config file will have only those parameters which are
+different from the global or built-in ones.
+.PP
+The default operation of
+.I zkt-conf(8)
+is to print the site wide config file (same as option
+.BR \-s ).
+Option
+.B \-d
+will print out the built-in defaults while
+.B \-l
+print those local parameters which are different to the global ones.
+In the last case
+.B \-a
+gives the fully
+.RB ( \-\-all )
+parameter list.
+.PP
+In all forms of the command, the parameters are changeable via option
+.B \-O
+.RB ( \-\-config-option ).
+.PP
+With option
+.B \-w
+.RB ( \-\-write )
+the confg parameters are written back to the config file.
+This is useful in case of an ZKT upgrade or if one or more parameters are changed
+by option
+.BR \-O .
+.PP
+Option
+.B \-t
+checks some of the parameter for reasonable values.
+.PP
+.PP
+Which config file is shown (or modified or checked) is determined by an option.
+.B \-d
+means the built-in defaults, option
+.B \-l
+is for the local config file and
+.B \-s
+specifies the site wide config file.
+Option
+.B \-s
+is the default.
+.PP
+In the last form of the command, the
+maximum TTL value of all the resource records of
+.I zonefile
+is calculated and print on stdout.
+Additional, the zonefile is checked if the key database
+.RI ( dnskey.db )
+is included in the zone file.
+If option
+.B \-w
+is set, than the INCLUDE directive will be added to the zone file if
+necessary, and the maximum ttl value is written to a local config file.
+
+.SH COMMAND OPTIONS
+.TP
+.BR \-h ", " \-\-help
+Print out the online help.
+.TP
+.BR \-d ", " \-\-built-in-defaults
+List all the built-in default parameter.
+.TP
+.BR \-s ", " \-\-sitecfg
+List all site wide config parameter (this is the default).
+.TP
+.BR \-l ", " \-\-localcfg
+List local config parameter which are different to the site wide config
+parameter.
+With otion
+.B \-a
+.RB ( \-\-all )
+all config parameters will be shown.
+
+.SH OPTIONS
+.TP
+.BI \-V " view" ", \-\-view=" view
+Try to read the default configuration out of a file named
+.I dnssec-<view>.conf .
+Instead of specifying the
+.B \-V
+or
+.B \-\-view
+option every time, it is also possible to create a hard or softlink to the
+executable file and name it like
+.I zkt-conf-<view> .
+.TP
+.BI \-c " file" ", \-\-config=" file
+Read all parameter from the specified config file.
+Otherwise the default config file is read or build in defaults
+will be used.
+.TP
+.BI \-O " optstr" ", \-\-config-option=" optstr
+Set any config file parameter via the commandline.
+Several config file options could be specified at the argument string
+but have to be delimited by semicolon (or newline).
+.TP
+.BR \-a ", " \-\-all
+In case of showing the local config file parameter
+.RB ( \-l )
+this prints all parameter, not just the ones different to the site wide
+or built-in defaults.
+
+.SH SAMPLE USAGE
+.TP
+.fam C
+.B "zkt-conf \-d
+.fam T
+Print the built-in default config pars.
+.TP
+.fam C
+.B "zkt-conf \-d \-w
+.fam T
+Write all the built-in defaults into the site wide config file.
+.TP
+.fam C
+.B "zkt-conf \-s \-O ""SerialFormat: Incremental; Zonedir: /var/named/zones"" \-w"
+.fam T
+Change two parameters in the site wide
+.I dnssec.conf
+file.
+.TP
+.fam C
+.B "zkt-conf \-w zone.db
+.fam T
+Add
+.B "$INCLUDE dnskey.db"
+to the zone file and set the maximum ttl paramter in the local config file
+to the maximum ttl fond in any RR of
+.IR zone.db .
+
+.SH ENVIRONMENT VARIABLES
+.TP
+ZKT_CONFFILE
+Specifies the name of the default global configuration files.
+
+.SH FILES
+.TP
+.I /var/named/dnssec.conf
+Default global configuration file.
+The name of the default global config file is settable via
+the environment variable ZKT_CONFFILE.
+.TP
+.I /var/named/dnssec-<view>.conf
+View specific global configuration file.
+.TP
+.I ./dnssec.conf
+Local configuration file (additionally used in
+.B \-l
+mode).
+
+.SH AUTHORS
+Holger Zuleger
+
+.SH COPYRIGHT
+Copyright (c) 2005 \- 2010 by Holger Zuleger.
+Licensed under the BSD Licences. There is NO warranty; not even for MERCHANTABILITY or
+FITNESS FOR A PARTICULAR PURPOSE.
+.\"--------------------------------------------------
+.SH SEE ALSO
+dnssec-keygen(8), dnssec-signzone(8), rndc(8), named.conf(5), zkt-signer(8), zkt-ls(8), zkt-keyman(8),
+.br
+RFC4641
+"DNSSEC Operational Practices" by Miek Gieben and Olaf Kolkman,
+.br
+DNSSEC HOWTO Tutorial by Olaf Kolkman, RIPE NCC
+.br
+(http://www.nlnetlabs.nl/dnssec_howto/)
git.samba.org / tridge / bind9.git / blobdiff