2 - Copyright (C) 2008 Internet Systems Consortium, Inc. ("ISC")
4 - Permission to use, copy, modify, and/or distribute this software for any
5 - purpose with or without fee is hereby granted, provided that the above
6 - copyright notice and this permission notice appear in all copies.
8 - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
9 - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
10 - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
11 - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
12 - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
13 - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
14 - PERFORMANCE OF THIS SOFTWARE.
17 <!-- $Id: dnssec-dsfromkey.html,v 1.5 2008/11/08 01:11:47 tbox Exp $ -->
20 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
21 <title>dnssec-dsfromkey</title>
22 <meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
24 <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
25 <a name="man.dnssec-dsfromkey"></a><div class="titlepage"></div>
26 <div class="refnamediv">
28 <p><span class="application">dnssec-dsfromkey</span> — DNSSEC DS RR generation tool</p>
30 <div class="refsynopsisdiv">
32 <div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code> [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-1</code>] [<code class="option">-2</code>] [<code class="option">-a <em class="replaceable"><code>alg</code></em></code>] {keyfile}</p></div>
33 <div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code> {-s} [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-1</code>] [<code class="option">-2</code>] [<code class="option">-a <em class="replaceable"><code>alg</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-d <em class="replaceable"><code>dir</code></em></code>] {dnsname}</p></div>
35 <div class="refsect1" lang="en">
36 <a name="id2543424"></a><h2>DESCRIPTION</h2>
37 <p><span><strong class="command">dnssec-dsfromkey</strong></span>
38 outputs the Delegation Signer (DS) resource record (RR), as defined in
39 RFC 3658 and RFC 4509, for the given key(s).
42 <div class="refsect1" lang="en">
43 <a name="id2543435"></a><h2>OPTIONS</h2>
44 <div class="variablelist"><dl>
45 <dt><span class="term">-1</span></dt>
47 Use SHA-1 as the digest algorithm (the default is to use
48 both SHA-1 and SHA-256).
50 <dt><span class="term">-2</span></dt>
52 Use SHA-256 as the digest algorithm.
54 <dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
56 Select the digest algorithm. The value of
57 <code class="option">algorithm</code> must be one of SHA-1 (SHA1) or
58 SHA-256 (SHA256). These values are case insensitive.
60 <dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
62 Sets the debugging level.
64 <dt><span class="term">-s</span></dt>
66 Keyset mode: in place of the keyfile name, the argument is
67 the DNS domain name of a keyset file. Following options make sense
70 <dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
72 Specifies the DNS class (default is IN), useful only
75 <dt><span class="term">-d <em class="replaceable"><code>directory</code></em></span></dt>
77 Look for <code class="filename">keyset</code> files in
78 <code class="option">directory</code> as the directory, ignored when
79 not in the keyset mode.
83 <div class="refsect1" lang="en">
84 <a name="id2543563"></a><h2>EXAMPLE</h2>
86 To build the SHA-256 DS RR from the
87 <strong class="userinput"><code>Kexample.com.+003+26160</code></strong>
88 keyfile name, the following command would be issued:
90 <p><strong class="userinput"><code>dnssec-dsfromkey -2 Kexample.com.+003+26160</code></strong>
93 The command would print something like:
95 <p><strong class="userinput"><code>example.com. IN DS 26160 5 2 3A1EADA7A74B8D0BA86726B0C227AA85AB8BBD2B2004F41A868A54F0 C5EA0B94</code></strong>
98 <div class="refsect1" lang="en">
99 <a name="id2543593"></a><h2>FILES</h2>
101 The keyfile can be designed by the key identification
102 <code class="filename">Knnnn.+aaa+iiiii</code> or the full file name
103 <code class="filename">Knnnn.+aaa+iiiii.key</code> as generated by
104 <span class="refentrytitle">dnssec-keygen</span>(8).
107 The keyset file name is built from the <code class="option">directory</code>,
108 the string <code class="filename">keyset-</code> and the
109 <code class="option">dnsname</code>.
112 <div class="refsect1" lang="en">
113 <a name="id2543628"></a><h2>CAVEAT</h2>
115 A keyfile error can give a "file not found" even if the file exists.
118 <div class="refsect1" lang="en">
119 <a name="id2543638"></a><h2>SEE ALSO</h2>
120 <p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
121 <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
122 <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
123 <em class="citetitle">RFC 3658</em>,
124 <em class="citetitle">RFC 4509</em>.
127 <div class="refsect1" lang="en">
128 <a name="id2543674"></a><h2>AUTHOR</h2>
129 <p><span class="corpauthor">Internet Systems Consortium</span>
git.samba.org / tridge / bind9.git / blob