contrib/bind9/bin/dnssec/dnssec-dsfromkey.docbook

   1 <!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
   2                "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
   3                [<!ENTITY mdash "&#8212;">]>
   4 <!--
   5  - Copyright (C) 2008  Internet Systems Consortium, Inc. ("ISC")
   6  -
   7  - Permission to use, copy, modify, and/or distribute this software for any
   8  - purpose with or without fee is hereby granted, provided that the above
   9  - copyright notice and this permission notice appear in all copies.
  10  -
  11  - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
  12  - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
  13  - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
  14  - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
  15  - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
  16  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  17  - PERFORMANCE OF THIS SOFTWARE.
  18 -->
  19
  20 <!-- $Id: dnssec-dsfromkey.docbook,v 1.6 2008/11/07 13:54:11 jreed Exp $ -->
  21 <refentry id="man.dnssec-dsfromkey">
  22   <refentryinfo>
  23     <date>November 29, 2008</date>
  24   </refentryinfo>
  25
  26   <refmeta>
  27     <refentrytitle><application>dnssec-dsfromkey</application></refentrytitle>
  28     <manvolnum>8</manvolnum>
  29     <refmiscinfo>BIND9</refmiscinfo>
  30   </refmeta>
  31
  32   <refnamediv>
  33     <refname><application>dnssec-dsfromkey</application></refname>
  34     <refpurpose>DNSSEC DS RR generation tool</refpurpose>
  35   </refnamediv>
  36
  37   <docinfo>
  38     <copyright>
  39       <year>2008</year>
  40       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
  41     </copyright>
  42   </docinfo>
  43
  44   <refsynopsisdiv>
  45     <cmdsynopsis>
  46       <command>dnssec-dsfromkey</command>
  47       <arg><option>-v <replaceable class="parameter">level</replaceable></option></arg>
  48       <arg><option>-1</option></arg>
  49       <arg><option>-2</option></arg>
  50       <arg><option>-a <replaceable class="parameter">alg</replaceable></option></arg>
  51       <arg choice="req">keyfile</arg>
  52     </cmdsynopsis>
  53     <cmdsynopsis>
  54       <command>dnssec-dsfromkey</command>
  55       <arg choice="req">-s</arg>
  56       <arg><option>-v <replaceable class="parameter">level</replaceable></option></arg>
  57       <arg><option>-1</option></arg>
  58       <arg><option>-2</option></arg>
  59       <arg><option>-a <replaceable class="parameter">alg</replaceable></option></arg>
  60       <arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
  61       <arg><option>-d <replaceable class="parameter">dir</replaceable></option></arg>
  62       <arg choice="req">dnsname</arg>
  63    </cmdsynopsis>
  64   </refsynopsisdiv>
  65
  66   <refsect1>
  67     <title>DESCRIPTION</title>
  68     <para><command>dnssec-dsfromkey</command>
  69       outputs the Delegation Signer (DS) resource record (RR), as defined in
  70       RFC 3658 and RFC 4509, for the given key(s).
  71     </para>
  72   </refsect1>
  73
  74   <refsect1>
  75     <title>OPTIONS</title>
  76
  77     <variablelist>
  78       <varlistentry>
  79         <term>-1</term>
  80         <listitem>
  81           <para>
  82             Use SHA-1 as the digest algorithm (the default is to use
  83             both SHA-1 and SHA-256).
  84           </para>
  85         </listitem>
  86       </varlistentry>
  87
  88       <varlistentry>
  89         <term>-2</term>
  90         <listitem>
  91           <para>
  92             Use SHA-256 as the digest algorithm.
  93           </para>
  94         </listitem>
  95       </varlistentry>
  96
  97       <varlistentry>
  98         <term>-a <replaceable class="parameter">algorithm</replaceable></term>
  99         <listitem>
 100           <para>
 101             Select the digest algorithm. The value of
 102             <option>algorithm</option> must be one of SHA-1 (SHA1) or
 103             SHA-256 (SHA256). These values are case insensitive.
 104           </para>
 105         </listitem>
 106       </varlistentry>
 107
 108       <varlistentry>
 109         <term>-v <replaceable class="parameter">level</replaceable></term>
 110         <listitem>
 111           <para>
 112             Sets the debugging level.
 113           </para>
 114         </listitem>
 115       </varlistentry>
 116
 117       <varlistentry>
 118         <term>-s</term>
 119         <listitem>
 120           <para>
 121             Keyset mode: in place of the keyfile name, the argument is
 122             the DNS domain name of a keyset file. Following options make sense
 123             only in this mode.
 124           </para>
 125         </listitem>
 126       </varlistentry>
 127
 128       <varlistentry>
 129         <term>-c <replaceable class="parameter">class</replaceable></term>
 130         <listitem>
 131           <para>
 132             Specifies the DNS class (default is IN), useful only
 133             in the keyset mode.
 134           </para>
 135           </listitem>
 136       </varlistentry>
 137
 138       <varlistentry>
 139         <term>-d <replaceable class="parameter">directory</replaceable></term>
 140         <listitem>
 141           <para>
 142             Look for <filename>keyset</filename> files in
 143             <option>directory</option> as the directory, ignored when
 144             not in the keyset mode.
 145           </para>
 146         </listitem>
 147       </varlistentry>
 148
 149     </variablelist>
 150   </refsect1>
 151
 152   <refsect1>
 153     <title>EXAMPLE</title>
 154     <para>
 155       To build the SHA-256 DS RR from the
 156       <userinput>Kexample.com.+003+26160</userinput>
 157       keyfile name, the following command would be issued:
 158     </para>
 159     <para><userinput>dnssec-dsfromkey -2 Kexample.com.+003+26160</userinput>
 160     </para>
 161     <para>
 162       The command would print something like:
 163     </para>
 164     <para><userinput>example.com. IN DS 26160 5 2 3A1EADA7A74B8D0BA86726B0C227AA85AB8BBD2B2004F41A868A54F0 C5EA0B94</userinput>
 165     </para>
 166   </refsect1>
 167
 168   <refsect1>
 169     <title>FILES</title>
 170     <para>
 171       The keyfile can be designed by the key identification
 172       <filename>Knnnn.+aaa+iiiii</filename> or the full file name
 173       <filename>Knnnn.+aaa+iiiii.key</filename> as generated by
 174       <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>.
 175     </para>
 176     <para>
 177       The keyset file name is built from the <option>directory</option>,
 178       the string <filename>keyset-</filename> and the
 179       <option>dnsname</option>.
 180     </para>
 181   </refsect1>
 182
 183   <refsect1>
 184     <title>CAVEAT</title>
 185     <para>
 186       A keyfile error can give a "file not found" even if the file exists.
 187     </para>
 188   </refsect1>
 189
 190   <refsect1>
 191     <title>SEE ALSO</title>
 192     <para><citerefentry>
 193         <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
 194       </citerefentry>,
 195       <citerefentry>
 196         <refentrytitle>dnssec-signzone</refentrytitle><manvolnum>8</manvolnum>
 197       </citerefentry>,
 198       <citetitle>BIND 9 Administrator Reference Manual</citetitle>,
 199       <citetitle>RFC 3658</citetitle>,
 200       <citetitle>RFC 4509</citetitle>.
 201     </para>
 202   </refsect1>
 203
 204   <refsect1>
 205     <title>AUTHOR</title>
 206     <para><corpauthor>Internet Systems Consortium</corpauthor>
 207     </para>
 208   </refsect1>
 209
 210 </refentry><!--
 211  - Local variables:
 212  - mode: sgml
 213  - End:
 214 -->