diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-27 07:24:22 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-27 07:24:22 +0000 |
commit | 45d6379135504814ab723b57f0eb8be23393a51d (patch) | |
tree | d4f2ec4acca824a8446387a758b0ce4238a4dffa /bin/python/dnssec-checkds.rst | |
parent | Initial commit. (diff) | |
download | bind9-45d6379135504814ab723b57f0eb8be23393a51d.tar.xz bind9-45d6379135504814ab723b57f0eb8be23393a51d.zip |
Adding upstream version 1:9.16.44.upstream/1%9.16.44
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'bin/python/dnssec-checkds.rst')
-rw-r--r-- | bin/python/dnssec-checkds.rst | 68 |
1 files changed, 68 insertions, 0 deletions
diff --git a/bin/python/dnssec-checkds.rst b/bin/python/dnssec-checkds.rst new file mode 100644 index 0000000..aa239fa --- /dev/null +++ b/bin/python/dnssec-checkds.rst @@ -0,0 +1,68 @@ +.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") +.. +.. SPDX-License-Identifier: MPL-2.0 +.. +.. This Source Code Form is subject to the terms of the Mozilla Public +.. License, v. 2.0. If a copy of the MPL was not distributed with this +.. file, you can obtain one at https://mozilla.org/MPL/2.0/. +.. +.. See the COPYRIGHT file distributed with this work for additional +.. information regarding copyright ownership. + +.. highlight: console + +.. _man_dnssec-checkds: + +dnssec-checkds - DNSSEC delegation consistency checking tool +------------------------------------------------------------ + +Synopsis +~~~~~~~~ + +``dnssec-checkds`` [**-d**\ *dig path*] [**-D**\ *dsfromkey path*] +[**-f**\ *file*] [**-l**\ *domain*] [**-s**\ *file*] {zone} + +Description +~~~~~~~~~~~ + +``dnssec-checkds`` verifies the correctness of Delegation Signer (DS) +resource records for keys in a specified zone. + +Options +~~~~~~~ + +**-a** *algorithm* + + Specify a digest algorithm to use when converting the zones DNSKEY + records to expected DS records. This option can be repeated, so that + multiple records are checked for each DNSKEY record. + + The *algorithm* must be one of SHA-1, SHA-256, or SHA-384. These + values are case insensitive, and the hyphen may be omitted. If no + algorithm is specified, the default is SHA-256. + +**-f** *file* + + If a ``file`` is specified, then the zone is read from that file to + find the DNSKEY records. If not, then the DNSKEY records for the zone + are looked up in the DNS. + +**-s** *file* + + Specifies a prepared dsset file, such as would be generated by + ``dnssec-signzone``, to use as a source for the DS RRset instead of + querying the parent. + +**-d** *dig path* + + Specifies a path to a ``dig`` binary. Used for testing. + +**-D** *dsfromkey path* + + Specifies a path to a ``dnssec-dsfromkey`` binary. Used for testing. + +See Also +~~~~~~~~ + +``dnssec-dsfromkey``\ (8), ``dnssec-keygen``\ (8), +``dnssec-signzone``\ (8), |