summaryrefslogtreecommitdiffstats
path: root/doc/man/dnssec-checkds.8in
diff options
context:
space:
mode:
Diffstat (limited to 'doc/man/dnssec-checkds.8in')
-rw-r--r--doc/man/dnssec-checkds.8in96
1 files changed, 96 insertions, 0 deletions
diff --git a/doc/man/dnssec-checkds.8in b/doc/man/dnssec-checkds.8in
new file mode 100644
index 0000000..8a1328b
--- /dev/null
+++ b/doc/man/dnssec-checkds.8in
@@ -0,0 +1,96 @@
+.\" Man page generated from reStructuredText.
+.
+.
+.nr rst2man-indent-level 0
+.
+.de1 rstReportMargin
+\\$1 \\n[an-margin]
+level \\n[rst2man-indent-level]
+level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
+-
+\\n[rst2man-indent0]
+\\n[rst2man-indent1]
+\\n[rst2man-indent2]
+..
+.de1 INDENT
+.\" .rstReportMargin pre:
+. RS \\$1
+. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
+. nr rst2man-indent-level +1
+.\" .rstReportMargin post:
+..
+.de UNINDENT
+. RE
+.\" indent \\n[an-margin]
+.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.nr rst2man-indent-level -1
+.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
+..
+.TH "DNSSEC-CHECKDS" "8" "@RELEASE_DATE@" "@BIND9_VERSION@" "BIND 9"
+.SH NAME
+dnssec-checkds \- DNSSEC delegation consistency checking tool
+.SH SYNOPSIS
+.sp
+\fBdnssec\-checkds\fP [\fB\-d\fP\fIdig path\fP] [\fB\-D\fP\fIdsfromkey path\fP]
+[\fB\-f\fP\fIfile\fP] [\fB\-l\fP\fIdomain\fP] [\fB\-s\fP\fIfile\fP] {zone}
+.SH DESCRIPTION
+.sp
+\fBdnssec\-checkds\fP verifies the correctness of Delegation Signer (DS)
+resource records for keys in a specified zone.
+.SH OPTIONS
+.sp
+\fB\-a\fP \fIalgorithm\fP
+.INDENT 0.0
+.INDENT 3.5
+Specify a digest algorithm to use when converting the zones DNSKEY
+records to expected DS records. This option can be repeated, so that
+multiple records are checked for each DNSKEY record.
+.sp
+The \fIalgorithm\fP must be one of SHA\-1, SHA\-256, or SHA\-384. These
+values are case insensitive, and the hyphen may be omitted. If no
+algorithm is specified, the default is SHA\-256.
+.UNINDENT
+.UNINDENT
+.sp
+\fB\-f\fP \fIfile\fP
+.INDENT 0.0
+.INDENT 3.5
+If a \fBfile\fP is specified, then the zone is read from that file to
+find the DNSKEY records. If not, then the DNSKEY records for the zone
+are looked up in the DNS.
+.UNINDENT
+.UNINDENT
+.sp
+\fB\-s\fP \fIfile\fP
+.INDENT 0.0
+.INDENT 3.5
+Specifies a prepared dsset file, such as would be generated by
+\fBdnssec\-signzone\fP, to use as a source for the DS RRset instead of
+querying the parent.
+.UNINDENT
+.UNINDENT
+.sp
+\fB\-d\fP \fIdig path\fP
+.INDENT 0.0
+.INDENT 3.5
+Specifies a path to a \fBdig\fP binary. Used for testing.
+.UNINDENT
+.UNINDENT
+.sp
+\fB\-D\fP \fIdsfromkey path\fP
+.INDENT 0.0
+.INDENT 3.5
+Specifies a path to a \fBdnssec\-dsfromkey\fP binary. Used for testing.
+.UNINDENT
+.UNINDENT
+.SH SEE ALSO
+.sp
+\fBdnssec\-dsfromkey\fP(8), \fBdnssec\-keygen\fP(8),
+\fBdnssec\-signzone\fP(8),
+.SH AUTHOR
+Internet Systems Consortium
+.SH COPYRIGHT
+2023, Internet Systems Consortium
+.\" Generated by docutils manpage writer.
+.