diff options
Diffstat (limited to 'doc/man/dnssec-checkds.8in')
-rw-r--r-- | doc/man/dnssec-checkds.8in | 96 |
1 files changed, 96 insertions, 0 deletions
diff --git a/doc/man/dnssec-checkds.8in b/doc/man/dnssec-checkds.8in new file mode 100644 index 0000000..8a1328b --- /dev/null +++ b/doc/man/dnssec-checkds.8in @@ -0,0 +1,96 @@ +.\" Man page generated from reStructuredText. +. +. +.nr rst2man-indent-level 0 +. +.de1 rstReportMargin +\\$1 \\n[an-margin] +level \\n[rst2man-indent-level] +level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] +- +\\n[rst2man-indent0] +\\n[rst2man-indent1] +\\n[rst2man-indent2] +.. +.de1 INDENT +.\" .rstReportMargin pre: +. RS \\$1 +. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin] +. nr rst2man-indent-level +1 +.\" .rstReportMargin post: +.. +.de UNINDENT +. RE +.\" indent \\n[an-margin] +.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]] +.nr rst2man-indent-level -1 +.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] +.in \\n[rst2man-indent\\n[rst2man-indent-level]]u +.. +.TH "DNSSEC-CHECKDS" "8" "@RELEASE_DATE@" "@BIND9_VERSION@" "BIND 9" +.SH NAME +dnssec-checkds \- DNSSEC delegation consistency checking tool +.SH SYNOPSIS +.sp +\fBdnssec\-checkds\fP [\fB\-d\fP\fIdig path\fP] [\fB\-D\fP\fIdsfromkey path\fP] +[\fB\-f\fP\fIfile\fP] [\fB\-l\fP\fIdomain\fP] [\fB\-s\fP\fIfile\fP] {zone} +.SH DESCRIPTION +.sp +\fBdnssec\-checkds\fP verifies the correctness of Delegation Signer (DS) +resource records for keys in a specified zone. +.SH OPTIONS +.sp +\fB\-a\fP \fIalgorithm\fP +.INDENT 0.0 +.INDENT 3.5 +Specify a digest algorithm to use when converting the zones DNSKEY +records to expected DS records. This option can be repeated, so that +multiple records are checked for each DNSKEY record. +.sp +The \fIalgorithm\fP must be one of SHA\-1, SHA\-256, or SHA\-384. These +values are case insensitive, and the hyphen may be omitted. If no +algorithm is specified, the default is SHA\-256. +.UNINDENT +.UNINDENT +.sp +\fB\-f\fP \fIfile\fP +.INDENT 0.0 +.INDENT 3.5 +If a \fBfile\fP is specified, then the zone is read from that file to +find the DNSKEY records. If not, then the DNSKEY records for the zone +are looked up in the DNS. +.UNINDENT +.UNINDENT +.sp +\fB\-s\fP \fIfile\fP +.INDENT 0.0 +.INDENT 3.5 +Specifies a prepared dsset file, such as would be generated by +\fBdnssec\-signzone\fP, to use as a source for the DS RRset instead of +querying the parent. +.UNINDENT +.UNINDENT +.sp +\fB\-d\fP \fIdig path\fP +.INDENT 0.0 +.INDENT 3.5 +Specifies a path to a \fBdig\fP binary. Used for testing. +.UNINDENT +.UNINDENT +.sp +\fB\-D\fP \fIdsfromkey path\fP +.INDENT 0.0 +.INDENT 3.5 +Specifies a path to a \fBdnssec\-dsfromkey\fP binary. Used for testing. +.UNINDENT +.UNINDENT +.SH SEE ALSO +.sp +\fBdnssec\-dsfromkey\fP(8), \fBdnssec\-keygen\fP(8), +\fBdnssec\-signzone\fP(8), +.SH AUTHOR +Internet Systems Consortium +.SH COPYRIGHT +2023, Internet Systems Consortium +.\" Generated by docutils manpage writer. +. |