Content-type: text/html Man page of DNSSEC-DSFROMKEY

DNSSEC-DSFROMKEY

Section: BIND9 (8)
Updated: November 29, 2008
Index Return to Main Contents
 

NAME

dnssec-dsfromkey - DNSSEC DS RR generation tool  

SYNOPSIS

dnssec-dsfromkey [-v level] [-1] [-2] [-a alg] {keyfile}
dnssec-dsfromkey {-s} [-v level] [-1] [-2] [-a alg] [-c class] [-d dir] {dnsname}
 

DESCRIPTION

dnssec-dsfromkey

outputs the Delegation Signer (DS) resource record (RR), as defined in RFC 3658 and RFC 4509, for the given key(s).  

OPTIONS

-1

Use SHA-1 as the digest algorithm (the default is to use both SHA-1 and SHA-256).

-2

Use SHA-256 as the digest algorithm.

-a algorithm

Select the digest algorithm. The value of algorithm must be one of SHA-1 (SHA1) or SHA-256 (SHA256). These values are case insensitive.

-v level

Sets the debugging level.

-s

Keyset mode: in place of the keyfile name, the argument is the DNS domain name of a keyset file. Following options make sense only in this mode.

-c class

Specifies the DNS class (default is IN), useful only in the keyset mode.

-d directory

Look for keyset files in directory as the directory, ignored when not in the keyset mode.
 

EXAMPLE

To build the SHA-256 DS RR from the Kexample.com.+003+26160 keyfile name, the following command would be issued:

dnssec-dsfromkey -2 Kexample.com.+003+26160

The command would print something like:

example.com. IN DS 26160 5 2 3A1EADA7A74B8D0BA86726B0C227AA85AB8BBD2B2004F41A868A54F0 C5EA0B94  

FILES

The keyfile can be designed by the key identification Knnnn.+aaa+iiiii or the full file name Knnnn.+aaa+iiiii.key as generated by dnssec-keygen(8).

The keyset file name is built from the directory, the string keyset- and the dnsname.  

CAVEAT

A keyfile error can give a "file not found" even if the file exists.  

SEE ALSO

dnssec-keygen(8), dnssec-signzone(8), BIND 9 Administrator Reference Manual, RFC 3658, RFC 4509.  

AUTHOR

Internet Systems Consortium  

COPYRIGHT

Copyright © 2008 Internet Systems Consortium, Inc. ("ISC")


 

Index

NAME
SYNOPSIS
DESCRIPTION
OPTIONS
EXAMPLE
FILES
CAVEAT
SEE ALSO
AUTHOR
COPYRIGHT

This document was created by man2html, using the manual pages.
Time: 04:17:50 GMT, September 24, 2010