1<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
2               "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
3               [<!ENTITY mdash "&#8212;">]>
4<!--
5 - Copyright (C) 2012-2014  Internet Systems Consortium, Inc. ("ISC")
6 -
7 - Permission to use, copy, modify, and/or distribute this software for any
8 - purpose with or without fee is hereby granted, provided that the above
9 - copyright notice and this permission notice appear in all copies.
10 -
11 - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
12 - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
13 - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
14 - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
15 - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
16 - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
17 - PERFORMANCE OF THIS SOFTWARE.
18-->
19
20<refentry id="man.dnssec-checkds">
21  <refentryinfo>
22    <date>January 01, 2013</date>
23  </refentryinfo>
24
25  <refmeta>
26    <refentrytitle><application>dnssec-checkds</application></refentrytitle>
27    <manvolnum>8</manvolnum>
28    <refmiscinfo>BIND9</refmiscinfo>
29  </refmeta>
30
31  <refnamediv>
32    <refname><application>dnssec-checkds</application></refname>
33    <refpurpose>A DNSSEC delegation consistency checking tool.</refpurpose>
34  </refnamediv>
35
36  <docinfo>
37    <copyright>
38      <year>2012</year>
39      <year>2013</year>
40      <year>2014</year>
41      <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
42    </copyright>
43  </docinfo>
44
45  <refsynopsisdiv>
46    <cmdsynopsis>
47      <command>dnssec-checkds</command>
48      <arg><option>-l <replaceable class="parameter">domain</replaceable></option></arg>
49      <arg><option>-f <replaceable class="parameter">file</replaceable></option></arg>
50      <arg><option>-d <replaceable class="parameter">dig path</replaceable></option></arg>
51      <arg><option>-D <replaceable class="parameter">dsfromkey path</replaceable></option></arg>
52      <arg choice="req">zone</arg>
53    </cmdsynopsis>
54    <cmdsynopsis>
55      <command>dnssec-dsfromkey</command>
56      <arg><option>-l <replaceable class="parameter">domain</replaceable></option></arg>
57      <arg><option>-f <replaceable class="parameter">file</replaceable></option></arg>
58      <arg><option>-d <replaceable class="parameter">dig path</replaceable></option></arg>
59      <arg><option>-D <replaceable class="parameter">dsfromkey path</replaceable></option></arg>
60      <arg choice="req">zone</arg>
61   </cmdsynopsis>
62  </refsynopsisdiv>
63
64  <refsect1>
65    <title>DESCRIPTION</title>
66    <para><command>dnssec-checkds</command>
67      verifies the correctness of Delegation Signer (DS) or DNSSEC
68      Lookaside Validation (DLV) resource records for keys in a specified
69      zone.
70    </para>
71  </refsect1>
72
73  <refsect1>
74    <title>OPTIONS</title>
75
76    <variablelist>
77      <varlistentry>
78        <term>-f <replaceable class="parameter">file</replaceable></term>
79        <listitem>
80          <para>
81            If a <option>file</option> is specified, then the zone is
82            read from that file to find the DNSKEY records.  If not,
83            then the DNSKEY records for the zone are looked up in the DNS.
84          </para>
85        </listitem>
86      </varlistentry>
87
88      <varlistentry>
89        <term>-l <replaceable class="parameter">domain</replaceable></term>
90        <listitem>
91          <para>
92            Check for a DLV record in the specified lookaside domain,
93            instead of checking for a DS record in the zone's parent.
94            For example, to check for DLV records for "example.com"
95            in ISC's DLV zone, use:
96            <command>dnssec-checkds -l dlv.isc.org example.com</command>
97          </para>
98        </listitem>
99      </varlistentry>
100
101      <varlistentry>
102        <term>-d <replaceable class="parameter">dig path</replaceable></term>
103        <listitem>
104          <para>
105            Specifies a path to a <command>dig</command> binary.  Used
106            for testing.
107          </para>
108        </listitem>
109      </varlistentry>
110
111      <varlistentry>
112        <term>-D <replaceable class="parameter">dsfromkey path</replaceable></term>
113        <listitem>
114          <para>
115            Specifies a path to a <command>dnssec-dsfromkey</command> binary.
116            Used for testing.
117          </para>
118        </listitem>
119      </varlistentry>
120    </variablelist>
121  </refsect1>
122
123  <refsect1>
124    <title>SEE ALSO</title>
125    <para><citerefentry>
126        <refentrytitle>dnssec-dsfromkey</refentrytitle><manvolnum>8</manvolnum>
127      </citerefentry>,
128      <citerefentry>
129        <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
130      </citerefentry>,
131      <citerefentry>
132        <refentrytitle>dnssec-signzone</refentrytitle><manvolnum>8</manvolnum>
133      </citerefentry>,
134    </para>
135  </refsect1>
136
137  <refsect1>
138    <title>AUTHOR</title>
139    <para><corpauthor>Internet Systems Consortium</corpauthor>
140    </para>
141  </refsect1>
142
143</refentry><!--
144 - Local variables:
145 - mode: sgml
146 - End:
147-->
148