1<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" 2 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" 3 [<!ENTITY mdash "—">]> 4<!-- 5 - Copyright (C) 2012-2014 Internet Systems Consortium, Inc. ("ISC") 6 - 7 - Permission to use, copy, modify, and/or distribute this software for any 8 - purpose with or without fee is hereby granted, provided that the above 9 - copyright notice and this permission notice appear in all copies. 10 - 11 - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 12 - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 13 - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 14 - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 15 - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 16 - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 17 - PERFORMANCE OF THIS SOFTWARE. 18--> 19 20<refentry id="man.dnssec-checkds"> 21 <refentryinfo> 22 <date>January 01, 2013</date> 23 </refentryinfo> 24 25 <refmeta> 26 <refentrytitle><application>dnssec-checkds</application></refentrytitle> 27 <manvolnum>8</manvolnum> 28 <refmiscinfo>BIND9</refmiscinfo> 29 </refmeta> 30 31 <refnamediv> 32 <refname><application>dnssec-checkds</application></refname> 33 <refpurpose>A DNSSEC delegation consistency checking tool.</refpurpose> 34 </refnamediv> 35 36 <docinfo> 37 <copyright> 38 <year>2012</year> 39 <year>2013</year> 40 <year>2014</year> 41 <holder>Internet Systems Consortium, Inc. ("ISC")</holder> 42 </copyright> 43 </docinfo> 44 45 <refsynopsisdiv> 46 <cmdsynopsis> 47 <command>dnssec-checkds</command> 48 <arg><option>-l <replaceable class="parameter">domain</replaceable></option></arg> 49 <arg><option>-f <replaceable class="parameter">file</replaceable></option></arg> 50 <arg><option>-d <replaceable class="parameter">dig path</replaceable></option></arg> 51 <arg><option>-D <replaceable class="parameter">dsfromkey path</replaceable></option></arg> 52 <arg choice="req">zone</arg> 53 </cmdsynopsis> 54 <cmdsynopsis> 55 <command>dnssec-dsfromkey</command> 56 <arg><option>-l <replaceable class="parameter">domain</replaceable></option></arg> 57 <arg><option>-f <replaceable class="parameter">file</replaceable></option></arg> 58 <arg><option>-d <replaceable class="parameter">dig path</replaceable></option></arg> 59 <arg><option>-D <replaceable class="parameter">dsfromkey path</replaceable></option></arg> 60 <arg choice="req">zone</arg> 61 </cmdsynopsis> 62 </refsynopsisdiv> 63 64 <refsect1> 65 <title>DESCRIPTION</title> 66 <para><command>dnssec-checkds</command> 67 verifies the correctness of Delegation Signer (DS) or DNSSEC 68 Lookaside Validation (DLV) resource records for keys in a specified 69 zone. 70 </para> 71 </refsect1> 72 73 <refsect1> 74 <title>OPTIONS</title> 75 76 <variablelist> 77 <varlistentry> 78 <term>-f <replaceable class="parameter">file</replaceable></term> 79 <listitem> 80 <para> 81 If a <option>file</option> is specified, then the zone is 82 read from that file to find the DNSKEY records. If not, 83 then the DNSKEY records for the zone are looked up in the DNS. 84 </para> 85 </listitem> 86 </varlistentry> 87 88 <varlistentry> 89 <term>-l <replaceable class="parameter">domain</replaceable></term> 90 <listitem> 91 <para> 92 Check for a DLV record in the specified lookaside domain, 93 instead of checking for a DS record in the zone's parent. 94 For example, to check for DLV records for "example.com" 95 in ISC's DLV zone, use: 96 <command>dnssec-checkds -l dlv.isc.org example.com</command> 97 </para> 98 </listitem> 99 </varlistentry> 100 101 <varlistentry> 102 <term>-d <replaceable class="parameter">dig path</replaceable></term> 103 <listitem> 104 <para> 105 Specifies a path to a <command>dig</command> binary. Used 106 for testing. 107 </para> 108 </listitem> 109 </varlistentry> 110 111 <varlistentry> 112 <term>-D <replaceable class="parameter">dsfromkey path</replaceable></term> 113 <listitem> 114 <para> 115 Specifies a path to a <command>dnssec-dsfromkey</command> binary. 116 Used for testing. 117 </para> 118 </listitem> 119 </varlistentry> 120 </variablelist> 121 </refsect1> 122 123 <refsect1> 124 <title>SEE ALSO</title> 125 <para><citerefentry> 126 <refentrytitle>dnssec-dsfromkey</refentrytitle><manvolnum>8</manvolnum> 127 </citerefentry>, 128 <citerefentry> 129 <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum> 130 </citerefentry>, 131 <citerefentry> 132 <refentrytitle>dnssec-signzone</refentrytitle><manvolnum>8</manvolnum> 133 </citerefentry>, 134 </para> 135 </refsect1> 136 137 <refsect1> 138 <title>AUTHOR</title> 139 <para><corpauthor>Internet Systems Consortium</corpauthor> 140 </para> 141 </refsect1> 142 143</refentry><!-- 144 - Local variables: 145 - mode: sgml 146 - End: 147--> 148