1<!-- Creator : groff version 1.20.1 --> 2<!-- CreationDate: Wed Mar 31 18:15:57 2010 --> 3<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" 4"http://www.w3.org/TR/html4/loose.dtd"> 5<html> 6<head> 7<meta name="generator" content="groff -Thtml, see www.gnu.org"> 8<meta http-equiv="Content-Type" content="text/html; charset=US-ASCII"> 9<meta name="Content-Style" content="text/css"> 10<style type="text/css"> 11 p { margin-top: 0; margin-bottom: 0; vertical-align: top } 12 pre { margin-top: 0; margin-bottom: 0; vertical-align: top } 13 table { margin-top: 0; margin-bottom: 0; vertical-align: top } 14 h1 { text-align: center } 15</style> 16<title>zkt-conf</title> 17 18</head> 19<body> 20 21<h1 align="center">zkt-conf</h1> 22 23<a href="#NAME">NAME</a><br> 24<a href="#SYNOPSYS">SYNOPSYS</a><br> 25<a href="#DESCRIPTION">DESCRIPTION</a><br> 26<a href="#COMMAND OPTIONS">COMMAND OPTIONS</a><br> 27<a href="#OPTIONS">OPTIONS</a><br> 28<a href="#SAMPLE USAGE">SAMPLE USAGE</a><br> 29<a href="#ENVIRONMENT VARIABLES">ENVIRONMENT VARIABLES</a><br> 30<a href="#FILES">FILES</a><br> 31<a href="#AUTHORS">AUTHORS</a><br> 32<a href="#COPYRIGHT">COPYRIGHT</a><br> 33<a href="#SEE ALSO">SEE ALSO</a><br> 34 35<hr> 36 37 38<h2>NAME 39<a name="NAME"></a> 40</h2> 41 42 43<p style="margin-left:11%; margin-top: 1em">zkt-conf 44— Secure DNS zone key config tool</p> 45 46<h2>SYNOPSYS 47<a name="SYNOPSYS"></a> 48</h2> 49 50 51 52<p style="margin-left:11%; margin-top: 1em"><b>zkt-conf</b> 53[<b>−V</b> <i>name</i>] [<b>−w</b>] 54<b>−d</b> [<b>−O</b> <i>optstr</i>] <b><br> 55zkt-conf</b> [<b>−V</b> <i>name</i>] [<b>−w</b>] 56[<b>−s</b>] [<b>−c</b> <i>file</i>] 57[<b>−O</b> <i>optstr</i>] <b><br> 58zkt-conf</b> [<b>−V</b> <i>name</i>] [<b>−w</b>] 59<b>−l</b> [<b>−a</b>] [<b>−c</b> 60<i>file</i>] [<b>−O</b> <i>optstr</i>]</p> 61 62 63<p style="margin-left:11%; margin-top: 1em"><b>zkt-conf</b> 64[<b>−c</b> <i>file</i>] [<b>−w</b>] 65<i>zonefile</i></p> 66 67<h2>DESCRIPTION 68<a name="DESCRIPTION"></a> 69</h2> 70 71 72<p style="margin-left:11%; margin-top: 1em">The 73<i>zkt-conf</i> command helps to create and show a config 74file for use by the Zone Key Tool commands, which are 75currently <i>zkt-ls(8) , zkt-keyman(8) ,</i> and 76<i>zkt-signer(8)</i>.</p> 77 78<p style="margin-left:11%; margin-top: 1em">In general, the 79ZKT commands uses up to three consequitive sources for 80config parameter settings:</p> 81 82<p style="margin-left:22%; margin-top: 1em">a) The build-in 83default parameters</p> 84 85<p style="margin-left:22%; margin-top: 1em">b) The side 86wide config file or the file specified with option -c 87overloads the built-in vars. The file is 88<i>/var/named/dnssec.conf</i> or the one set by the 89environment variable ZKT_CONFFILE.</p> 90 91<p style="margin-left:22%; margin-top: 1em">c) The local 92config file <i>dnssec.conf</i> in the current zone directory 93also overloads the parameter read so far.</p> 94 95<p style="margin-left:11%; margin-top: 1em">Because of the 96overload feature, none of the config files has to have a 97complete parameter set. Typically the local config file will 98have only those parameters which are different from the 99global or built-in ones.</p> 100 101<p style="margin-left:11%; margin-top: 1em">The default 102operation of <i>zkt-conf(8)</i> is to print the site wide 103config file (same as option <b>−s</b>). Option 104<b>−d</b> will print out the built-in defaults while 105<b>−l</b> print those local parameters which are 106different to the global ones. In the last case 107<b>−a</b> gives the fully (<b>−−all</b>) 108parameter list.</p> 109 110<p style="margin-left:11%; margin-top: 1em">In all forms of 111the command, the parameters are changeable via option 112<b>−O</b> (<b>−−config-option</b>).</p> 113 114<p style="margin-left:11%; margin-top: 1em">With option 115<b>−w</b> (<b>−−write</b>) the confg 116parameters are written back to the config file. This is 117useful in case of an ZKT upgrade or if one or more 118parameters are changed by option <b>−O</b>.</p> 119 120<p style="margin-left:11%; margin-top: 1em">Option 121<b>−t</b> checks some of the parameter for reasonable 122values.</p> 123 124<p style="margin-left:11%; margin-top: 1em">Which config 125file is shown (or modified or checked) is determined by an 126option. <b>−d</b> means the built-in defaults, option 127<b>−l</b> is for the local config file and 128<b>−s</b> specifies the site wide config file. Option 129<b>−s</b> is the default.</p> 130 131<p style="margin-left:11%; margin-top: 1em">In the last 132form of the command, the maximum TTL value of all the 133resource records of <i>zonefile</i> is calculated and print 134on stdout. Additional, the zonefile is checked if the key 135database (<i>dnskey.db</i>) is included in the zone file. If 136option <b>−w</b> is set, than the INCLUDE directive 137will be added to the zone file if necessary, and the maximum 138ttl value is written to a local config file.</p> 139 140<h2>COMMAND OPTIONS 141<a name="COMMAND OPTIONS"></a> 142</h2> 143 144 145 146<p style="margin-left:11%; margin-top: 1em"><b>−h</b>, 147<b>−−help</b></p> 148 149<p style="margin-left:22%;">Print out the online help.</p> 150 151<p style="margin-left:11%;"><b>−d</b>, 152<b>−−built-in-defaults</b></p> 153 154<p style="margin-left:22%;">List all the built-in default 155parameter.</p> 156 157<p style="margin-left:11%;"><b>−s</b>, 158<b>−−sitecfg</b></p> 159 160<p style="margin-left:22%;">List all site wide config 161parameter (this is the default).</p> 162 163<p style="margin-left:11%;"><b>−l</b>, 164<b>−−localcfg</b></p> 165 166<p style="margin-left:22%;">List local config parameter 167which are different to the site wide config parameter. With 168otion <b>−a</b> (<b>−−all</b>) all config 169parameters will be shown.</p> 170 171<h2>OPTIONS 172<a name="OPTIONS"></a> 173</h2> 174 175 176 177<p style="margin-left:11%; margin-top: 1em"><b>−V</b> 178<i>view</i><b>, −−view=</b><i>view</i></p> 179 180<p style="margin-left:22%;">Try to read the default 181configuration out of a file named 182<i>dnssec-<view>.conf .</i> Instead of specifying the 183<b>−V</b> or <b>−−view</b> option every 184time, it is also possible to create a hard or softlink to 185the executable file and name it like 186<i>zkt-conf-<view> .</i></p> 187 188<p style="margin-left:11%;"><b>−c</b> <i>file</i><b>, 189−−config=</b><i>file</i></p> 190 191<p style="margin-left:22%;">Read all parameter from the 192specified config file. Otherwise the default config file is 193read or build in defaults will be used.</p> 194 195<p style="margin-left:11%;"><b>−O</b> 196<i>optstr</i><b>, 197−−config-option=</b><i>optstr</i></p> 198 199<p style="margin-left:22%;">Set any config file parameter 200via the commandline. Several config file options could be 201specified at the argument string but have to be delimited by 202semicolon (or newline).</p> 203 204<p style="margin-left:11%;"><b>−a</b>, 205<b>−−all</b></p> 206 207<p style="margin-left:22%;">In case of showing the local 208config file parameter (<b>−l</b>) this prints all 209parameter, not just the ones different to the site wide or 210built-in defaults.</p> 211 212<h2>SAMPLE USAGE 213<a name="SAMPLE USAGE"></a> 214</h2> 215 216 217<p style="margin-left:11%; margin-top: 1em"><b>zkt-conf 218−d</b></p> 219 220<p style="margin-left:22%;">Print the built-in default 221config pars.</p> 222 223<p style="margin-left:11%;"><b>zkt-conf −d 224−w</b></p> 225 226<p style="margin-left:22%;">Write all the built-in defaults 227into the site wide config file.</p> 228 229<p style="margin-left:11%;"><b>zkt-conf −s −O 230"SerialFormat: Incremental; Zonedir: 231/var/named/zones" <br> 232−w</b></p> 233 234<p style="margin-left:22%;">Change two parameters in the 235site wide <i>dnssec.conf</i> file.</p> 236 237<p style="margin-left:11%;"><b>zkt-conf −w 238zone.db</b></p> 239 240<p style="margin-left:22%;">Add <b>$INCLUDE dnskey.db</b> 241to the zone file and set the maximum ttl paramter in the 242local config file to the maximum ttl fond in any RR of 243<i>zone.db</i>.</p> 244 245<h2>ENVIRONMENT VARIABLES 246<a name="ENVIRONMENT VARIABLES"></a> 247</h2> 248 249 250 251<p style="margin-left:11%; margin-top: 1em">ZKT_CONFFILE</p> 252 253<p style="margin-left:22%;">Specifies the name of the 254default global configuration files.</p> 255 256<h2>FILES 257<a name="FILES"></a> 258</h2> 259 260 261 262<p style="margin-left:11%; margin-top: 1em"><i>/var/named/dnssec.conf</i></p> 263 264<p style="margin-left:22%;">Default global configuration 265file. The name of the default global config file is settable 266via the environment variable ZKT_CONFFILE.</p> 267 268 269<p style="margin-left:11%;"><i>/var/named/dnssec-<view>.conf</i></p> 270 271<p style="margin-left:22%;">View specific global 272configuration file.</p> 273 274<p style="margin-left:11%;"><i>./dnssec.conf</i></p> 275 276<p style="margin-left:22%;">Local configuration file 277(additionally used in <b>−l</b> mode).</p> 278 279<h2>AUTHORS 280<a name="AUTHORS"></a> 281</h2> 282 283 284<p style="margin-left:11%; margin-top: 1em">Holger 285Zuleger</p> 286 287<h2>COPYRIGHT 288<a name="COPYRIGHT"></a> 289</h2> 290 291 292<p style="margin-left:11%; margin-top: 1em">Copyright (c) 2932005 − 2010 by Holger Zuleger. Licensed under the BSD 294Licences. There is NO warranty; not even for MERCHANTABILITY 295or FITNESS FOR A PARTICULAR PURPOSE.</p> 296 297<h2>SEE ALSO 298<a name="SEE ALSO"></a> 299</h2> 300 301 302 303<p style="margin-left:11%; margin-top: 1em">dnssec-keygen(8), 304dnssec-signzone(8), rndc(8), named.conf(5), zkt-signer(8), 305zkt-ls(8), zkt-keyman(8), <br> 306RFC4641 "DNSSEC Operational Practices" by Miek 307Gieben and Olaf Kolkman, <br> 308DNSSEC HOWTO Tutorial by Olaf Kolkman, RIPE NCC <br> 309 (http://www.nlnetlabs.nl/dnssec_howto/)</p> 310<hr> 311</body> 312</html> 313