1<!-- Creator : groff version 1.20.1 --> 2<!-- CreationDate: Tue Aug 3 17:20:51 2010 --> 3<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" 4"http://www.w3.org/TR/html4/loose.dtd"> 5<html> 6<head> 7<meta name="generator" content="groff -Thtml, see www.gnu.org"> 8<meta http-equiv="Content-Type" content="text/html; charset=US-ASCII"> 9<meta name="Content-Style" content="text/css"> 10<style type="text/css"> 11 p { margin-top: 0; margin-bottom: 0; vertical-align: top } 12 pre { margin-top: 0; margin-bottom: 0; vertical-align: top } 13 table { margin-top: 0; margin-bottom: 0; vertical-align: top } 14 h1 { text-align: center } 15</style> 16<title>zkt-ls</title> 17 18</head> 19<body> 20 21<h1 align="center">zkt-ls</h1> 22 23<a href="#NAME">NAME</a><br> 24<a href="#SYNOPSYS">SYNOPSYS</a><br> 25<a href="#DESCRIPTION">DESCRIPTION</a><br> 26<a href="#GENERAL OPTIONS">GENERAL OPTIONS</a><br> 27<a href="#COMMAND OPTIONS">COMMAND OPTIONS</a><br> 28<a href="#SAMPLE USAGE">SAMPLE USAGE</a><br> 29<a href="#ENVIRONMENT VARIABLES">ENVIRONMENT VARIABLES</a><br> 30<a href="#FILES">FILES</a><br> 31<a href="#BUGS">BUGS</a><br> 32<a href="#AUTHORS">AUTHORS</a><br> 33<a href="#COPYRIGHT">COPYRIGHT</a><br> 34<a href="#SEE ALSO">SEE ALSO</a><br> 35 36<hr> 37 38 39<h2>NAME 40<a name="NAME"></a> 41</h2> 42 43 44<p style="margin-left:11%; margin-top: 1em">zkt−ls 45— list dnskeys</p> 46 47<h2>SYNOPSYS 48<a name="SYNOPSYS"></a> 49</h2> 50 51 52 53<p style="margin-left:11%; margin-top: 1em"><b>zkt−ls 54−H</b></p> 55 56 57<p style="margin-left:11%; margin-top: 1em"><b>zkt−ls</b> 58[<b>−V|--view</b> <i>view</i>] [<b>−c</b> 59<i>file</i>] [<b>−l</b> <i>list</i>] 60[<b>−adefhkLprtz</b>] [{<i>keyfile</i>|<i>dir</i>} 61<i>...</i>]</p> 62 63 64<p style="margin-left:11%; margin-top: 1em"><b>zkt−ls 65−T</b> [<b>−V|--view</b> <i>view</i>] 66[<b>−c</b> <i>file</i>] [<b>−l</b> <i>list</i>] 67[<b>−dhrz</b>] [{<i>keyfile</i>|<i>dir</i>} 68<i>...</i>] <b><br> 69zkt−ls −−list-trustedkeys</b> 70[<b>−V|--view</b> <i>view</i>] [<b>−c</b> 71<i>file</i>] [<b>−l</b> <i>list</i>] 72[<b>−dhrz</b>] [{<i>keyfile</i>|<i>dir</i>} 73<i>...</i>]</p> 74 75 76<p style="margin-left:11%; margin-top: 1em"><b>zkt−ls 77−M</b> [<b>−V|--view</b> <i>view</i>] 78[<b>−c</b> <i>file</i>] [<b>−l</b> <i>list</i>] 79[<b>−dhrz</b>] [{<i>keyfile</i>|<i>dir</i>} 80<i>...</i>] <b><br> 81zkt−ls −−list-managedkeys</b> 82[<b>−V|--view</b> <i>view</i>] [<b>−c</b> 83<i>file</i>] [<b>−l</b> <i>list</i>] 84[<b>−dhrz</b>] [{<i>keyfile</i>|<i>dir</i>} 85<i>...</i>]</p> 86 87 88<p style="margin-left:11%; margin-top: 1em"><b>zkt−ls 89−K</b> [<b>−V|--view</b> <i>view</i>] 90[<b>−c</b> <i>file</i>] [<b>−l</b> <i>list</i>] 91[<b>−dhkrz</b>] [{<i>keyfile</i>|<i>dir</i>} 92<i>...</i>] <b><br> 93zkt−ls −−list-dnskeys</b> 94[<b>−V|--view</b> <i>view</i>] [<b>−c</b> 95<i>file</i>] [<b>−l</b> <i>list</i>] 96[<b>−dhkrz</b>] [{<i>keyfile</i>|<i>dir</i>} 97<i>...</i>]</p> 98 99<h2>DESCRIPTION 100<a name="DESCRIPTION"></a> 101</h2> 102 103 104<p style="margin-left:11%; margin-top: 1em">The 105<i>zkt-ls</i> command list all dnssec zone keys found in the 106given or predefined default directory. It is also possible 107to specify keyfiles (K*.key) as arguments. With option 108<b>−r</b> subdirectories will be searched recursively 109and all dnssec keys found are listed, sorted by domain name, 110key type and generation time. In that mode the use of option 111<b>−p</b> may be helpful to find the location of the 112keyfile in the directory tree.</p> 113 114<p style="margin-left:11%; margin-top: 1em">Other forms of 115the command, print out keys in a format suitable for a 116trusted- or managed-key section 117(<b>−T</b>or<b>−M</b>) or as a DNSKEY 118(<b>−K</b>) resource record.</p> 119 120<h2>GENERAL OPTIONS 121<a name="GENERAL OPTIONS"></a> 122</h2> 123 124 125 126<p style="margin-left:11%; margin-top: 1em"><b>−V</b> 127<i>view</i><b>, −−view=</b><i>view</i></p> 128 129<p style="margin-left:22%;">Try to read the default 130configuration out of a file named 131<i>dnssec-<view>.conf .</i> Instead of specifying the 132−V or --view option every time, it is also possible to 133create a hard or softlink to the executable file to give it 134an additional name like <i>zkt-ls-<view> .</i></p> 135 136<p style="margin-left:11%;"><b>−c</b> <i>file</i><b>, 137−−config=</b><i>file</i></p> 138 139<p style="margin-left:22%;">Read default values from the 140specified config file. Otherwise the default config file is 141read or build in defaults will be used.</p> 142 143<p style="margin-left:11%;"><b>−O</b> 144<i>optstr</i><b>, 145−−config-option=</b><i>optstr</i></p> 146 147<p style="margin-left:22%;">Set any config file option via 148the commandline. Several config file options could be 149specified at the argument string but have to be delimited by 150semicolon (or newline).</p> 151 152<p style="margin-left:11%;"><b>−l</b> <i>list</i><b>, 153−−label=</b><i>list</i></p> 154 155<p style="margin-left:22%;">Print out information solely 156about domains given in the comma or space separated list. 157Take care of, that every domain name has a trailing dot.</p> 158 159<p style="margin-left:11%;"><b>−d</b>, 160<b>−−directory</b></p> 161 162<p style="margin-left:22%;">Skip directory arguments. This 163will be useful in combination with wildcard arguments to 164prevent dnsssec-zkt to list all keys found in 165subdirectories. For example "zkt-ls -d *" will 166print out a list of all keys only found in the current 167directory. Maybe it is easier to use "zkt-ls ." 168instead (without -r set). The option works similar to the 169−d option of <i>ls(1)</i>.</p> 170 171<p style="margin-left:11%;"><b>−L</b>, 172<b>−−left-justify</b></p> 173 174<p style="margin-left:22%;">Print out the domain name left 175justified.</p> 176 177<p style="margin-left:11%;"><b>−k</b>, 178<b>−−ksk</b></p> 179 180<p style="margin-left:22%;">Select and print key signing 181keys only (default depends on command mode).</p> 182 183<p style="margin-left:11%;"><b>−z</b>, 184<b>−−zsk</b></p> 185 186<p style="margin-left:22%;">Select and print zone signing 187keys only (default depends on command mode).</p> 188 189<p style="margin-left:11%;"><b>−r</b>, 190<b>−−recursive</b></p> 191 192<p style="margin-left:22%;">Recursive mode (default is 193off). <br> 194Also settable in the dnssec.conf file (Parameter: 195Recursive).</p> 196 197<p style="margin-left:11%;"><b>−p</b>, 198<b>−−path</b></p> 199 200<p style="margin-left:22%;">Print pathname in listing mode. 201In -C mode, don’t create the new key in the same 202directory as (already existing) keys with the same 203label.</p> 204 205<p style="margin-left:11%;"><b>−a</b>, 206<b>−−age</b></p> 207 208<p style="margin-left:22%;">Print age of key in weeks, 209days, hours, minutes and seconds (default is off). <br> 210Also settable in the dnssec.conf file (Parameter: 211PrintAge).</p> 212 213<p style="margin-left:11%;"><b>−f</b>, 214<b>−−lifetime</b></p> 215 216<p style="margin-left:22%;">Print the key lifetime.</p> 217 218<p style="margin-left:11%;"><b>−e</b>, 219<b>−−exptime</b></p> 220 221<p style="margin-left:22%;">Print the key expiration 222time.</p> 223 224<p style="margin-left:11%;"><b>−t</b>, 225<b>−−time</b></p> 226 227<p style="margin-left:22%;">Print the key generation time 228(default is on). <br> 229Also settable in the dnssec.conf file (Parameter: 230PrintTime).</p> 231 232<table width="100%" border="0" rules="none" frame="void" 233 cellspacing="0" cellpadding="0"> 234<tr valign="top" align="left"> 235<td width="11%"></td> 236<td width="3%"> 237 238 239<p><b>−h</b></p></td> 240<td width="8%"></td> 241<td width="78%"> 242 243 244<p>No header or trusted-key resp. managed-key section 245header and trailer in −T or −M mode.</p></td></tr> 246</table> 247 248<h2>COMMAND OPTIONS 249<a name="COMMAND OPTIONS"></a> 250</h2> 251 252 253 254<p style="margin-left:11%; margin-top: 1em"><b>−H</b>, 255<b>−−help</b></p> 256 257<p style="margin-left:22%;">Print out the online help.</p> 258 259<p style="margin-left:11%;"><b>−T</b>, 260<b>−−list-trustedkeys</b></p> 261 262<p style="margin-left:22%;">List all key signing keys as a 263<i>named.conf</i> trusted-key section. Use <b>−h</b> 264to supress the section header/trailer.</p> 265 266<p style="margin-left:11%;"><b>−K</b>, 267<b>−−list-dnskeys</b></p> 268 269<p style="margin-left:22%;">List the public part of all the 270keys in DNSKEY resource record format. Use <b>−h</b> 271to suppress comment lines.</p> 272 273<h2>SAMPLE USAGE 274<a name="SAMPLE USAGE"></a> 275</h2> 276 277 278 279<p style="margin-left:11%; margin-top: 1em"><b>zkt−ls 280−r .</b></p> 281 282<p style="margin-left:22%;">Print out a list of all zone 283keys found below the current directory.</p> 284 285<p style="margin-left:11%;"><b>zkt−ls −Z 286−c ""</b></p> 287 288<p style="margin-left:22%;">Print out the compiled in 289default parameters.</p> 290 291<p style="margin-left:11%;"><b>zkt−ls −T 292./zonedir/example.net</b></p> 293 294<p style="margin-left:22%;">Print out a trusted-key section 295containing the key signing keys of 296"example.net".</p> 297 298<p style="margin-left:11%;"><b>zkt−ls --view 299intern</b></p> 300 301<p style="margin-left:22%;">Print out a list of all zone 302keys found below the directory where all the zones of view 303intern live. There should be a seperate dnssec config file 304<i>dnssec-intern.conf</i> with a directory option to take 305affect of this.</p> 306 307 308<p style="margin-left:11%;"><b>zkt−ls−intern</b></p> 309 310<p style="margin-left:22%;">Same as above. The binary file 311<i>zkt−ls</i> has another link, named 312<i>zkt−ls−intern</i> made, and 313<i>zkt−ls</i> examines argv[0] to find a view whose 314zones it proceeds to process.</p> 315 316<h2>ENVIRONMENT VARIABLES 317<a name="ENVIRONMENT VARIABLES"></a> 318</h2> 319 320 321 322<p style="margin-left:11%; margin-top: 1em">ZKT_CONFFILE</p> 323 324<p style="margin-left:22%;">Specifies the name of the 325default global configuration files.</p> 326 327<h2>FILES 328<a name="FILES"></a> 329</h2> 330 331 332 333<p style="margin-left:11%; margin-top: 1em"><i>/var/named/dnssec.conf</i></p> 334 335<p style="margin-left:22%;">Built-in default global 336configuration file. The name of the default global config 337file is settable via the environment variable 338ZKT_CONFFILE.</p> 339 340 341<p style="margin-left:11%;"><i>/var/named/dnssec-<view>.conf</i></p> 342 343<p style="margin-left:22%;">View specific global 344configuration file.</p> 345 346<p style="margin-left:11%;"><i>./dnssec.conf</i></p> 347 348<p style="margin-left:22%;">Local configuration file (only 349used in <b>−C</b> mode).</p> 350 351<h2>BUGS 352<a name="BUGS"></a> 353</h2> 354 355 356<p style="margin-left:11%; margin-top: 1em">Some of the 357general options will not be meaningful in all of the command 358modes. <br> 359The option <b>−l</b> and the ksk rollover options 360insist on domain names ending with a dot.</p> 361 362<h2>AUTHORS 363<a name="AUTHORS"></a> 364</h2> 365 366 367<p style="margin-left:11%; margin-top: 1em">Holger 368Zuleger</p> 369 370<h2>COPYRIGHT 371<a name="COPYRIGHT"></a> 372</h2> 373 374 375<p style="margin-left:11%; margin-top: 1em">Copyright (c) 3762005 − 2010 by Holger Zuleger. Licensed under the BSD 377Licences. There is NO warranty; not even for MERCHANTABILITY 378or FITNESS FOR A PARTICULAR PURPOSE.</p> 379 380<h2>SEE ALSO 381<a name="SEE ALSO"></a> 382</h2> 383 384 385 386<p style="margin-left:11%; margin-top: 1em">dnssec-keygen(8), 387dnssec-signzone(8), rndc(8), named.conf(5), zkt-conf(8), 388zkt-keyman(8), zkt-signer(8) <br> 389RFC4641 "DNSSEC Operational Practices" by Miek 390Gieben and Olaf Kolkman, <br> 391DNSSEC HOWTO Tutorial by Olaf Kolkman, RIPE NCC <br> 392 (http://www.nlnetlabs.nl/dnssec_howto/)</p> 393<hr> 394</body> 395</html> 396