1*00b67f09SDavid van Moolenbroek<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" 2*00b67f09SDavid van Moolenbroek "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" 3*00b67f09SDavid van Moolenbroek [<!ENTITY mdash "—">]> 4*00b67f09SDavid van Moolenbroek<!-- 5*00b67f09SDavid van Moolenbroek - Copyright (C) 2012-2014 Internet Systems Consortium, Inc. ("ISC") 6*00b67f09SDavid van Moolenbroek - 7*00b67f09SDavid van Moolenbroek - Permission to use, copy, modify, and/or distribute this software for any 8*00b67f09SDavid van Moolenbroek - purpose with or without fee is hereby granted, provided that the above 9*00b67f09SDavid van Moolenbroek - copyright notice and this permission notice appear in all copies. 10*00b67f09SDavid van Moolenbroek - 11*00b67f09SDavid van Moolenbroek - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 12*00b67f09SDavid van Moolenbroek - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 13*00b67f09SDavid van Moolenbroek - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 14*00b67f09SDavid van Moolenbroek - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 15*00b67f09SDavid van Moolenbroek - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 16*00b67f09SDavid van Moolenbroek - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 17*00b67f09SDavid van Moolenbroek - PERFORMANCE OF THIS SOFTWARE. 18*00b67f09SDavid van Moolenbroek--> 19*00b67f09SDavid van Moolenbroek 20*00b67f09SDavid van Moolenbroek<refentry id="man.dnssec-checkds"> 21*00b67f09SDavid van Moolenbroek <refentryinfo> 22*00b67f09SDavid van Moolenbroek <date>January 01, 2013</date> 23*00b67f09SDavid van Moolenbroek </refentryinfo> 24*00b67f09SDavid van Moolenbroek 25*00b67f09SDavid van Moolenbroek <refmeta> 26*00b67f09SDavid van Moolenbroek <refentrytitle><application>dnssec-checkds</application></refentrytitle> 27*00b67f09SDavid van Moolenbroek <manvolnum>8</manvolnum> 28*00b67f09SDavid van Moolenbroek <refmiscinfo>BIND9</refmiscinfo> 29*00b67f09SDavid van Moolenbroek </refmeta> 30*00b67f09SDavid van Moolenbroek 31*00b67f09SDavid van Moolenbroek <refnamediv> 32*00b67f09SDavid van Moolenbroek <refname><application>dnssec-checkds</application></refname> 33*00b67f09SDavid van Moolenbroek <refpurpose>A DNSSEC delegation consistency checking tool.</refpurpose> 34*00b67f09SDavid van Moolenbroek </refnamediv> 35*00b67f09SDavid van Moolenbroek 36*00b67f09SDavid van Moolenbroek <docinfo> 37*00b67f09SDavid van Moolenbroek <copyright> 38*00b67f09SDavid van Moolenbroek <year>2012</year> 39*00b67f09SDavid van Moolenbroek <year>2013</year> 40*00b67f09SDavid van Moolenbroek <year>2014</year> 41*00b67f09SDavid van Moolenbroek <holder>Internet Systems Consortium, Inc. ("ISC")</holder> 42*00b67f09SDavid van Moolenbroek </copyright> 43*00b67f09SDavid van Moolenbroek </docinfo> 44*00b67f09SDavid van Moolenbroek 45*00b67f09SDavid van Moolenbroek <refsynopsisdiv> 46*00b67f09SDavid van Moolenbroek <cmdsynopsis> 47*00b67f09SDavid van Moolenbroek <command>dnssec-checkds</command> 48*00b67f09SDavid van Moolenbroek <arg><option>-l <replaceable class="parameter">domain</replaceable></option></arg> 49*00b67f09SDavid van Moolenbroek <arg><option>-f <replaceable class="parameter">file</replaceable></option></arg> 50*00b67f09SDavid van Moolenbroek <arg><option>-d <replaceable class="parameter">dig path</replaceable></option></arg> 51*00b67f09SDavid van Moolenbroek <arg><option>-D <replaceable class="parameter">dsfromkey path</replaceable></option></arg> 52*00b67f09SDavid van Moolenbroek <arg choice="req">zone</arg> 53*00b67f09SDavid van Moolenbroek </cmdsynopsis> 54*00b67f09SDavid van Moolenbroek <cmdsynopsis> 55*00b67f09SDavid van Moolenbroek <command>dnssec-dsfromkey</command> 56*00b67f09SDavid van Moolenbroek <arg><option>-l <replaceable class="parameter">domain</replaceable></option></arg> 57*00b67f09SDavid van Moolenbroek <arg><option>-f <replaceable class="parameter">file</replaceable></option></arg> 58*00b67f09SDavid van Moolenbroek <arg><option>-d <replaceable class="parameter">dig path</replaceable></option></arg> 59*00b67f09SDavid van Moolenbroek <arg><option>-D <replaceable class="parameter">dsfromkey path</replaceable></option></arg> 60*00b67f09SDavid van Moolenbroek <arg choice="req">zone</arg> 61*00b67f09SDavid van Moolenbroek </cmdsynopsis> 62*00b67f09SDavid van Moolenbroek </refsynopsisdiv> 63*00b67f09SDavid van Moolenbroek 64*00b67f09SDavid van Moolenbroek <refsect1> 65*00b67f09SDavid van Moolenbroek <title>DESCRIPTION</title> 66*00b67f09SDavid van Moolenbroek <para><command>dnssec-checkds</command> 67*00b67f09SDavid van Moolenbroek verifies the correctness of Delegation Signer (DS) or DNSSEC 68*00b67f09SDavid van Moolenbroek Lookaside Validation (DLV) resource records for keys in a specified 69*00b67f09SDavid van Moolenbroek zone. 70*00b67f09SDavid van Moolenbroek </para> 71*00b67f09SDavid van Moolenbroek </refsect1> 72*00b67f09SDavid van Moolenbroek 73*00b67f09SDavid van Moolenbroek <refsect1> 74*00b67f09SDavid van Moolenbroek <title>OPTIONS</title> 75*00b67f09SDavid van Moolenbroek 76*00b67f09SDavid van Moolenbroek <variablelist> 77*00b67f09SDavid van Moolenbroek <varlistentry> 78*00b67f09SDavid van Moolenbroek <term>-f <replaceable class="parameter">file</replaceable></term> 79*00b67f09SDavid van Moolenbroek <listitem> 80*00b67f09SDavid van Moolenbroek <para> 81*00b67f09SDavid van Moolenbroek If a <option>file</option> is specified, then the zone is 82*00b67f09SDavid van Moolenbroek read from that file to find the DNSKEY records. If not, 83*00b67f09SDavid van Moolenbroek then the DNSKEY records for the zone are looked up in the DNS. 84*00b67f09SDavid van Moolenbroek </para> 85*00b67f09SDavid van Moolenbroek </listitem> 86*00b67f09SDavid van Moolenbroek </varlistentry> 87*00b67f09SDavid van Moolenbroek 88*00b67f09SDavid van Moolenbroek <varlistentry> 89*00b67f09SDavid van Moolenbroek <term>-l <replaceable class="parameter">domain</replaceable></term> 90*00b67f09SDavid van Moolenbroek <listitem> 91*00b67f09SDavid van Moolenbroek <para> 92*00b67f09SDavid van Moolenbroek Check for a DLV record in the specified lookaside domain, 93*00b67f09SDavid van Moolenbroek instead of checking for a DS record in the zone's parent. 94*00b67f09SDavid van Moolenbroek For example, to check for DLV records for "example.com" 95*00b67f09SDavid van Moolenbroek in ISC's DLV zone, use: 96*00b67f09SDavid van Moolenbroek <command>dnssec-checkds -l dlv.isc.org example.com</command> 97*00b67f09SDavid van Moolenbroek </para> 98*00b67f09SDavid van Moolenbroek </listitem> 99*00b67f09SDavid van Moolenbroek </varlistentry> 100*00b67f09SDavid van Moolenbroek 101*00b67f09SDavid van Moolenbroek <varlistentry> 102*00b67f09SDavid van Moolenbroek <term>-d <replaceable class="parameter">dig path</replaceable></term> 103*00b67f09SDavid van Moolenbroek <listitem> 104*00b67f09SDavid van Moolenbroek <para> 105*00b67f09SDavid van Moolenbroek Specifies a path to a <command>dig</command> binary. Used 106*00b67f09SDavid van Moolenbroek for testing. 107*00b67f09SDavid van Moolenbroek </para> 108*00b67f09SDavid van Moolenbroek </listitem> 109*00b67f09SDavid van Moolenbroek </varlistentry> 110*00b67f09SDavid van Moolenbroek 111*00b67f09SDavid van Moolenbroek <varlistentry> 112*00b67f09SDavid van Moolenbroek <term>-D <replaceable class="parameter">dsfromkey path</replaceable></term> 113*00b67f09SDavid van Moolenbroek <listitem> 114*00b67f09SDavid van Moolenbroek <para> 115*00b67f09SDavid van Moolenbroek Specifies a path to a <command>dnssec-dsfromkey</command> binary. 116*00b67f09SDavid van Moolenbroek Used for testing. 117*00b67f09SDavid van Moolenbroek </para> 118*00b67f09SDavid van Moolenbroek </listitem> 119*00b67f09SDavid van Moolenbroek </varlistentry> 120*00b67f09SDavid van Moolenbroek </variablelist> 121*00b67f09SDavid van Moolenbroek </refsect1> 122*00b67f09SDavid van Moolenbroek 123*00b67f09SDavid van Moolenbroek <refsect1> 124*00b67f09SDavid van Moolenbroek <title>SEE ALSO</title> 125*00b67f09SDavid van Moolenbroek <para><citerefentry> 126*00b67f09SDavid van Moolenbroek <refentrytitle>dnssec-dsfromkey</refentrytitle><manvolnum>8</manvolnum> 127*00b67f09SDavid van Moolenbroek </citerefentry>, 128*00b67f09SDavid van Moolenbroek <citerefentry> 129*00b67f09SDavid van Moolenbroek <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum> 130*00b67f09SDavid van Moolenbroek </citerefentry>, 131*00b67f09SDavid van Moolenbroek <citerefentry> 132*00b67f09SDavid van Moolenbroek <refentrytitle>dnssec-signzone</refentrytitle><manvolnum>8</manvolnum> 133*00b67f09SDavid van Moolenbroek </citerefentry>, 134*00b67f09SDavid van Moolenbroek </para> 135*00b67f09SDavid van Moolenbroek </refsect1> 136*00b67f09SDavid van Moolenbroek 137*00b67f09SDavid van Moolenbroek <refsect1> 138*00b67f09SDavid van Moolenbroek <title>AUTHOR</title> 139*00b67f09SDavid van Moolenbroek <para><corpauthor>Internet Systems Consortium</corpauthor> 140*00b67f09SDavid van Moolenbroek </para> 141*00b67f09SDavid van Moolenbroek </refsect1> 142*00b67f09SDavid van Moolenbroek 143*00b67f09SDavid van Moolenbroek</refentry><!-- 144*00b67f09SDavid van Moolenbroek - Local variables: 145*00b67f09SDavid van Moolenbroek - mode: sgml 146*00b67f09SDavid van Moolenbroek - End: 147*00b67f09SDavid van Moolenbroek--> 148