Rechercher une page de manuel
getdnskeys
Langue: en
Version: 2007-05-22 (mandriva - 01/05/08)
Section: 1 (Commandes utilisateur)
NAME
getdnskeys - Manage lists of DNSKEYs from DNS zones.SYNOPSIS
getdnskeys [-i file] [-o file] [-k] [-T] [-t] [-v] [zones]
DESCRIPTION
getdnskeys manages lists of DNSKEYs from DNS zones. It may be used to retrieve and compare DNSKEYs. The output from getdnskeys may be included (directly or indirectly) in a named.conf file.OPTIONS
- -h
- Gives a help message.
- -i path
- Reads {\it path} as a \path{named.conf} with which to compare key lists.
- -k
- Only looks for Key Signing Keys (KSK); all other keys are ignored.
- -o file
- Writes the results to {\it file}.
- -T
- Checks the current trusted key list from \path{named.conf}.
- -t
- Encloses output in needed \path{named.conf} syntax markers.
- -v
- Turns on verbose mode for additional output.
EXAMPLES
This \cmd{getdnskeys} will retrieve the KSK for example.com:getdnskeys -o /etc/named.trustkeys.conf -k -v -t example.com
This \cmd{getdnskeys} will check saved keys against a live set of keys:
getdnskeys -i /etc/named.trustkeys.conf -T -k -v -t
This \cmd{getdnskeys} will automatically update a set of saved keys:
getdnskeys -i /etc/named.trustkeys.conf -k -t -T -v -o /etc/named.trustkeys.conf
SECURITY ISSUES
Currently this does not validate new keys placed in the file in any way, nor does it validate change over keys which have been added.It also does not handle revocation of keys.
It should prompt you before adding a new key so that you can always run the auto-update feature.
Contenus ©2006-2024 Benjamin Poulain
Design ©2006-2024 Maxime Vantorre