Linux Certif

Toute la documentation sur la certification Linux LPI

validate

NAME

validate - Query the Domain Name System and display results of the DNSSEC validation process

SYNOPSIS

   validate
 
 

   validate [options] DOMAIN_NAME
 
 

DESCRIPTION

validate is a diagnostic tool built on top of the DNSSEC validator. It takes DOMAIN_NAME as an argument and queries the DNS for that domain name. It outputs the series of responses that were received from the DNS and the DNSSEC validation results for each domain name. An examination of the queries and validation results can help an administrator uncover errors in DNSSEC configuration of DNS zones.

If no options are specified and no DOMAIN_NAME argument is given, validate will perform a series of pre-defined test queries against the test.dnssec-tools.org zone. This serves as a test-suite for the validator. If any options are specified (e.g., configuration file locations), -s or --selftest must be specified to run the test-suite.

OPTIONS

-c CLASS, --class=CLASS

This option can be used to specify the DNS class of the Resource Record queried. If this option is not given, the default class IN is used.

-h, --help

Display the help and exit.

-p, --print

Print the answers and validation results. By default, validate just outputs a series of responses and their validation results on stderr. When the -p option is used, validate will also output the final result on stdout.

-t TYPE, --type=TYPE

This option can be used to specify the DNS type of the Resource Record queried. If this option is not given, validate will query for the A record for the given DOMAIN_NAME.

-v FILE, --dnsval-conf=FILE

This option can be used to specify the location of the dnsval.conf configuration file.

-r FILE, --resolv-conf=FILE

This option can be used to specify the location of the resolv.conf configuration file containing the name servers to use for lookups.

-i FILE, --root-hints=FILE

This option can be used to specify the location of the root.hints configuration file, containing the root name servers. This is only used when no name server is found, and validate must do recursive lookups itself.

-S suite[:suite], --test-suite=suite[:suite]

This option specifies the test suite (or range of test suites) to use for the internal tests.

-s, --selftest

This option can be used to specify that the application should perform its test-suite against the dnssec-tools.org test domain. If the name servers configured in the system resolv.conf do not support DNSSEC, use the -r and -i options to enable validate to use its own internal recursive resolver.

-T number[:number], --testcase=number[:number]

This option can be used to run a specific test (or range of tests) from the test suite.

-F file, --testcase-conf=file

This option is used to specify the file containing the test cases.

-l label, --label=label

This option can be used to specify the policy from within the dnsval.conf file to use during validation.

-w seconds, --wait=seconds

This option can be used to run the queries specified by other flags in a loop, with the specified interval between successive queries.

-o, --output=<debug-level>:<dest-type>[:<dest-options>]

<debug-level> is 1-7, corresponding to syslog levels ALERT-DEBUG <dest-type> is one of file, net, syslog, stderr, stdout <dest-options> depends on <dest-type>
    file:<file-name>   (opened in append mode)
    net[:<host-name>:<host-port>] (127.0.0.1:1053
    syslog[:facility] (0-23 (default 1 USER))

PRE-REQUISITES

libval

COPYRIGHT

Copyright 2005-2008 SPARTA, Inc. All rights reserved. See the COPYING file included with the DNSSEC-Tools package for details.

AUTHORS

Abhijit Hayatnagarkar, Suresh Krishnaswamy, Robert Story

SEE ALSO

syslog(3)

libval(3)

http://dnssec-tools.sourceforge.net