getdnskeys(1p) [debian man page]

GETDNSKEYS(1p)						User Contributed Perl Documentation					    GETDNSKEYS(1p)

NAME

       getdnskeys - Manage lists of DNSKEYs from DNS zones

SYNOPSIS

	   getdnskeys [-i file] [-o file] [-k] [-T] [-t] [-v] [zones]

DESCRIPTION

       getdnskeys manages lists of DNSKEYs from DNS zones.  It may be used to retrieve and compare DNSKEYs.  The output from getdnskeys may be
       included (directly or indirectly) in a named.conf file.

OPTIONS

       getdnskeys takes the following options:

       -i path
	   Reads path as a named.conf with which to compare key lists.

       -k  Only looks for Key Signing Keys (KSKs); all other keys are ignored.

       -o file
	   Writes the results to file.

       -T  Checks the current trusted key list from named.conf.

       -t  Encloses output in needed named.conf syntax markers.

       -v  Turns on verbose mode for additional output.

       -Version
	   Displays the version information for getdnskeys and the DNSSEC-Tools package.

       -h  Gives a help message.

EXAMPLES

       This getdnskeys will retrieve the KSK for example.com:

	   getdnskeys -o /etc/named.trustkeys.conf -k -v -t example.com

       This getdnskeys will check saved keys against a live set of keys:

	   getdnskeys -i /etc/named.trustkeys.conf -T -k -v -t

       This getdnskeys will automatically update a set of saved keys:

	   getdnskeys -i /etc/named.trustkeys.conf -k -t -T -v
		      -o /etc/named.trustkeys.conf

SECURITY ISSUES

       Currently this does not validate new keys placed in the file in any way, nor does it validate change over keys which have been added.

       It also does not handle revocation of keys.

       It should prompt you before adding a new key so that you can always run the auto-update feature.

perl v5.14.2							    2012-06-21							    GETDNSKEYS(1p)

GETDS(1p)						User Contributed Perl Documentation						 GETDS(1p)

NAME

       getds - Create a DS record from DNSKEYing information

SYNOPSIS

	 getds <domain>

DESCRIPTION

       getds will create a DS record from DNSKEYs for the specified DNS domain.  It does this by converting DNSKEYs to DS records using the
       specified hashing algorithm.  The results can then be passed to upstream DNSSEC-supporting parents or to DLV registries.

       getds will also pull the parent's published DS records and compare them against the existing keys.  It will then list any DS records not
       published in the parent, as well as any DS records that are published in the parent but which don't match an existing key.

OPTIONS

       getds takes the following options:

       -a ALGORITHMS
       --hash-algorithm algorithm ALGORITHMS
	   This option specifies the hash algorithm to use when converting DNSKEYs to DS records.  It may be a comma-separated list if multiple
	   algorithms are desired.  The algorithms to choose from may be either SHA256 or SHA1.

	   The default is SHA256,SHA1

       -z
       --print-zsks
	   This option causes getds to print ZSK DS records, as well as KSK records.

       -p
       --dont-check-parent
	   Instructs getds to not check the records in the parent for their published DS records.

       -q
       --quiet
	   Produces quiet output with no explanatory headers.  In other words, it only prints the DS records generated from the DNSKEYs.

	   Note: Running with -q implies -p.

SECURITY CONSIDERATIONS

       By default, getds pulls data from the live DNS.	If your DNS resolver isn't configured so that this is pulled securely, then the results
       can't be trusted.

COPYRIGHT

       Copyright 2008-2012 SPARTA, Inc.  All rights reserved.  See the COPYING file included with the DNSSEC-Tools package for details.

AUTHOR

       Wes Hardaker, hardaker AT AT AT users.sourceforge.net

perl v5.14.2							    2012-06-21								 GETDS(1p)