CentOS 7.0 - man page for ldns-verify-zone (centos section 1)
|Linux & Unix Commands - Search Man Pages
ldns-verify-zone - read a DNSSEC signed zone and verify it.
ldns-verify-zone reads a DNS zone file and verifies it.
RRSIG resource records are checked against the DNSKEY set at the zone apex.
Each name is checked for an NSEC(3), if appropriate.
-h Show usage and exit
-a Apex only, check only the zone apex
Signatures may not expire within this period. Default no period is used.
Signatures must have been valid at least this long. Default signatures should just
be valid now.
A file that contains a trusted DNSKEY or DS rr. This option may be given more than
Alternatively, if -k is not specified, and a default trust anchor
(/var/lib/unbound/root.key) exists and contains a valid DNSKEY or DS record, it
will be used as the trust anchor.
Only check this percentage of the zone. Which names to check is determined ran-
domly. Defaults to 100.
-S Chase signature(s) to a known key. The network may be accessed to validate the
zone's DNSKEYs. (implies -k)
-t YYYYMMDDhhmmss | [+|-]offset
Set the validation time either by an absolute time value or as an offset in seconds
from the current time.
-v Show the version and exit
Set the verbosity level (default 3):
0: Be silent
1: Print result, and any errors
2: Same as 1 for now
3: Print result, any errors, and the names that are
4: Same as 3 for now
5: Print the zone after it has been read, the result,
any errors, and the names that are being checked
periods are given in ISO 8601 duration format:
If no file is given standard input is read.
The file from which trusted keys are loaded for signature chasing, when no -k
option is given.
Written by the ldns team as an example for ldns usage.
Report bugs to <firstname.lastname@example.org>.
Copyright (C) 2008 NLnet Labs. This is free software. There is NO warranty; not even for
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
27 May 2008 ldns-verifyzone(1)
All times are GMT -4. The time now is 01:26 PM.