DNSSEC_TOOLS(1) General Commands Manual DNSSEC_TOOLS(1)NAME
DNSSEC-Tools - A suite of tools and libraries for using DNSSEC
The DNSSEC-Tools package contains a wide variety of tools that are helpful to zone operators, resolver operators, network operators, appli-
cation developers and end-users of DNSSEC.
The best place to learn about the tools that are part of the package is at the following website, which categorizes the tools according to
the intended audience:
Additionally, make sure to check out the tutorials available at:
The DNSSEC-Tools are licensed under a BSD license, the details of which can be found in the COPYING file found within the distribution.
4.2 Berkeley Distribution 5 Dec 2007 DNSSEC_TOOLS(1)
Check Out this Related Man Page
DTREALMS(1p) User Contributed Perl Documentation DTREALMS(1p)NAME
dtrealms - Displays defaults defined for DNSSEC-Tools
dtrealms [options] <realm-file>
dtrealms manages multiple distinct DNSSEC-Tools rollover environments running simultaneously. Each rollover environment, called a realm,
is defined in a realms file. dtrealms uses this file to determine how the rollover environment must be initialized such that it can run
independently of the other rollover environments on a particular system. This is useful for such things as managing very large collections
of zones, segregating customer zones, and software tests.
The realms file may be created with realminit. Currently, the distinct environment for each realm must be created manually. It is hoped
that a tool will soon be available to assist with creating each realm's environment.
dtrealms isn't necessary for running multiple realms. However, it does make it easier to manage multiple realms running consecutively.
A realm is primarily defined by its entry in a realms file. Four fields in particular describe where the realm's files are located and how
it runs. These are the realm's configuration directory, state directory, realm directory, and rollrec file. These directories are used to
set the DT_STATEDIR and DT_SYSCONFDIR environment variables, and the rollrec file defines which zones are managed by the realm's rollover
https://www.dnssec-tools.org/wiki/index.php/Rollover_Realms:_Multiple,_Simultaneous,_Independent_Rollover_Environments has more information
on creating realms.
The configdir field of the realms file contains the name of the realm's configuration directory. This file gives command paths and
configuration values for running the DNSSEC-Tools. The DNSSEC-Tools modules expects this directory hierarchy to contain a dnssec-tools
subdirectory, and a dnssec-tools.conf file within that subdirectory. The path fields in the configuration file point to various
things, such as commands and key archives. It is recommended that these paths only point within the configdir hierarchy, other than
for system utilities.
The DT_SYSCONFDIR environment variable is set to the configdir field. This will tell the DNSSEC-Tools programs and modules where to
find their required data.
The statedir field of the realms file contains the name of the realm's state directory. This directory contains such files as the
rollrec lock file and the rollerd communications socket. If a realm definition does not contain a statedir field, then that realm will
use the configdir field as its statedir field.
The DT_STATEDIR environment variable is set to the statedir field. This will tell the DNSSEC-Tools programs and modules where to find
The realmdir field of the realms file contains the name of the directory in which the realm executes. This is where the realm's zone,
key, and other files are located.
The rollrec field of the realms file is the name of the file that controls zone rollover. This file points to the various keyrec files
that define the locations of the zone files and their associated key files. A realm's rollrec file can locate these files anywhere on
the system, but it is strongly recommended that they all remain within the realm's realmdir hierarchy.
While the DNSSEC-Tools programs will work fine if a realm's configuration, state, and realm directories are actually one directory, it is
recommended that at the least the realmdir files be separated from the configdir and statedir files.
It is further recommended that the files for the various realms be segregated from each other.
The following options are handled by dtrealms.
Directory in which dtrealms will be executed. Any relative paths given in realms configuration files will use this directory as their
Start the grandvizier display program to give a graphical indication of realm status.
Run dtrealms in the foreground instead of as a daemon.
Logging file to use.
Logging level to use when writing to the log file. See rolllog(3) for more details.
Time zone to use with the log file. This must be either "gmt" or "local".
Displays the version information for dtrealms and the DNSSEC-Tools package.
Displays a help message and exits.
This is an early prototype. Consider it to be beta quality.
Copyright 2011-2012 SPARTA, Inc. All rights reserved. See the COPYING file included with the DNSSEC-Tools package for details.
Wayne Morrison, firstname.lastname@example.org
SEE ALSO grandvizier(8), lsrealm(8), realminit(8), realmset(8)Net::DNS::SEC::Tools::realm.pm(3), Net::DNS::SEC::Tools::realmmgr.pm(3), Net::DNS::SEC::Tools::rolllog.pm(3)perl v5.14.2 2012-06-21 DTREALMS(1p)