lsdnssec(1p) [debian man page]
LSDNSSEC(1p) User Contributed Perl Documentation LSDNSSEC(1p) NAME
lsdnssec - List DNSSEC components of zones from files or directories SYNOPSIS
lsdnssec [-d 1-9] [OPTIONS] [FILES OR DIRECTORIES...] DESCRIPTION
The lsdnssec program summarizes information about DNSSEC-related files. These files may be specified on the command line or found in directories that were given on the command line. The -d flag controls the amount of detail in the lsdnssec output. lsdnssec displays the following information about each zone for which it collects information: keys Key information is shown about the keys currently in use. A bar graph is included that shows the age of the key with respect to the configured expected key lifetime. This information is collected from any .krf files lsdnssec finds. rolling status If any zone keys are being rolled via rollerd, then the status of the rolling state is shown. The time needed to reach the next state is also displayed. This information is collected from any .rollrec or .rrf files found by lsdnssec. OPTIONS
-z ZONENAME1[,ZONENAME2] --zone=ZONENAME1[,ZONENAME2] Only prints information about the named zone(s). -p NUMBER --phase=NUMBER Only prints information about zones currently being rolled by rollerd and where either a zsk or a ksk rollover is taking place and is in phase NUMBER. If the phase NUMBER is specified as 0, then any zone in any rolling phase will be printed (but not zones that aren't being rolled at all). This flag is especially useful to find all of your zones that are currently in KSK rolling phase 6, which requires operator intervention to propagate the new DS records into the parent zone. -r --roll-status Show only rolling information from the rollrec files. By default both roll-state and key information is shown. -k --key-data Show only keying information from the krf files. By default both roll-state and key information is shown. -K --key-gen-time Normally rollerd calculates the age of a key based on the last time a key was rolled. However, it's also possible to calculate the age of a key based on the difference between the time of execution and when the key was created (which was typically before the rolling began). The -K flag switches to this second mode of key age calculation (which will not match how rollerd actually performs). -M --monitor The -M flag gives an abbreviated version of lsdnssec output that is intended for use by monitoring systems. It displays the zone name, the rollover phase, and the time remaining in that phase. This option implicitly sets the -r flag on and sets the detail level to 1. -d 1-9 --detail 1-9 Controls the amount of information shown in the output. A level of 9 shows everything; a level of 1 shows a minimal amount. The default level is 5. --debug Turns on extra debugging information. COPYRIGHT
Copyright 2009-2012 SPARTA, Inc. All rights reserved. See the COPYING file included with the DNSSEC-Tools package for details. AUTHOR
Wes Hardaker <hardaker AT AT AT users.sourceforge.net> SEE ALSO
lskrf(1) zonesigner(8), rollerd(8) perl v5.14.2 2012-06-21 LSDNSSEC(1p)
Check Out this Related Man Page
defaults(3pm) User Contributed Perl Documentation defaults(3pm) NAME
Net::DNS::SEC::Tools::defaults - DNSSEC-Tools default values. SYNOPSIS
use Net::DNS::SEC::Tools::defaults; %defs = dnssec_tools_alldefaults(); $defalg = dnssec_tools_default("algorithm"); $cz_path = dnssec_tools_default("zonecheck"); $ksklife = dnssec_tools_default("ksklife"); @default_names = dnssec_tools_defnames(); DESCRIPTION
This module maintains a set of default values used by DNSSEC-Tools programs. This allows these defaults to be centralized in a single place and prevents them from being spread around multiple programs. INTERFACES
dnssec_tools_alldefaults() This interface returns a copy of all the DNSSEC-Tools defaults in a hash table. dnssec_tools_default(default) This interface returns the value of a DNSSEC-Tools default. The interface is passed default, which is the name of a default to look up. The value of this default is returned to the caller. dnssec_tools_defnames() This interface returns the names of all the DNSSEC-Tools defaults. No default values are returned, but the default names returned by dnssec_tools_defnames() may then be passed to dnssec_tools_default(). DEFAULT FIELDS
The following are the defaults defined for DNSSEC-Tools. admin-email This default holds the default email address for the DNSSEC-Tools administrator. archivedir This default holds the default directory in which keys will be archived. algorithm This default holds the default encryption algorithm. enddate This default holds the default zone life, in seconds. entropy_msg This default indicates whether or not zonesigner should display an entropy message. keygen This default holds the path to the key-generation program. keygen-opts This default hold a set of options for the key-generation program. kskcount This default holds the default number of KSK keys to generate for a zone. ksklength This default holds the default length of a KSK key. ksklife This default holds the default lifespan of a KSK key. This is only used for determining when to rollover the KSK key. Keys otherwise have no concept of a lifespan. This is measured in seconds. lifespan-max This default is the maximum lifespan of a key. lifespan-min This default is the minimum lifespan of a key. log_tz This default is the timezone to be used in log-message timestamps. mailer-server The mail server that will be contacted by dt_adminmail(). This is passed to Mail::Send. mailer-type The type of mailer that will be contacted by dt_adminmail(). This is passed to Mail::Mailer (by way of Mail::Send.) Any values recognized by Mail::Mailer may be used here. prog_ksk1 ... prog_ksk7 These defaults hold the default phase commands to be executed by rollerd for each phase of KSK rollover. The default keyword indicates that the normal phase processing should be performed. Multiple commands may be given, but they must be separated by bangs. The default keyword may be combined with other commands. prog_normal These defaults hold the default phase commands to be executed by rollerd when a zone is not in a rollover state. The default keyword indicates that the normal phase processing should be performed. Multiple commands may be given, but they must be separated by bangs. The default keyword may be combined with other commands. prog_zsk1 ... prog_zsk7 These defaults hold the default phase commands to be executed by rollerd for each phase of ZSK rollover. The default keyword indicates that the normal phase processing should be performed. Multiple commands may be given, but they must be separated by bangs. The default keyword may be combined with other commands. random This default holds the default random number generator device. revperiod This default holds the default revocation period of a KSK key. This is the minimum period of time a revoked KSK is required to remain in the signing set so that it is properly observed by resolvers. This is measured in seconds. rndc This default is the default path of the BIND rndc program. roll_loadzone This default is flag indicates if rollerd should have the DNS daemon reload its zones. roll_logfile This default is the path to rollerd's log file. roll_loglevel This default is the default logging level for rollerd. roll_sleeptime This default holds the default sleep time used by the rollerd rollover daemon. savekeys This default indicates whether or not keys should be deleted when they are no longer in use. tacontact This is merely a placeholder for the contact information. There is no useful default value for this. tadnsvalconffile This default specifies the path of the dnsval configuration file. tanamedconffile This default specifies the path of the named configuration file. taresolvconf This default specifies the path to the DNS resolv.conf file. tasleeptime This default holds the default value for how long the daemon should sleep. tasmtpserver This default specifies the name of the SMTP server. tatmpdir This default specifies the location of trustman's temporary directory. usegui This default indicates whether or not the DNSSEC-Tools GUI should be used for option entry. zone_errors This default holds the maximum number of consecutive errors a particular zone may have before it is changed to be a skip zone. zonecheck This default holds the path to the zone-verification program. zonecheck-opts This default hold a set of options for the zone-verification program. This default is set to "-i local". This value has been found to greatly improve the amount of time it takes named-checkzone to run. zonesign This default holds the path to the zone-signing program. zonesign-opts This default hold a set of options for the zone-signing program. zskcount This default holds the default number of ZSK keys to generate for a zone. zsklength This default holds the default length of the ZSK key. zsklife This default holds the default lifespan of the ZSK key. This is only used for determining when to rollover the ZSK key. Keys otherwise have no concept of a lifespan. This is measured in seconds. DNSSEC-TOOLS PROGRAM FIELDS The following are the defaults holding the paths to the DNSSEC-Tools programs. blinkenlights This default holds the path to the DNSSEC-Tools blinkenlights program. cleanarch This default holds the path to the DNSSEC-Tools cleanarch program. cleankrf This default holds the path to the DNSSEC-Tools cleankrf program. dtconf This default holds the path to the DNSSEC-Tools dtconf program. dtconfchk This default holds the path to the DNSSEC-Tools dtconfchk program. dtdefs This default holds the path to the DNSSEC-Tools dtdefs program. dtinitconf This default holds the path to the DNSSEC-Tools dtinitconf program. expchk This default holds the path to the DNSSEC-Tools expchk program. fixkrf This default holds the path to the DNSSEC-Tools fixkrf program. genkrf This default holds the path to the DNSSEC-Tools genkrf program. getdnskeys This default holds the path to the DNSSEC-Tools getdnskeys program. keyarch This default holds the path to the DNSSEC-Tools keyarch program. krfcheck This default holds the path to the DNSSEC-Tools krfcheck program. lskrf This default holds the path to the DNSSEC-Tools lskrf program. lsroll This default holds the path to the DNSSEC-Tools lsroll program. rollchk This default holds the path to the DNSSEC-Tools rollchk program. rollctl This default holds the path to the DNSSEC-Tools rollctl program. rollerd This default holds the path to the DNSSEC-Tools rollerd program. rollinit This default holds the path to the DNSSEC-Tools rollinit program. rolllog This default holds the path to the DNSSEC-Tools rolllog program. rollrec-editor This default holds the path to the DNSSEC-Tools rollrec-editor program. rollset This default holds the path to the DNSSEC-Tools rollset program. signset-editor This default holds the path to the DNSSEC-Tools signset-editor program. tachk This default holds the path to the DNSSEC-Tools tachk program. timetrans This default holds the path to the DNSSEC-Tools timetrans program. trustman This default holds the path to the DNSSEC-Tools trustman program. zonesigner This default holds the path to the DNSSEC-Tools zonesigner program. COPYRIGHT
Copyright 2006-2012 SPARTA, Inc. All rights reserved. See the COPYING file included with the DNSSEC-Tools package for details. AUTHOR
Wayne Morrison, tewok@tislabs.com perl v5.14.2 2012-06-28 defaults(3pm)