Query: getdnskeys
OS: debian
Section: 1p
Format: Original Unix Latex Style Formatted with HTML and a Horizontal Scroll Bar
GETDNSKEYS(1p) User Contributed Perl Documentation GETDNSKEYS(1p)NAMEgetdnskeys - Manage lists of DNSKEYs from DNS zonesSYNOPSISgetdnskeys [-i file] [-o file] [-k] [-T] [-t] [-v] [zones]DESCRIPTIONgetdnskeys manages lists of DNSKEYs from DNS zones. It may be used to retrieve and compare DNSKEYs. The output from getdnskeys may be included (directly or indirectly) in a named.conf file.OPTIONSgetdnskeys takes the following options: -i path Reads path as a named.conf with which to compare key lists. -k Only looks for Key Signing Keys (KSKs); all other keys are ignored. -o file Writes the results to file. -T Checks the current trusted key list from named.conf. -t Encloses output in needed named.conf syntax markers. -v Turns on verbose mode for additional output. -Version Displays the version information for getdnskeys and the DNSSEC-Tools package. -h Gives a help message.EXAMPLESThis getdnskeys will retrieve the KSK for example.com: getdnskeys -o /etc/named.trustkeys.conf -k -v -t example.com This getdnskeys will check saved keys against a live set of keys: getdnskeys -i /etc/named.trustkeys.conf -T -k -v -t This getdnskeys will automatically update a set of saved keys: getdnskeys -i /etc/named.trustkeys.conf -k -t -T -v -o /etc/named.trustkeys.confSECURITY ISSUESCurrently this does not validate new keys placed in the file in any way, nor does it validate change over keys which have been added. It also does not handle revocation of keys. It should prompt you before adding a new key so that you can always run the auto-update feature. perl v5.14.2 2012-06-21 GETDNSKEYS(1p)