debian man page for keyarch

Query: keyarch

OS: debian

Section: 1p

Links: debian man pages   all man pages

Forums: unix linux community   forum categories

Format: Original Unix Latex Style Formatted with HTML and a Horizontal Scroll Bar

KEYARCH(1p)						User Contributed Perl Documentation					       KEYARCH(1p)


NAME

       keyarch - DNSSEC-Tools daemon to archive old KSK and ZSK keys


SYNOPSIS

	 keyarch [options] <keyrec_file | rollrec_file>


DESCRIPTION

       The keyarch program archives old KSK and ZSK keys.  Keys are considered old if they are revoked or obsolete.  Keys marked as either kskrev
       or zskrev are revoked; keys marked as either kskobs or zskobs are obsolete.  Archived keys are prefixed with the seconds-since-epoch as a
       means of distinguishing a zone's keys that have the same five digit number.

       If the required file argument is a keyrec file, then expired keys listed in that file are archived.  If the file argument is a rollrec
       file, the keyrec files of the zones in that file are checked for expired keys.

       If the -zone option is given, then only revoked and obsolete keys belonging to the specified zone will be archived.

       The archive directory is either zone-specific (listed in the zone's keyrec record in the zone's keyrec file) or the default archive
       directory given in the DNSSEC-Tools configuration file.

       The count of archived keys is given as the program's exit code.	Error exit codes are negative.


OPTIONS

       The following options are recognized:

       -zone zone_file
	   Name of the zone whose KSKs will be archived.  If this is not given, then all the zones defined in the rollrec file will be checked.

       -kskonly
	   Only archive KSK keys.

       -zskonly
	   Only archive ZSK keys.

       -dtconfig config_file
	   Name of an alternate DNSSEC-Tools configuration file to be processed.  If specified, this configuration file is used in place of the
	   normal DNSSEC-Tools configuration file not in addition to it.  Also, it will be handled prior to keyrec files, rollrec files, and
	   command-line options.

       -quiet
	   No output will be given.

       -verbose
	   Verbose output will be given.

       -help
	   Display a usage message.

       -Version
	   Displays the version information for keyarch and the DNSSEC-Tools package.


EXIT VALUES

       On success, keyarch's exit code is the number of keys archived.

       keyarch has a 0 exit code if the help message is given.

       keyarch has a negative exit code if an error is encountered.


COPYRIGHT

       Copyright 2007-2012 SPARTA, Inc.  All rights reserved.  See the COPYING file included with the DNSSEC-Tools package for details.


AUTHOR

       Wayne Morrison, tewok@tislabs.com


SEE ALSO

       rollerd(8), zonesigner(8)

       Net::DNS::SEC::Tools::conf.pm(3), Net::DNS::SEC::Tools::dnssectools.pm(3), Net::DNS::SEC::Tools::defaults.pm(3),
       Net::DNS::SEC::Tools::keyrec.pm(3), Net::DNS::SEC::Tools::rollrec.pm(3)

       keyrec(5), rollrec(5)

perl v5.14.2							    2012-06-21							       KEYARCH(1p)
Related Man Pages
bubbles(1p) - debian
cleanarch(1p) - debian
rollchk(1p) - debian
rollset(1p) - debian
net::dns::sec::tools::dnssectools(3pm) - debian
Similar Topics in the Unix Linux Community
ls specify file
list out a specify file
How to open a file that is archived
DNSSEC-Tools 1.4 (Default branch)
Bind9 DNSSEC and rollerd