debian man page for pdnssec

PDNSSEC(8)						      System Manager's Manual							PDNSSEC(8)

NAME
       pdnssec - PowerDNSSEC command and control

SYNOPSIS
       pdnssec [options] command

DESCRIPTION
       pdnssec	is a powerful command that is the operator-friendly gateway into PowerDNSSEC configuration. Behind the scenes, pdnssec manipulates
       a PowerDNS backend database, which also means that for many databases, pdnssec can be run remotely, and can configure key material on  dif-
       ferent servers.

OPTIONS
       A summary of options is included below.

       -h [ --help ]
	      Show summary of options.

       -v [ --verbose ]
	      Be more verbose.

       --force
	      force an action

       --config-name arg
	      Virtual configuration name

       --config-dir arg (=/etc/powerdns)
	      Location of pdns.conf

       --commands arg
	      Commands given as an argument

COMMANDS
       activate-zone-key ZONE KEY-ID
	      Activate a key with id KEY-ID within a zone called ZONE.

       add-zone-key ZONE [zsk|ksk] [bits] [rsasha1|rsasha256|rsasha512|gost|ecdsa256|ecdsa384]
	      Create a new key for zone ZONE, and make it a KSK or a ZSK, with the specified algorithm.

       check-zone ZONE
	      Check a zone for correctness

       deactivate-zone-key ZONE KEY-ID
	      Deactivate a key with id KEY-ID within a zone called ZONE.

       disable-dnssec ZONE
	      Deactivate all keys and unset PRESIGNED in ZONE

       export-zone-dnskey ZONE KEY-ID
	      Export to standard output DNSKEY and DS of key with key id KEY-ID within zone called ZONE.

       export-zone-key ZONE KEY-ID
	      Export to standard output full (private) key with key id KEY-ID within zone called ZONE. The format used is compatible with BIND and
	      NSD/LDNS.

       hash-zone-record ZONE RNAME
	      This convenience command hashes the name 'recordname' according to the NSEC3 settings of ZONE. Refuses to hash  for  zones  with	no
	      NSEC3 settings.

       import-zone-key ZONE FILE [ksk|zsk]
	      Import  from  'filename' a full (private) key for zone called ZONE. The format used is compatible with BIND and NSD/LDNS. KSK or ZSK
	      specifies the flags this key should have on import.

       rectify-zone ZONE
	      Calculates the 'ordername' and 'auth' fields for a zone called ZONE so they comply with DNSSEC settings.	Can  be  used  to  fix	up
	      migrated data. Can always safely be run, it does no harm.

       remove-zone-key ZONE KEY-ID
	      Remove a key with id KEY-ID from a zone called ZONE.

       secure-zone ZONE
	      Configures a zone called ZONE with reasonable DNSSEC settings. You should manually run 'pdnssec rectify-zone' afterwards.

       set-nsec3 ZONE 'params' [narrow]
	      Sets  NSEC3  parameters  for  this  zone.  A sample commandline is: "pdnssec set-nsec3 powerdnssec.org '1 1 1 ab' narrow". The NSEC3
	      parameters must be quoted on the command line.
	      WARNING:
	      If running in RSASHA1 mode (algorithm 5 or 7), switching from NSEC to NSEC3 will require a DS update at the parent zone!

       set-presigned ZONE
	      Switches zone to presigned operation, utilizing in-zone RRSIGs.

       show-zone ZONE
	      Shows all DNSSEC related settings of a zone called ZONE.

       unset-nsec3 ZONE
	      Converts a zone to NSEC operations.
	      WARNING:
	      If running in RSASHA1 mode (algorithm 5 or 7), switching from NSEC to NSEC3 will require a DS update at the parent zone!

       unset-presigned ZONE
	      Disables presigned operation for ZONE.

AUTHOR
       This manual page was written by Matthijs Mohlmann <matthijs@cacholong.nl> for the Debian Project (but may be used by others)

SEE ALSO
       pdns_server(8),pdns_control(8)

PowerDNS							   November 2011							PDNSSEC(8)