1DNSSEC-CHECKDS(8) BIND9 DNSSEC-CHECKDS(8)
2
6 dnssec-checkds - A DNSSEC delegation consistency checking tool.
7
9 dnssec-checkds [-l domain] [-f file] [-d dig path] [-D dsfromkey path]
10 {zone}
11 dnssec-dsfromkey [-l domain] [-f file] [-d dig path]
13 [-D dsfromkey path] {zone}
14
16 dnssec-checkds verifies the correctness of Delegation Signer (DS) or
17 DNSSEC Lookaside Validation (DLV) resource records for keys in a
18 specified zone.
19
21 -f file
22 If a file is specified, then the zone is read from that file to
23 find the DNSKEY records. If not, then the DNSKEY records for the
24 zone are looked up in the DNS.
25 -l domain
27 Check for a DLV record in the specified lookaside domain, instead
28 of checking for a DS record in the zone's parent. For example, to
29 check for DLV records for "example.com" in ISC's DLV zone, use:
30 dnssec-checkds -l dlv.isc.org example.com
31 -d dig path
33 Specifies a path to a dig binary. Used for testing.
34 -D dsfromkey path
36 Specifies a path to a dnssec-dsfromkey binary. Used for testing.
37
39 dnssec-dsfromkey(8), dnssec-keygen(8), dnssec-signzone(8),
40
42 Internet Systems Consortium
43
45 Copyright © 2012, 2013 Internet Systems Consortium, Inc. ("ISC")
46BIND9 April 11, 2012 DNSSEC-CHECKDS(8)