1LSDNSSEC(1)           User Contributed Perl Documentation          LSDNSSEC(1)
2
3
4

NAME

6       lsdnssec - List DNSSEC components of zones from files or directories
7

SYNOPSIS

9         lsdnssec [-d 1-9] [OPTIONS] [FILES OR DIRECTORIES...]
10

DESCRIPTION

12       The lsdnssec program summarizes information about DNSSEC-related files.
13       These files may be specified on the command line or found in
14       directories that were given on the command line.  The -d flag controls
15       the amount of detail in the lsdnssec output.
16
17       lsdnssec displays the following information about each zone for which
18       it collects information:
19
20       keys
21           Key information is shown about the keys currently in use.  A bar
22           graph is included that shows the age of the key with respect to the
23           configured expected key lifetime.
24
25           This information is collected from any .krf files lsdnssec finds.
26
27       rolling status
28           If any zone keys are being rolled via rollerd, then the status of
29           the rolling state is shown.  The time needed to reach the next
30           state is also displayed.
31
32           This information is collected from any .rollrec or .rrf files found
33           by lsdnssec.
34

OPTIONS

36       -z ZONENAME1[,ZONENAME2]
37       --zone=ZONENAME1[,ZONENAME2]
38           Only prints information about the named zone(s).
39
40       -p NUMBER
41       --phase=NUMBER
42           Only prints information about zones currently being rolled by
43           rollerd and where either a zsk or a ksk rollover is taking place
44           and is in phase NUMBER.
45
46           If the phase NUMBER is specified as 0, then any zone in any rolling
47           phase will be printed (but not zones that aren't being rolled at
48           all).
49
50           This flag is especially useful to find all of your zones that are
51           currently in KSK rolling phase 6, which requires operator
52           intervention to propagate the new DS records into the parent zone.
53
54       -r
55       --roll-status
56           Show only rolling information from the rollrec files.  By default
57           both roll-state and key information is shown.
58
59       -k
60       --key-data
61           Show only keying information from the krf files.  By default both
62           roll-state and key information is shown.
63
64       -K
65       --key-gen-time
66           Normally rollerd calculates the age of a key based on the last time
67           a key was rolled.  However, it's also possible to calculate the age
68           of a key based on the difference between the time of execution and
69           when the key was created (which was typically before the rolling
70           began).  The -K flag switches to this second mode of key age
71           calculation (which will not match how rollerd actually performs).
72
73       -M
74       --monitor
75           The -M flag gives an abbreviated version of lsdnssec output that is
76           intended for use by monitoring systems.  It displays the zone name,
77           the rollover phase, and the time remaining in that phase.  This
78           option implicitly sets the -r flag on and sets the detail level to
79           1.
80
81       -d 1-9
82       --detail 1-9
83           Controls the amount of information shown in the output.  A level of
84           9 shows everything; a level of 1 shows a minimal amount.  The
85           default level is 5.
86
87       --debug
88           Turns on extra debugging information.
89
91       Copyright 2009-2014 SPARTA, Inc.  All rights reserved.  See the COPYING
92       file included with the DNSSEC-Tools package for details.
93

AUTHOR

95       Wes Hardaker <hardaker AT AT AT users.sourceforge.net>
96

SEE ALSO

98       lskrf(1)
99
100       zonesigner(8), rollerd(8)
101
102
103
104perl v5.28.1                      2018-08-29                       LSDNSSEC(1)
Impressum