1ROLLCHK(1) User Contributed Perl Documentation ROLLCHK(1)
2
6 rollchk - Check a DNSSEC-Tools rollrec file for problems and
7 inconsistencies.
8
10 rollchk [-roll | -skip] [-count] [-quiet] [-verbose] [-help] rollrec-file
11
13 This script checks the rollrec file specified by rollrec-file for
14 problems and inconsistencies.
15
17 There are four types of checks performed by rollchk: file checks,
18 "raw" file checks, info rollrec checks, and rollrec checks. The checks
19 are performed in that order, and if any of the group checks fail then
20 rollchk exits.
21 File Checks
23 These checks determine basic information about the rollrec file itself.
24 Recognized problems are:
25 · non-existent rollrec file
27 The specified rollrec file does not exist.
29 · non-regular rollrec file
31 The specified rollrec file is not a regular file.
33 Raw File Checks
35 These checks are performed directly on the file contents, rather than
36 by using the rollrec.pm interfaces. Recognized problems are:
37 · duplicated rollrec names
39 A rollrec name is not unique.
41 Info Rollrec Checks
43 These checks are performed to ensure the info rollrec is valid.
44 Recognized problems are:
45 · negative version
47 The version number in the info rollrec is less than 0.
49 · overly large version
51 The version number in the info rollrec is greater than 2.
53 · invalid version
55 The version number in the info rollrec is not 0, 1, or 2.
57 Rollrec Checks
59 These checks are performed after referencing the file contents with the
60 the rollrec.pm interfaces. Recognized problems are:
61 · no zones defined
63 No zones are defined in the specified rollrec file.
65 · invalid KSK rollover phase
67 A zone has an invalid KSK rollover phase. These phases may be 0,
69 1, 2, 3, 4, 5, 6, or 7; any other value is invalid.
70 · mismatch in KSK timestamp data
72 A zone's KSK roll-seconds timestamp does not translate into the
74 date stored in its roll-date string.
75 · invalid ZSK rollover phase
77 A zone has an invalid ZSK rollover phase. These phases may be 0,
79 1, 2, 3, or 4; any other value is invalid.
80 · mismatch in ZSK timestamp data
82 A zone's ZSK roll-seconds timestamp does not translate into the
84 date stored in its roll-date string.
85 · contemporaneous KSK and ZSK rollovers
87 A zone has a KSK rollover occurring at the same time as a ZSK
89 rollover. A zone may only have one rollover phase be non-zero at a
90 time.
91 · in rollover without a phasestart
93 A zone is currently in rollover, but its rollrec record does not
95 have a phasestart field.
96 · empty administrator
98 A zone has an empty administrator field. This field must contain a
100 non-empty data value. The value itself is not parsed for accuracy.
101 · non-existent directory
103 Several checks are made for a zone's directory. If the zone has a
105 directory specified, the directory must exist and it must be an
106 actual directory.
107 · invalid display flag
109 A zone has an invalid display flag. This flag may be 0 or 1; any
111 other value is invalid.
112 · non-positive maxttl
114 The maximum TTL value must be greater than zero.
116 · zone file checks
118 Several checks are made for a zone's zone file. The zone file must
120 exist, it must be a regular file, and it must not be of zero
121 length.
122 If the file is not an absolute path and the file's rollrec has a
124 directory entry, then the directory is prepended to the filename
125 prior to performing any checks.
126 · keyrec file checks
128 Several checks are made for a zone's keyrec file. The keyrec file
130 must exist, it must be a regular file, and it must not be of zero
131 length.
132 If the file is not an absolute path and the file's rollrec has a
134 directory entry, then the directory is prepended to the filename
135 prior to performing any checks.
136 · zonename checks
138 Several checks are made for zonename. The zonename must maatch the
140 SOA name in the zone file, and the zonename's keyrec record in its
141 keyrec file must be a zone record.
142 · empty zsargs
144 A zone has an empty zonesigner-arguments field. If this field
146 exists, it must contain a non-empty data value. The value itself
147 is not parsed for accuracy.
148
150 -roll
151 Only display rollrecs that are active ("roll") records. This
152 option is mutually exclusive of the -skip option.
153 -skip
155 Only display rollrecs that are inactive ("skip") records. This
156 option is mutually exclusive of the -roll option.
157 -count
159 Display a final count of errors.
160 -quiet
162 Do not display messages. This option supersedes the setting of the
163 -verbose option.
164 -verbose
166 Display many messages. This option is subordinate to the -quiet
167 option.
168 -Version
170 Displays the version information for rollchk and the DNSSEC-Tools
171 package.
172 -help
174 Display a usage message.
175
177 Copyright 2006-2014 SPARTA, Inc. All rights reserved. See the COPYING
178 file included with the DNSSEC-Tools package for details.
179
181 Wayne Morrison, tewok@tislabs.com
182
184 lsroll(8), rollerd(8), rollinit(8)
185 Net::DNS::SEC::Tools::rollrec.pm(3)
187 file-rollrec(5), keyrec(8)
189perl v5.30.1 2020-01-28 ROLLCHK(1)