1GETDNSKEYS(1)         User Contributed Perl Documentation        GETDNSKEYS(1)
2
3
4

NAME

6       getdnskeys - Manage lists of DNSKEYs from DNS zones
7

SYNOPSIS

9           getdnskeys [-i file] [-o file] [-k] [-T] [-t] [-v] [zones]
10

DESCRIPTION

12       getdnskeys manages lists of DNSKEYs from DNS zones.  It may be used to
13       retrieve and compare DNSKEYs.  The output from getdnskeys may be
14       included (directly or indirectly) in a named.conf file.
15

OPTIONS

17       -h  Gives a help message.
18
19       -i path
20           Reads path as a named.conf with which to compare key lists.
21
22       -k  Only looks for Key Signing Keys (KSKs); all other keys are ignored.
23
24       -o file
25           Writes the results to file.
26
27       -T  Checks the current trusted key list from named.conf.
28
29       -t  Encloses output in needed named.conf syntax markers.
30
31       -v  Turns on verbose mode for additional output.
32

EXAMPLES

34       This \cmd{getdnskeys} will retrieve the KSK for example.com:
35
36           getdnskeys -o /etc/named.trustkeys.conf -k -v -t example.com
37
38       This getdnskeys will check saved keys against a live set of keys:
39
40           getdnskeys -i /etc/named.trustkeys.conf -T -k -v -t
41
42       This getdnskeys will automatically update a set of saved keys:
43
44           getdnskeys -i /etc/named.trustkeys.conf -k -t -T -v
45                      -o /etc/named.trustkeys.conf
46

SECURITY ISSUES

48       Currently this does not validate new keys placed in the file in any
49       way, nor does it validate change over keys which have been added.
50
51       It also does not handle revocation of keys.
52
53       It should prompt you before adding a new key so that you can always run
54       the auto-update feature.
55
56
57
58perl v5.8.8                       2007-09-14                     GETDNSKEYS(1)