1DTINITCONF(1)         User Contributed Perl Documentation        DTINITCONF(1)
2
3
4

NAME

6       dtinitconf - Creates a DNSSEC-Tools configuration file
7

SYNOPSIS

9         dtinitconf [options]
10

DESCRIPTION

12       The dtinitconf program initializes the DNSSEC-Tools configuration file.
13       By default, the actual configuration file will be created, though the
14       created file can be specified by the user.  Existing files, whether the
15       default or one specified by the user, will not be overwritten unless
16       specifically directed by the user.
17
18       Each configuration field can be individually specified on the command
19       line.  The user will also be prompted for the fields, with default val‐
20       ues taken from the DNSSEC-Tools defaults.pm module.  If the -noprompt
21       option is given, then a default configuration file (modulo command-line
22       arguments) will be created.
23
24       Configuration entries are created for several BIND programs.  Several
25       locations on the system are searched to find the locations of these
26       programs.  First, the directories in the path environment variable are
27       checked; the names of any directories that contain the BIND programs
28       are saved.  Next, several common locations for BIND programs are
29       checked; again, the names of directories that contain the BIND programs
30       are saved.  After collecting these directories, the user is presented
31       with this list and may choose to use whichever set is desired.  If no
32       directories are found that contain the BIND programs, the user is
33       prompted for the proper location.
34
35       If the configuration file's parent directory does not exist, then an
36       attempt is made to create the directory.  The new directory's ownership
37       will be set to root for the owner and dnssec for the group, assuming
38       the dnssec group exists.
39

OPTIONS

41       dtinitconf takes options that control the contents of the newly gener‐
42       ated DNSSEC-Tools configuration file.  Each configuration file entry
43       has a corresponding command-line option.  The options, described below,
44       are ordered in logical groups.
45
46       Key-related Options
47
48       These options deal with different aspects of creating and managing
49       encryption keys.
50
51       -algorithm algorithm
52           Selects the cryptographic algorithm. The value of algorithm must be
53           one that is recognized by dnssec-keygen.
54
55       -ksklength keylen
56           The default KSK key length to be passed to dnssec-keygen.
57
58       -ksklife lifespan
59           The default length of time between KSK roll-overs.  This is mea‐
60           sured in seconds.
61
62           This value is only used for key roll-over.  Keys do not have a
63           life-time in any other sense.
64
65       -zskcount ZSK-count
66           The default number of ZSK keys that will be created for a zone.
67
68       -zsklength keylen
69           The default ZSK key length to be passed to dnssec-keygen.
70
71       -zsklife lifespan
72           The default length of time between ZSK roll-overs.  This is mea‐
73           sured in seconds.
74
75           This value is only used for key roll-over.  Keys do not have a
76           life-time in any other sense.
77
78       -random randomdev
79           The random device generator to be passed to dnssec-keygen.
80
81       Zone-related Options
82
83       These options deal with different aspects of zone signing.
84
85       -endtime endtime
86           The zone default expiration time to be passed to dnssec-signzone.
87
88       DNSSEC-Tools Options
89
90       These options deal specifically with functionality provided by
91       DNSSEC-Tools.
92
93       -admin email-address
94           admin is the email address of the DNSSEC-Tools administrator.  This
95           is the default address used by the dt_adminmail() routine.
96
97       -archivedir directory
98           directory is the archived-key directory.  Old encryption keys are
99           moved to this directory, but only if they are to be saved and not
100           deleted.
101
102       -binddir directory
103           directory is the directory holding the BIND programs.
104
105       -entropy_msg
106           A flag indicating that zonesigner should display a message about
107           entropy generation.  This is primarily dependent on the implementa‐
108           tion of a system's random number generation.
109
110       -noentropy_msg
111           A flag indicating that zonesigner should not display a message
112           about entropy generation.  This is primarily dependent on the
113           implementation of a system's random number generation.
114
115       -roll-logfile logfile
116           logfile is the logfile for the rollerd daemon.
117
118       -roll-loglevel loglevel
119           loglevel is the logging level for the rollerd daemon.
120
121       -roll-sleep sleep-time
122           sleep-time is the sleep-time for the rollerd daemon.
123
124       -savekeys
125           A flag indicating that old keys should be moved to the archive
126           directory.
127
128       -nosavekeys
129           A flag indicating that old keys should not be moved to the archive
130           directory but will instead be left in place.
131
132       -usegui
133           A flag indicating that the GUI for specifying command options may
134           be used.
135
136       -nousegui
137           A flag indicating that the GUI for specifying command options
138           should not be used.
139
140       dtinitconf Options
141
142       These options deal specifically with dtinitconf.
143
144       -outfile conffile
145           The configuration file will be written to conffile.  If this is not
146           given, then the default configuration file (as returned by
147           Net::DNS::SEC::Tools::conf::getconffile()) will be used.
148
149           If conffile is given as -, then the new configuration file will be
150           written to the standard output.
151
152           conffile must be writable.
153
154       -overwrite
155           If -overwrite is specified, existing output files may be overwrit‐
156           ten.  Without -overwrite, if the output file is found to exist then
157           dtinitconf will give an error message and exit.
158
159       -noprompt
160           If -noprompt is specified, the user will not be prompted for any
161           input.  The configuration file will be created from command-line
162           options and DNSSEC-Tools defaults.  Guesses will be made for the
163           BIND paths, based on the PATH environment variable.
164
165           WARNING:  After using the -noprompt option, the configuration file
166           must be checked to ensure that the defaults are appropriate and
167           acceptable for the installation.
168
169       -edit
170           If -edit is specified, the output file will be edited after it has
171           been created.  The EDITOR environment variable is consulted for the
172           editor to use.  If the EDITOR environment variable isn't defined,
173           then the vi editor will be used.
174
175       -verbose
176           Provide verbose output.
177
178       -help
179           Display a usage message and exit.
180

COPYRIGHT

182       Copyright 2006-2007 SPARTA, Inc.  All rights reserved.  See the COPYING
183       file included with the DNSSEC-Tools package for details.
184

AUTHOR

186       Wayne Morrison, tewok@users.sourceforge.net
187

SEE ALSO

189       dnssec-keygen(8), dnssec-signzone(8), named-checkzone(8), rollerd(8),
190       zonesigner(8)
191
192       Net::DNS::SEC::Tools::conf.pm(3), Net::DNS::SEC::Tools::defaults.pm(3),
193       Net::DNS::SEC::Tools::dnssectools.pm(3), Net::DNS::SEC::Tools::toolop‐
194       tions.pm(3), QWizard.pm(3)
195
196       dnssec-tools.conf(5)
197
198
199
200perl v5.8.8                       2007-09-14                     DTINITCONF(1)