1ROLLCHK(1)            User Contributed Perl Documentation           ROLLCHK(1)
2
3
4

NAME

6       rollchk - Check a DNSSEC-Tools rollrec file for problems and
7       inconsistencies.
8

SYNOPSIS

10         rollchk [-roll | -skip] [-count] [-quiet] [-verbose] [-help] rollrec-file
11

DESCRIPTION

13       This script checks the rollrec file specified by rollrec-file for
14       problems and inconsistencies.
15

TYPES OF CHECKS

17       There are three types of checks performed by rollchk:  file checks,
18       "raw" file checks, and rollrec checks.  The checks are performed in
19       that order, and if any of the group checks fail then rollchk exits.
20
21   File Checks
22       These checks determine basic information about the rollrec file itself.
23       Recognized problems are:
24
25       ·   non-existent rollrec file
26
27           The specified rollrec file does not exist.
28
29       ·   non-regular rollrec file
30
31           The specified rollrec file is not a regular file.
32
33   Raw File Checks
34       These checks are performed directly on the file contents, rather than
35       by using the rollrec.pm interfaces.  Recognized problems are:
36
37       ·   duplicated rollrec names
38
39           A rollrec name is not unique.
40
41   Rollrec Checks
42       These checks are performed after referencing the file contents with the
43       the rollrec.pm interfaces.  Recognized problems are:
44
45       ·   no zones defined
46
47           No zones are defined in the specified rollrec file.
48
49       ·   invalid KSK rollover phase
50
51           A zone has an invalid KSK rollover phase.  These phases may be 0,
52           1, 2, 3, 4, 5, 6, or 7; any other value is invalid.
53
54       ·   mismatch in KSK timestamp data
55
56           A zone's KSK roll-seconds timestamp does not translate into the
57           date stored in its roll-date string.
58
59       ·   invalid ZSK rollover phase
60
61           A zone has an invalid ZSK rollover phase.  These phases may be 0,
62           1, 2, 3, or 4; any other value is invalid.
63
64       ·   mismatch in ZSK timestamp data
65
66           A zone's ZSK roll-seconds timestamp does not translate into the
67           date stored in its roll-date string.
68
69       ·   contemporaneous KSK and ZSK rollovers
70
71           A zone has a KSK rollover occurring at the same time as a ZSK
72           rollover.  A zone may only have one rollover phase be non-zero at a
73           time.
74
75       ·   in rollover without a phasestart
76
77           A zone is currently in rollover, but its rollrec record does not
78           have a phasestart field.
79
80       ·   empty administrator
81
82           A zone has an empty administrator field.  This field must contain a
83           non-empty data value.  The value itself is not parsed for accuracy.
84
85       ·   non-existent directory
86
87           Several checks are made for a zone's directory.  If the zone has a
88           directory specified, the directory must exist and it must be an
89           actual directory.
90
91       ·   invalid display flag
92
93           A zone has an invalid display flag.  This flag may be 0 or 1; any
94           other value is invalid.
95
96       ·   non-positive maxttl
97
98           The maximum TTL value must be greater than zero.
99
100       ·   zone file checks
101
102           Several checks are made for a zone's zone file.  The zone file must
103           exist, it must be a regular file, and it must not be of zero
104           length.
105
106           If the file is not an absolute path and the file's rollrec has a
107           directory entry, then the directory is prepended to the filename
108           prior to performing any checks.
109
110       ·   keyrec file checks
111
112           Several checks are made for a zone's keyrec file.  The keyrec file
113           must exist, it must be a regular file, and it must not be of zero
114           length.
115
116           If the file is not an absolute path and the file's rollrec has a
117           directory entry, then the directory is prepended to the filename
118           prior to performing any checks.
119
120       ·   zonename checks
121
122           Several checks are made for zonename.  The zonename must maatch the
123           SOA name in the zone file, and the zonename's keyrec record in its
124           keyrec file must be a zone record.
125
126       ·   empty zsargs
127
128           A zone has an empty zonesigner-arguments field.  If this field
129           exists, it must contain a non-empty data value.  The value itself
130           is not parsed for accuracy.
131

OPTIONS

133       -roll
134           Only display rollrecs that are active ("roll") records.  This
135           option is mutually exclusive of the -skip option.
136
137       -skip
138           Only display rollrecs that are inactive ("skip") records.  This
139           option is mutually exclusive of the -roll option.
140
141       -count
142           Display a final count of errors.
143
144       -quiet
145           Do not display messages.  This option supersedes the setting of the
146           -verbose option.
147
148       -verbose
149           Display many messages.  This option is subordinate to the -quiet
150           option.
151
152       -Version
153           Displays the version information for rollchk and the DNSSEC-Tools
154           package.
155
156       -help
157           Display a usage message.
158

COPYRIGHT

160       Copyright 2006-2011 SPARTA, Inc.  All rights reserved.  See the COPYING
161       file included with the DNSSEC-Tools package for details.
162

AUTHOR

164       Wayne Morrison, tewok@users.sourceforge.net
165

SEE ALSO

167       lsroll(8), rollerd(8), rollinit(8)
168
169       Net::DNS::SEC::Tools::rollrec.pm(3)
170
171       file-rollrec(5), keyrec(8)
172
173
174
175perl v5.12.4                      2011-10-12                        ROLLCHK(1)