1CONVERTAR(1) User Contributed Perl Documentation CONVERTAR(1)
2
6 convertar - Converts trust anchor repositories from one format to
7 another
8
10 convertar operates on input and output files of different Trust Anchor
11 Repository (TAR) formats. convertar decides what type of file format
12 is being referred to by a "type:filename" specification. Options can
13 be passed to the convertar module by using a '/' delimited specifier in
14 the type identifier. Such as
15 "type/option=value/other=othervalue:filename". See below for a list of
16 different input and output formats that convertar understands by
17 default and what options they take.
18 See the Net::DNS::SEC::Tools::TrustAnchor module and its documentation
20 for writing new plugins to allow convertar to understand other TAR
21 formats.
22
24 This command will read in an itar.xml file (available from
25 https://itar.iana.org/) and convert it to a file that can be read in by
26 BIND's named application:
27 # convertar -i itar:itar.xml -o bind:bind.conf
29 Read in multiple files, merge them together and write them out to two
31 different output file formats (the libval format is printed to stdout):
32 # convertar -i itar:itar.xml,csv:local.csv -o bind:bind.conf,libval:-
34
36 Types and files (e.g. for the -i and -o switches) are specificied using
37 the following format:
38 type:/path/to/file
40 The type portion of the specification dictates what internal module
42 will attempt to read in the file. The file portion of the
43 specification may or may not be required (but the ':' always is) and
44 may or may not point to a real file, depending on the module in charge
45 of the content. Some modules may, for exmaple, load content from the
46 network. For types that can read and write to a file, a '-' may be
47 specified as a file to print to or read from standard output.
48 File formats MAY be infered from a trailing suffix, if the trailing
50 suffix. EG, if a referenced file is foo.csv then internally convertar
51 will translate this to "csv:foo.csv".
52
54 The following file formats are known by default to convertar:
55 bind
57 A BIND name server (named) compatible trust anchor configuration
58 file. This can be included within a master named.conf file using
59 the "include" directive.
60 The bind option can also take a /write_expectations=1 flag when
62 writing to write an options {} section that will turn on dnssec and
63 require validation for zones from all the imported data.
64 E.G. bind/write_expectations=1:named.conf
66 secspider
68 This is merely an alias that fetches the specspider
69 (http://secspider.cs.ucla.edu/) bind configuration file and then
70 parse it using the bind file format.
71 WARNING: The PGP signature on the downloaded file is NOT checked.
73 csv A comma-separated list format.
75 dump
77 A Perl hash dump format. This should be used mostly for debugging
78 of newly developed modules as it shows the internal hash structure
79 that is passed between modules.
80 itar
82 IANA's itar format, which is an XML-based format of trust anchor
83 keys. IANA's file is available from https://itar.iana.org/.
84 Specifying only 'itar:' line only (or itar:URL), convertar will
86 attempt to retrieve the current remote ITAR respository file
87 directly.
88 WARNING: The PGP signature on the downloaded file is NOT checked.
90 NOTE: support for downloading the ITAR repository over the network
92 requires the LWP::UserAgent module to be installed.
93 libval
95 The libval format is the configuration file format that DNSSEC-
96 Tool's libval library uses.
97 The libval option can also take a /write_expectations=1 flag when
99 writing to specify that the default (:) zone-security-expectation's
100 should be populated to require validation of all the zones with
101 imported data. All other zones will have a policy set to 'ignore.
102 E.G. libval/write_expectations=1:dnsval.conf
104 mf The master file (mf) format is also available from the itar web
106 site.
107 dns The dns format performs live queries of records attached to a
109 domain name to request either DS or DNSKEY records. By default,
110 DNSKEY records will be queried. The specific type to be queried
111 can be specified by preceeding the zone name with a "ds/" or
112 "dnskey/" prefix. Example valid 'dns:' type specifications:
113 dns:dnssec-tools.org
115 dns:ds/dnssec-tools.org
116 dns:dnskey/dnssec-tools.org
117 Also, if you want to read dnskeys from the network but convert them
119 to ds records, you can use the /tods flag:
120 dns/tods=1:dnssec-tools.org
122 The DNS type can not output records and is only useful for reading
124 in information.
125 WARNING: The keys and data being retrieved are not internally
127 validated and thus should not be trusted unless a secured resolver
128 is being used.
129
131 -i STRING
132 --input-file=STRING
133 Input file(s) to process.
134 convertar will read in the specified file(s). Multiple files can
136 be separated by commas.
137 -o STRING
139 --output-file=STRING
140 Output file(s) to write.
141 convertar will write out these specified file(s) in the requested
143 output formats. Multiple files can be separated by commas.
144 -h
146 --help
147 --help-full
148 Displays command line help information.
149 --gui
151 --no-gui
152 Controls the use of the optional GUI.
153
155 Copyright 2009-2013 SPARTA, Inc. All rights reserved. See the COPYING
156 file included with the DNSSEC-Tools package for details.
157
159 Wes Hardaker < hardaker AT users DOT sourceforge DOT net >
160
162 Net::DNS::SEC::Tools::TrustAnchor(3)
163perl v5.30.0 2019-07-24 CONVERTAR(1)