1DNSSEC-CHECKDS(8)                   BIND 9                   DNSSEC-CHECKDS(8)
2
3
4

NAME

6       dnssec-checkds - DNSSEC delegation consistency checking tool
7

SYNOPSIS

9       dnssec-checkds  [-ddig  path]  [-Ddsfromkey  path]  [-ffile] [-ldomain]
10       [-sfile] {zone}
11

DESCRIPTION

13       dnssec-checkds verifies the correctness of Delegation Signer  (DS)  re‐
14       source records for keys in a specified zone.
15

OPTIONS

17       -a algorithm
18          Specify  a  digest algorithm to use when converting the zones DNSKEY
19          records to expected DS records. This option can be repeated, so that
20          multiple records are checked for each DNSKEY record.
21
22          The  algorithm must be one of SHA-1, SHA-256, or SHA-384. These val‐
23          ues are case insensitive, and the hyphen may be omitted. If no algo‐
24          rithm is specified, the default is SHA-256.
25
26       -f file
27          If a file is specified, then the zone is read from that file to find
28          the DNSKEY records. If not, then the DNSKEY records for the zone are
29          looked up in the DNS.
30
31       -s file
32          Specifies  a  prepared  dsset  file,  such  as would be generated by
33          dnssec-signzone, to use as a source for  the  DS  RRset  instead  of
34          querying the parent.
35
36       -d dig path
37          Specifies a path to a dig binary. Used for testing.
38
39       -D dsfromkey path
40          Specifies a path to a dnssec-dsfromkey binary. Used for testing.
41

SEE ALSO

43       dnssec-dsfromkey(8), dnssec-keygen(8), dnssec-signzone(8),
44

AUTHOR

46       Internet Systems Consortium
47
49       2021, Internet Systems Consortium
50
51
52
53
549.16.16-RH                                                   DNSSEC-CHECKDS(8)
Impressum