1DTREALMS(1) User Contributed Perl Documentation DTREALMS(1)
2
3
4
6 dtrealms - Displays defaults defined for DNSSEC-Tools
7
9 dtrealms [options] <realm-file>
10
12 dtrealms manages multiple distinct DNSSEC-Tools rollover environments
13 running simultaneously. Each rollover environment, called a realm, is
14 defined in a realms file. dtrealms uses this file to determine how the
15 rollover environment must be initialized such that it can run
16 independently of the other rollover environments on a particular
17 system. This is useful for such things as managing very large
18 collections of zones, segregating customer zones, and software tests.
19
20 The realms file may be created with realminit. Currently, the distinct
21 environment for each realm must be created manually. It is hoped that
22 a tool will soon be available to assist with creating each realm's
23 environment.
24
25 dtrealms isn't necessary for running multiple realms. However, it does
26 make it easier to manage multiple realms running consecutively.
27
29 A realm is primarily defined by its entry in a realms file. Four
30 fields in particular describe where the realm's files are located and
31 how it runs. These are the realm's configuration directory, state
32 directory, realm directory, and rollrec file. These directories are
33 used to set the DT_STATEDIR and DT_SYSCONFDIR environment variables,
34 and the rollrec file defines which zones are managed by the realm's
35 rollover manager.
36
37 https://www.dnssec-tools.org/wiki/index.php/Rollover_Realms:_Multiple,_Simultaneous,_Independent_Rollover_Environments
38 has more information on creating realms.
39
40 configdir
41 The configdir field of the realms file contains the name of the
42 realm's configuration directory. This file gives command paths and
43 configuration values for running the DNSSEC-Tools. The DNSSEC-
44 Tools modules expects this directory hierarchy to contain a dnssec-
45 tools subdirectory, and a dnssec-tools.conf file within that
46 subdirectory. The path fields in the configuration file point to
47 various things, such as commands and key archives. It is
48 recommended that these paths only point within the configdir
49 hierarchy, other than for system utilities.
50
51 The DT_SYSCONFDIR environment variable is set to the configdir
52 field. This will tell the DNSSEC-Tools programs and modules where
53 to find their required data.
54
55 statedir
56 The statedir field of the realms file contains the name of the
57 realm's state directory. This directory contains such files as the
58 rollrec lock file and the rollerd communications socket. If a
59 realm definition does not contain a statedir field, then that realm
60 will use the configdir field as its statedir field.
61
62 The DT_STATEDIR environment variable is set to the statedir field.
63 This will tell the DNSSEC-Tools programs and modules where to find
64 these files.
65
66 realmdir
67 The realmdir field of the realms file contains the name of the
68 directory in which the realm executes. This is where the realm's
69 zone, key, and other files are located.
70
71 rollrec
72 The rollrec field of the realms file is the name of the file that
73 controls zone rollover. This file points to the various keyrec
74 files that define the locations of the zone files and their
75 associated key files. A realm's rollrec file can locate these
76 files anywhere on the system, but it is strongly recommended that
77 they all remain within the realm's realmdir hierarchy.
78
79 While the DNSSEC-Tools programs will work fine if a realm's
80 configuration, state, and realm directories are actually one directory,
81 it is recommended that at the least the realmdir files be separated
82 from the configdir and statedir files.
83
84 It is further recommended that the files for the various realms be
85 segregated from each other.
86
88 The following options are handled by dtrealms.
89
90 -directory
91 Directory in which dtrealms will be executed. Any relative paths
92 given in realms configuration files will use this directory as
93 their base.
94
95 -display
96 Start the grandvizier display program to give a graphical
97 indication of realm status.
98
99 -foreground
100 Run dtrealms in the foreground instead of as a daemon.
101
102 -logfile
103 Logging file to use.
104
105 -loglevel
106 Logging level to use when writing to the log file. See rolllog(3)
107 for more details.
108
109 -logtz
110 Time zone to use with the log file. This must be either "gmt" or
111 "local".
112
113 -Version
114 Displays the version information for dtrealms and the DNSSEC-Tools
115 package.
116
117 -help
118 Displays a help message and exits.
119
121 This is an early prototype. Consider it to be beta quality.
122
124 Copyright 2011-2014 SPARTA, Inc. All rights reserved. See the COPYING
125 file included with the DNSSEC-Tools package for details.
126
128 Wayne Morrison, tewok@tislabs.com
129
131 grandvizier(8), lsrealm(8), realminit(8), realmset(8)
132
133 Net::DNS::SEC::Tools::realm.pm(3),
134 Net::DNS::SEC::Tools::realmmgr.pm(3),
135 Net::DNS::SEC::Tools::rolllog.pm(3)
136
137
138
139perl v5.32.1 2021-01-26 DTREALMS(1)