1DTREALMS(1)           User Contributed Perl Documentation          DTREALMS(1)
2
3
4

NAME

6       dtrealms - Displays defaults defined for DNSSEC-Tools
7

SYNOPSIS

9         dtrealms [options] <realm-file>
10

DESCRIPTION

12       dtrealms manages multiple distinct DNSSEC-Tools rollover environments
13       running simultaneously.  Each rollover environment, called a realm, is
14       defined in a realms file.  dtrealms uses this file to determine how the
15       rollover environment must be initialized such that it can run
16       independently of the other rollover environments on a particular
17       system.  This is useful for such things as managing very large
18       collections of zones, segregating customer zones, and software tests.
19
20       The realms file may be created with realminit.  Currently, the distinct
21       environment for each realm must be created manually.  It is hoped that
22       a tool will soon be available to assist with creating each realm's
23       environment.
24
25       dtrealms isn't necessary for running multiple realms.  However, it does
26       make it easier to manage multiple realms running consecutively.
27

REALM SETUP

29       A realm is primarily defined by its entry in a realms file.  Four
30       fields in particular describe where the realm's files are located and
31       how it runs.  These are the realm's configuration directory, state
32       directory, realm directory, and rollrec file.  These directories are
33       used to set the DT_STATEDIR and DT_SYSCONFDIR environment variables,
34       and the rollrec file defines which zones are managed by the realm's
35       rollover manager.
36
37       https://www.dnssec-tools.org/wiki/index.php/Rollover_Realms:_Multiple,_Simultaneous,_Independent_Rollover_Environments
38       has more information on creating realms.
39
40       configdir
41           The configdir field of the realms file contains the name of the
42           realm's configuration directory.  This file gives command paths and
43           configuration values for running the DNSSEC-Tools.  The DNSSEC-
44           Tools modules expects this directory hierarchy to contain a dnssec-
45           tools subdirectory, and a dnssec-tools.conf file within that
46           subdirectory.  The path fields in the configuration file point to
47           various things, such as commands and key archives.  It is
48           recommended that these paths only point within the configdir
49           hierarchy, other than for system utilities.
50
51           The DT_SYSCONFDIR environment variable is set to the configdir
52           field.  This will tell the DNSSEC-Tools programs and modules where
53           to find their required data.
54
55       statedir
56           The statedir field of the realms file contains the name of the
57           realm's state directory.  This directory contains such files as the
58           rollrec lock file and the rollerd communications socket.  If a
59           realm definition does not contain a statedir field, then that realm
60           will use the configdir field as its statedir field.
61
62           The DT_STATEDIR environment variable is set to the statedir field.
63           This will tell the DNSSEC-Tools programs and modules where to find
64           these files.
65
66       realmdir
67           The realmdir field of the realms file contains the name of the
68           directory in which the realm executes.  This is where the realm's
69           zone, key, and other files are located.
70
71       rollrec
72           The rollrec field of the realms file is the name of the file that
73           controls zone rollover.  This file points to the various keyrec
74           files that define the locations of the zone files and their
75           associated key files.  A realm's rollrec file can locate these
76           files anywhere on the system, but it is strongly recommended that
77           they all remain within the realm's realmdir hierarchy.
78
79       While the DNSSEC-Tools programs will work fine if a realm's
80       configuration, state, and realm directories are actually one directory,
81       it is recommended that at the least the realmdir files be separated
82       from the configdir and statedir files.
83
84       It is further recommended that the files for the various realms be
85       segregated from each other.
86

OPTIONS

88       The following options are handled by dtrealms.
89
90       -directory
91           Directory in which dtrealms will be executed.  Any relative paths
92           given in realms configuration files will use this directory as
93           their base.
94
95       -display
96           Start the grandvizier display program to give a graphical
97           indication of realm status.
98
99       -foreground
100           Run dtrealms in the foreground instead of as a daemon.
101
102       -logfile
103           Logging file to use.
104
105       -loglevel
106           Logging level to use when writing to the log file.  See rolllog(3)
107           for more details.
108
109       -logtz
110           Time zone to use with the log file.  This must be either "gmt" or
111           "local".
112
113       -Version
114           Displays the version information for dtrealms and the DNSSEC-Tools
115           package.
116
117       -help
118           Displays a help message and exits.
119

WARNING

121       This is an early prototype.  Consider it to be beta quality.
122
124       Copyright 2011-2014 SPARTA, Inc.  All rights reserved.  See the COPYING
125       file included with the DNSSEC-Tools package for details.
126

AUTHOR

128       Wayne Morrison, tewok@tislabs.com
129

SEE ALSO

131       grandvizier(8), lsrealm(8), realminit(8), realmset(8)
132
133       Net::DNS::SEC::Tools::realm.pm(3),
134       Net::DNS::SEC::Tools::realmmgr.pm(3),
135       Net::DNS::SEC::Tools::rolllog.pm(3)
136
137
138
139perl v5.32.1                      2021-01-26                       DTREALMS(1)
Impressum