1CLEANARCH(1)          User Contributed Perl Documentation         CLEANARCH(1)
2
3
4

NAME

6       cleanarch - Clean a DNSSEC-Tools key archive of old keys
7

SYNOPSIS

9         cleanarch [options] <keyrec-file | rollrec-file>
10

DESCRIPTION

12       cleanarch deletes old keys from a DNSSEC-Tools key archive.  Key "age"
13       and archives are determined by options and arguments.
14
15       Command line options and arguments allow selection of archives, keys to
16       delete, amount of output to provide.  The options are divided into
17       three groups:  archive selection, key selection, and output format.
18       Complete information on options is provided in the OPTIONS section.
19
20       cleanarch takes a single argument (as distinguished from an option.)
21       This argument may be either a keyrec file or a rollrec file.  If the
22       file is a keyrec file, the archive directory for its zone keyrecs are
23       added to the list of archives to clean.  If the file is a rollrec file,
24       keyrec files for its zones are searched for the zones' archive
25       directory, and those directories are added to the list of archives to
26       clean.  If a zone does not have an archive directory explicitly
27       defined, then the DNSSEC-Tools default will be cleaned.  The archives
28       specified by this argument may be modified by archive-selection
29       options.
30
31       The archive-selection options combine with the keyrec or rollrec file
32       to select a set of archive directories to clean.  (Some options can
33       take the place of the file argument.)
34
35       The key-selection options allow the set of keys to be deleted to
36       contain an entire archive, a particular zone's keys, or all the keys
37       prior to a certain date.
38
39       The output-format options sets how much output will be given.  Without
40       any options selected, the names of keys will be printed as they are
41       deleted.  If the -verbose option is given, then the directories
42       selected for searching and the keys selected for deletion will be
43       printed.  If the -dirlist option is given, then the directories
44       selected for searching will be printed and no other action will be
45       taken.  If the -list option is given, then the keys selected for
46       deletion will be printed and no other action will be taken.
47
48       cleanarch only cleans the archive directories; the keyrec files are
49       left intact.  The cleankrf command should be used in conjunction with
50       cleanarch in order to have a consistent environment.
51

OPTIONS

53   Archive-Selection Options
54       The following options allow the user to select the archives to be
55       cleaned.
56
57       -archive directory
58           This option specifies an archive directory to be cleaned.
59
60       -defarch
61           This option indicates that the default archive directory (named in
62           the DNSSEC-Tools configuration file) should be cleaned.
63
64       -zone zone
65           This option indicates that zone is the only zone whose archive will
66           be cleaned.  If the archive directory is shared by other zones then
67           their keys may also be deleted.
68
69   Key-Selection Options
70       The following options allow the user to select the keys to be deleted.
71
72       -all
73           Deletes all keys in the selected archives.  This option may not be
74           used with any other key-selection options.
75
76       -days days
77           Deletes all keys except those whose modification date is within the
78           days full days preceding the current day.
79
80       -onezone zone
81           Only keys with zone in the key's filename are deleted.  This is
82           intended for use in cleaning a multi-zone key archive.
83
84           This does not validate that zone is an actual zone.  Any string can
85           be used here.  For example, using "private" will select old private
86           key files for deletion and using "com" will select any filename
87           that contains "com".
88
89   Options for Output Control
90       The following options allow the user to control cleanarch's output.
91
92       -dirlist
93           This option lists the selected archive directories.  No other
94           action is taken.
95
96       -list
97           This option lists the selected keys.  No other action is taken.
98
99       -quiet
100           Display no output.
101
102       -verbose
103           Display verbose output.
104
105       -Version
106           Displays the version information for cleanarch and the DNSSEC-Tools
107           package.
108
109       -help
110           Display a usage message and exit.
111

WARNINGS

113       The user is advised to invest a bit of time testing this tool prior to
114       putting it into production use.  Once a key is deleted, it is gone.
115       Some may find this to be detrimental to the health of their DNSSEC-
116       Tools installation.
117
119       Copyright 2007-2014 SPARTA, Inc.  All rights reserved.  See the COPYING
120       file included with the DNSSEC-Tools package for details.
121

AUTHOR

123       Wayne Morrison, tewok@tislabs.com
124

SEE ALSO

126       cleankrf(8), lskrf(8), zonesigner(8)
127
128       Net::DNS::SEC::Tools::keyrec.pm(3), Net::DNS::SEC::Tools::rollrec.pm(3)
129
130       dnssec-tools.conf(5), keyrec.pm(5), rollrec.pm(5)
131
132
133
134perl v5.34.0                      2022-01-20                      CLEANARCH(1)
Impressum