1CLEANKRF(1) User Contributed Perl Documentation CLEANKRF(1)
2
6 cleankrf - Clean a DNSSEC-Tools keyrec files of old data
7
9 cleankrf [options] <keyrec-files>
10
12 cleankrf cleans old data out of a set of DNSSEC-Tools keyrec files.
13 The old data are obsolete signing sets, orphaned keys, and obsolete
14 keys.
15 Obsolete signing sets are set keyrecs unreferenced by a zone keyrec.
17 Revoked signing sets are considered obsolete by cleankrf.
18 Orphaned keys are KSK and ZSK key keyrecs unreferenced by a set keyrec.
20 Obsolete keys are key keyrecs with a keyrec_type of kskobs or zskobs.
22 cleankrf's exit code is the count of orphaned and obsolete keyrecs
24 found.
25
27 -count
28 Display a final count of old keyrecs found in the keyrec files.
29 This option allows the count to be displayed even if the -quiet
30 option is given.
31 -list
33 The key keyrecs are checked for old keyrecs, but they are not
34 removed from the keyrec file. The names of the old keyrecs are
35 displayed.
36 -rm Delete the key files, both .key and .private, from orphaned and
38 expired keyrecs.
39 -quiet
41 Display no output.
42 -verbose
44 Display output about referenced keys and unreferenced keys.
45 -Version
47 Displays the version information for cleankrf and the DNSSEC-Tools
48 package.
49 -help
51 Display a usage message.
52
54 Copyright 2004-2014 SPARTA, Inc. All rights reserved. See the COPYING
55 file included with the DNSSEC-Tools package for details.
56
58 Wayne Morrison, tewok@tislabs.com
59
61 fixkrf(8), lskrf(8), zonesigner(8)
62 Net::DNS::SEC::Tools::keyrec.pm(3)
64 file-keyrec.pm(5)
66perl v5.38.0 2023-07-19 CLEANKRF(1)