1KEYARCH(1)            User Contributed Perl Documentation           KEYARCH(1)
2
3
4

NAME

6       keyarch - DNSSEC-Tools daemon to archive old KSK and ZSK keys
7

SYNOPSIS

9         keyarch [options] <keyrec_file | rollrec_file>
10

DESCRIPTION

12       The keyarch program archives old KSK and ZSK keys.  Keys are considered
13       old if they are revoked or obsolete.  Keys marked as either kskrev or
14       zskrev are revoked; keys marked as either kskobs or zskobs are
15       obsolete.  Archived keys are prefixed with the seconds-since-epoch as a
16       means of distinguishing a zone's keys that have the same five digit
17       number.
18
19       If the required file argument is a keyrec file, then expired keys
20       listed in that file are archived.  If the file argument is a rollrec
21       file, the keyrec files of the zones in that file are checked for
22       expired keys.
23
24       If the -zone option is given, then only revoked and obsolete keys
25       belonging to the specified zone will be archived.
26
27       The archive directory is either zone-specific (listed in the zone's
28       keyrec record in the zone's keyrec file) or the default archive
29       directory given in the DNSSEC-Tools configuration file.
30
31       The count of archived keys is given as the program's exit code.  Error
32       exit codes are negative.
33

OPTIONS

35       The following options are recognized:
36
37       -zone zone_file
38           Name of the zone whose KSKs will be archived.  If this is not
39           given, then all the zones defined in the rollrec file will be
40           checked.
41
42       -kskonly
43           Only archive KSK keys.
44
45       -zskonly
46           Only archive ZSK keys.
47
48       -dtconfig config_file
49           Name of an alternate DNSSEC-Tools configuration file to be
50           processed.  If specified, this configuration file is used in place
51           of the normal DNSSEC-Tools configuration file not in addition to
52           it.  Also, it will be handled prior to keyrec files, rollrec files,
53           and command-line options.
54
55       -quiet
56           No output will be given.
57
58       -verbose
59           Verbose output will be given.
60
61       -help
62           Display a usage message.
63
64       -Version
65           Displays the version information for keyarch and the DNSSEC-Tools
66           package.
67

EXIT VALUES

69       On success, keyarch's exit code is the number of keys archived.
70
71       keyarch has a 0 exit code if the help message is given.
72
73       keyarch has a negative exit code if an error is encountered.
74

COPYRIGHT

76       Copyright 2007-2014 SPARTA, Inc.  All rights reserved.  See the COPYING
77       file included with the DNSSEC-Tools package for details.
78

AUTHOR

80       Wayne Morrison, tewok@tislabs.com
81

SEE ALSO

83       rollerd(8), zonesigner(8)
84
85       Net::DNS::SEC::Tools::conf.pm(3),
86       Net::DNS::SEC::Tools::dnssectools.pm(3),
87       Net::DNS::SEC::Tools::defaults.pm(3),
88       Net::DNS::SEC::Tools::keyrec.pm(3), Net::DNS::SEC::Tools::rollrec.pm(3)
89
90       keyrec(5), rollrec(5)
91
92
93
94perl v5.38.0                      2023-07-19                        KEYARCH(1)