1TRUSTMAN(1) User Contributed Perl Documentation TRUSTMAN(1)
2
6 trustman - Manage keys used as trust anchors
7
9 trustman [options]
10
12 trustman manages keys used by DNSSEC as trust anchors. It may be used
13 as a daemon for ongoing key verification or manually for initialization
14 and one-time key verification.
15 By default, trustman runs as a daemon to ensure that keys stored
17 locally in configuration files still match the same keys fetched from
18 the zone where they are defined. (named.conf and dnsval.conf are the
19 usual configuration files.) These checks can be run once manually (-S)
20 and in the foreground (-f).
21 For each key mismatch check, if key mismatches are detected then trust‐
23 man performs the following operations:
24 - sets an add hold-down timer for new keys;
26 - sets a remove hold-down timer for missing keys;
27 - removes revoked keys from the configuration file.
28 On subsequent runs, the timers are checked. If the timers have
30 expired, keys are added or removed from the configuration file, as
31 appropriate.
32
34 trustman can also set up configuration data in the DNSSEC-Tools config‐
35 uration file for later use by the daemon. This makes fewer command
36 line arguments necessary on subsequent executions. (The configuration
37 file is in dnssec-tools.conf.)
38 Configuration data is stored in dnssec-tools.conf. The current version
40 requires you to edit dnssec-tools.conf by hand and supply values for
41 the contact person's email address (tacontact) and the SMTP server
42 (tasmtpserver). If necessary, edit the location of named.conf and
43 dnsval.conf in that file.
44
46 trustman takes a number of options, each of which is described in this
47 section. Each option name may be shortened to the minimum number of
48 unique characters, but some options also have an alias (as noted.) The
49 single-letter form of each option is denoted in parentheses, e.g.:
50 --anchor_data_file (-a).
51 --anchor_data_file datafile (-a)
53 A persistent data file for storing new keys waiting to be added.
54 --config (-c)
56 Create a configure file for trustman from the command line options
57 given.
58 --dnsval_conf_file conffile (-k)
60 A dnsval.conf file to read.
61 --zone zone (-z)
63 The zone to check. Specifying this option supersedes the default
64 configuration file.
65 --foreground (-f)
67 Run in the foreground.
68 --hold_time seconds (-w)
70 The value of the hold-down timer.
71 --mail_contact_addr email-address (-m)
73 Mail address for the contact person to whom reports should be sent.
74 --named_conf_file conffile (-n)
76 A named.conf file to read.
77 --no_error (-N)
79 Send report when there are no errors.
80 --outfile output-file (-o)
82 Output file for configuration.
83 --print (-p)
85 Log/print messages to stdout.
86 --resolv_conf_file conffile (-r)
88 A resolv.conf file to read. /dev/null can be specified to force
89 libval to recursively answer the query rather than asking other
90 name servers).
91 --smtp_server smtpservername (-s)
93 SMTP server that trustman should use to send reports by mail.
94 --single_run (-S)
96 Run only once.
97 --syslog (-L)
99 Log messages to syslog.
100 --sleeptime seconds (-t)
102 The number of seconds to sleep between checks. Default is 3600 (one
103 hour.)
104 --test_revoke
106 Use this option to test the REVOKE bit. No known implementation of
107 the REVOKE bit exists to date.
108 --help (-h)
110 Display a help message.
111 --verbose (-v)
113 Verbose output.
114 --version (-V)
116 Display version information.
117
119 Copyright 2006-2007 SPARTA, Inc. All rights reserved. See the COPYING
120 file included with the DNSSEC-Tools package for details.
121
123 Lindy Foster, lfoster@users.sourceforge.net
124
126 Net::DNS::SEC::Tools::conf.pm(3), Net::DNS::SEC::Tools::defaults.pm(3),
127 dnssec-tools.conf(5)
129perl v5.8.8 2007-09-14 TRUSTMAN(1)