1ROLLINIT(1) User Contributed Perl Documentation ROLLINIT(1)
2
6 rollinit - Create new rollrec records for a DNSSEC-Tools rollrec file.
7
9 rollinit [options] <zonename1> ... <zonenameN>
10
12 rollinit creates new rollrec entries for a rollrec file. This rollrec
13 file will be used by rollerd to manage key rollover for the named
14 domains.
15 A rollrec entry has this format:
17 roll "example.com"
19 zonefile "example.com.signed"
20 keyrec "example.com.krf"
21 kskphase "0"
22 zskphase "0"
23 administrator "bob@bobhost.example.com"
24 directory "/var/dns/zones/example.com"
25 loglevel "phase"
26 ksk_rolldate " "
27 ksk_rollsecs "0"
28 zsk_rolldate " "
29 zsk_rollsecs "0"
30 maxttl "604800"
31 display "1"
32 phasestart "Mon Jan 9 16:00:00 2006"
33 The zonefile and keyrec fields are set according to command-line
35 options and arguments. The manner of generating the rollrec's actual
36 values is a little complex and is described in the ZONEFILE And KEYREC
37 FIELDS section below.
38 The administrator field is set to "bob@bobhost.example.com" to indicate
40 that the email messages to the zone's administrator should be sent to
41 "bob@bobhost.example.com".
42 The directory field is set to "/var/dns/zones/example.com" to indicate
44 that the files for this zone should be found in /var/dns/zones/exam‐
45 ple.com. This includes the zone file, the signed zone file, and the
46 keyrec file.
47 The loglevel field is set to "phase" to indicate that rollerd should
49 only log phase-level (and greater) log messages for this zone.
50 The kskphase field is set to 0 to indicate that the zone is in normal
52 operation (non-rollover) for KSK keys. The zskphase field is set to 0
53 to indicate that the zone is in normal operation (non-rollover) for ZSK
54 keys.
55 The ksk_rolldate and ksk_rollsecs fields are set to indicate that the
57 zone has not yet undergone KSK rollover.
58 The zsk_rolldate and zsk_rollsecs fields are set to indicate that the
60 zone has not yet undergone ZSK rollover.
61 The display field is set to indicate that blinkenlights should display
63 the record. The maxttl and phasestart fields are set to dummy values.
64 The keywords roll and skip indicate whether rollerd should process or
66 ignore a particular rollrec entry. roll records are created by
67 default; skip entries are created if the -skip option is specified.
68 The newly generated rollrec entries are written to standard output,
70 unless the -out option is specified.
71
73 The zonefile and keyrec fields may be given by using the -zone and
74 -keyrec options, or default values may be used.
75 The default values use the rollrec's zone name, taken from the command
77 line, as a base. .signed is appended to the domain name for the zone
78 file; .krf is appended to the domain name for the keyrec file.
79 If -zone or -keyrec are specified, then the options values are used in
81 one of two ways:
82 1. A single domain name is given on the command line.
84 The option values for -zone and/or -keyrec are used for the actual
85 rollrec fields.
86 2. Multiple domain names are given on the command line.
88 The option values for -zone and/or -keyrec are used as templates
89 for the actual rollrec fields. The option values must contain the
90 string =. This string is replaced by the domain whose rollrec is
91 being created.
92 See the EXAMPLES section for examples of how options are used by
94 rollinit.
95
97 rollinit may be given the following options:
98 -zone zonefile
100 This specifies the value of the zonefile field. See the ZONEFILE
101 And KEYREC FIELDS and EXAMPLES sections for more details.
102 -keyrec keyrec-file
104 This specifies the value of the keyrec field. See the ZONEFILE And
105 KEYREC FIELDS and EXAMPLES sections for more details.
106 -admin
108 This specifies the value of the administrator field. If it is not
109 given, an administrator field will not be included for the record.
110 -directory
112 This specifies the value of the directory field. If it is not
113 given, a directory field will not be included for the record.
114 -loglevel
116 This specifies the value of the loglevel field. If it is not
117 given, a loglevel field will not be included for the record.
118 -skip
120 By default, roll records are generated. If this option is given,
121 then skip records will be generated instead.
122 -out output-file
124 The new rollrec entries will be appended to output-file. The file
125 will be created if it does not exist.
126 If this option is not given, the new rollrec entries will be writ‐
128 ten to standard output.
129 -help
131 Display a usage message.
132 -Version
134 Display version information for rollinit and DNSSEC-Tools.
135
137 The following options should make clear how rollinit deals with options
138 and the new rollrecs. Example 1 will show the complete new rollrec
139 record. For the sake of brevity, the remaining examples will only show
140 the newly created zonefile and keyrec records.
141 Example 1. One domain, no options
143 This example shows the rollrec generated by giving rollinit a single
145 domain, without any options.
146 $ rollinit example.com
148 roll "example.com"
149 zonefile "example.com.signed"
150 keyrec "example.com.krf"
151 kskphase "0"
152 zskphase "0"
153 ksk_rolldate " "
154 ksk_rollsecs "0"
155 zsk_rolldate " "
156 zsk_rollsecs "0"
157 maxttl "0"
158 display "1"
159 phasestart "new"
160 Example 2. One domain, -zone option
162 This example shows the rollrec generated by giving rollinit a single
164 domain, with the -zone option.
165 $ rollinit -zone signed-example example.com
167 roll "example.com"
168 zonefile "signed-example"
169 keyrec "example.com.krf"
170 Example 3. One domain, -keyrec option
172 This example shows the rollrec generated by giving rollinit a single
174 domain, with the -keyrec option.
175 $ rollinit -keyrec x-rrf example.com
177 roll "example.com"
178 zonefile "example.com.signed"
179 keyrec "x-rrf"
180 Example 4. One domain, -zone and -keyrec options
182 This example shows the rollrec generated by giving rollinit a single
184 domain, with the -zone and -keyrec options.
185 $ rollinit -zone signed-example -keyrec example.rrf example.com
187 roll "example.com"
188 zonefile "signed-example"
189 keyrec "example.rrf"
190 Example 5. One domain, -skip option
192 This example shows the rollrec generated by giving rollinit a single
194 domain, with the -zone and -keyrec options.
195 $ rollinit -skip example.com
197 skip "example.com"
198 zonefile "example.com.signed"
199 keyrec "example.com.krf"
200 Example 6. Multiple domains, no options
202 This example shows the rollrecs generated by giving rollinit several
204 domains, without any options.
205 $ rollinit example1.com example2.com
207 roll "example1.com"
208 zonefile "example1.com.signed"
209 keyrec "example1.com.krf"
210 roll "example2.com"
212 zonefile "example2.com.signed"
213 keyrec "example2.com.krf"
214 Example 7. Multiple domains, -zone option
216 This example shows the rollrecs generated by giving rollinit several
218 domains, with the -zone option.
219 $ rollinit -zone =-signed example1.com example2.com
221 roll "example1.com"
222 zonefile "example1.com-signed"
223 keyrec "example1.com.krf"
224 roll "example2.com"
226 zonefile "example2.com-signed"
227 keyrec "example2.com.krf"
228 Example 8. Multiple domains, -keyrec option
230 This example shows the rollrecs generated by giving rollinit several
232 domains, with the -keyrec option.
233 $ rollinit -keyrec zone-=-keyrec example1.com example2.com
235 roll "example1.com"
236 zonefile "example1.com.signed"
237 keyrec "zone-example1.com-keyrec"
238 roll "example2.com"
240 zonefile "example2.com.signed"
241 keyrec "zone-example2.com-keyrec"
242 Example 9. Multiple domains, -zone and -keyrec options
244 This example shows the rollrecs generated by giving rollinit several
246 domains, with the -zone and -keyrec options.
247 $ rollinit -zone Z-= -keyrec =K example1.com example2.com
249 roll "example1.com"
250 zonefile "Z-example1.com"
251 keyrec "example1.comK"
252 roll "example2.com"
254 zonefile "Z-example2.com"
255 keyrec "example2.comK"
256 Example 10. Single domain, -zone and -keyrec options with template
258 This example shows the rollrec generated by giving rollinit a single
260 domain, with the -zone and -keyrec options. The options use the multi-
261 domain = template.
262 $ rollinit -zone Z-= -keyrec =.K example.com
264 roll "example.com"
265 zonefile "Z-="
266 keyrec "=.K"
267 This is probably not what is wanted, since it results in the zonefile
269 and keyrec field values containing the =.
270 Example 11. Multiple domains, -zone and -keyrec options without tem‐
272 plate
273 This example shows the rollrecs generated by giving rollinit several
275 domains, with the -zone and -keyrec options. The options do not use
276 the multi-domain = template.
277 $ rollinit -zone ex.zone -keyrec ex.krf example1.com example2.com
279 roll "example1.com"
280 zonefile "ex.zone"
281 keyrec "ex.krf"
282 roll "example2.com"
284 zonefile "ex.zone"
285 keyrec "ex.krf"
286 This may not be what is wanted, since it results in the same zonefile
288 and keyrec fields values for each rollrec.
289
291 Copyright 2006-2007 SPARTA, Inc. All rights reserved. See the COPYING
292 file included with the DNSSEC-Tools package for details.
293
295 Wayne Morrison, tewok@users.sourceforge.net
296
298 lsroll(1), rollerd(8), rollchk(8), zonesigner(8)
299 Net::DNS::SEC::Tools::keyrec.pm(3), Net::DNS::SEC::Tools::rollrec.pm(3)
301 Net::DNS::SEC::Tools::file-keyrec.pm(5),
303 Net::DNS::SEC::Tools::file-rollrec.pm(5)
304perl v5.8.8 2007-09-14 ROLLINIT(1)