Remove building with NOCRYPTO option

[minix.git] / external / bsd / bind / dist / contrib / zkt-1.1.3 / man / zkt-conf.8

.\"     $NetBSD: zkt-conf.8,v 1.1.1.1 2015/07/08 15:37:49 christos Exp $
.\"
.TH zkt-conf 8 "February 22, 2010" "ZKT 1.0" ""
\" turn off hyphenation
.\"     if n .nh
.nh
.SH NAME
zkt-conf \(em Secure DNS zone key config tool 

.SH SYNOPSYS
.na
.B zkt-conf
.RB [ \-V
.IR "name" ]
.RB [ \-w ]
.B \-d
.RB [ \-O
.IR "optstr" ]
.br
.B zkt-conf
.RB [ \-V
.IR "name" ]
.RB [ \-w ]
.RB [ \-s ]
.RB [ \-c
.IR "file" ]
.RB [ \-O
.IR "optstr" ]
.br
.B zkt-conf
.RB [ \-V
.IR "name" ]
.RB [ \-w ]
.B  \-l
.RB [ \-a ]
.RB [ \-c
.IR "file" ]
.RB [ \-O
.IR "optstr" ]

.B zkt-conf
.RB [ \-c
.IR "file" ]
.RB [ \-w ]
.I "zonefile"

.br
.ad
.SH DESCRIPTION
The 
.I zkt-conf
command helps to create and show a config file for use by
the Zone Key Tool commands, which are currently
.I zkt-ls(8) ,
.I zkt-keyman(8) ,
and
.IR zkt-signer(8) .
.PP
In general, the ZKT commands uses up to three consequitive sources for config
parameter settings:
.IP
a)
The build-in default parameters
.IP
b)
The side wide config file or the file specified with option -c
overloads the built-in vars.
The file is 
.I /var/named/dnssec.conf
or the one set by the environment variable ZKT_CONFFILE.
.IP
c)
The local config file 
.I dnssec.conf
in the current zone directory also overloads the parameter read so far.
.PP
Because of the overload feature, none of the config files has to have
a complete parameter set.
Typically the local config file will have only those parameters which are
different from the global or built-in ones.
.PP
The default operation of
.I zkt-conf(8)
is to print the site wide config file (same as option
.BR \-s ).
Option
.B \-d
will print out the built-in defaults while
.B \-l
print those local parameters which are different to the global ones.
In the last case
.B \-a
gives the fully
.RB ( \-\-all )
parameter list.
.PP
In all forms of the command, the parameters are changeable via option
.B \-O
.RB ( \-\-config-option ).
.PP
With option
.B \-w
.RB ( \-\-write )
the confg parameters are written back to the config file.
This is useful in case of an ZKT upgrade or if one or more parameters are changed
by option
.BR \-O .
.PP
Option 
.B \-t
checks some of the parameter for reasonable values.
.PP
.PP
Which config file is shown (or modified or checked) is determined by an option.
.B \-d
means the built-in defaults, option
.B \-l
is for the local config file and
.B \-s
specifies the site wide config file.
Option
.B \-s
is the default.
.PP
In the last form of the command, the
maximum TTL value of all the resource records of
.I zonefile
is calculated and print on stdout.
Additional, the zonefile is checked if the key database
.RI ( dnskey.db )
is included in the zone file.
If option
.B \-w
is set, than the INCLUDE directive will be added to the zone file if
necessary, and the maximum ttl value is written to a local config file.

.SH COMMAND OPTIONS
.TP
.BR \-h ", " \-\-help
Print out the online help.
.TP
.BR \-d ", " \-\-built-in-defaults
List all the built-in default parameter.
.TP
.BR \-s ", " \-\-sitecfg
List all site wide config parameter (this is the default).
.TP
.BR \-l ", "  \-\-localcfg
List local config parameter which are different to the site wide config
parameter.
With otion
.B \-a
.RB ( \-\-all )
all config parameters will be shown.

.SH OPTIONS
.TP
.BI \-V " view" ", \-\-view=" view
Try to read the default configuration out of a file named
.I dnssec-<view>.conf .
Instead of specifying the
.B \-V
or
.B \-\-view
option every time, it is also possible to create a hard or softlink to the
executable file and name it like 
.I zkt-conf-<view> .
.TP
.BI \-c " file" ", \-\-config=" file
Read all parameter from the specified config file.
Otherwise the default config file is read or build in defaults
will be used.
.TP
.BI \-O " optstr" ", \-\-config-option=" optstr
Set any config file parameter via the commandline.
Several config file options could be specified at the argument string
but have to be delimited by semicolon (or newline).
.TP
.BR \-a ", " \-\-all
In case of showing the local config file parameter
.RB ( \-l )
this prints all parameter, not just the ones different to the site wide
or built-in defaults.

.SH SAMPLE USAGE
.TP 
.fam C
.B "zkt-conf \-d
.fam T
Print the built-in default config pars.
.TP
.fam C
.B "zkt-conf \-d \-w
.fam T
Write all the built-in defaults into the site wide config file.
.TP
.fam C
.B "zkt-conf \-s \-O ""SerialFormat: Incremental; Zonedir: /var/named/zones"" \-w"
.fam T
Change two parameters in the site wide
.I dnssec.conf
file.
.TP
.fam C
.B "zkt-conf \-w zone.db
.fam T
Add
.B "$INCLUDE dnskey.db"
to the zone file and set the maximum ttl paramter in the local config file
to the maximum ttl fond in any RR of
.IR zone.db .

.SH ENVIRONMENT VARIABLES
.TP
ZKT_CONFFILE
Specifies the name of the default global configuration files.

.SH FILES
.TP
.I /var/named/dnssec.conf
Default global configuration file.
The name of the default global config file is settable via
the environment variable ZKT_CONFFILE.
.TP
.I /var/named/dnssec-<view>.conf
View specific global configuration file.
.TP
.I ./dnssec.conf
Local configuration file (additionally used in
.B \-l
mode).

.SH AUTHORS
Holger Zuleger

.SH COPYRIGHT
Copyright (c) 2005 \- 2010 by Holger Zuleger.
Licensed under the BSD Licences. There is NO warranty; not even for MERCHANTABILITY or
FITNESS FOR A PARTICULAR PURPOSE.
.\"--------------------------------------------------
.SH SEE ALSO
dnssec-keygen(8), dnssec-signzone(8), rndc(8), named.conf(5), zkt-signer(8), zkt-ls(8), zkt-keyman(8),
.br
RFC4641 
"DNSSEC Operational Practices" by Miek Gieben and Olaf Kolkman,
.br
DNSSEC HOWTO Tutorial by Olaf Kolkman, RIPE NCC
.br
(http://www.nlnetlabs.nl/dnssec_howto/)