1 <!-- Creator : groff version 1.20.1 -->
2 <!-- CreationDate: Wed Mar 31 18:15:57 2010 -->
3 <!DOCTYPE html PUBLIC
"-//W3C//DTD HTML 4.01 Transitional//EN"
4 "http://www.w3.org/TR/html4/loose.dtd">
7 <meta name=
"generator" content=
"groff -Thtml, see www.gnu.org">
8 <meta http-equiv=
"Content-Type" content=
"text/html; charset=US-ASCII">
9 <meta name=
"Content-Style" content=
"text/css">
10 <style type=
"text/css">
11 p
{ margin-top: 0; margin-bottom: 0; vertical-align: top
}
12 pre
{ margin-top: 0; margin-bottom: 0; vertical-align: top
}
13 table
{ margin-top: 0; margin-bottom: 0; vertical-align: top
}
14 h1
{ text-align: center
}
16 <title>zkt-conf
</title>
21 <h1 align=
"center">zkt-conf
</h1>
23 <a href=
"#NAME">NAME
</a><br>
24 <a href=
"#SYNOPSYS">SYNOPSYS
</a><br>
25 <a href=
"#DESCRIPTION">DESCRIPTION
</a><br>
26 <a href=
"#COMMAND OPTIONS">COMMAND OPTIONS
</a><br>
27 <a href=
"#OPTIONS">OPTIONS
</a><br>
28 <a href=
"#SAMPLE USAGE">SAMPLE USAGE
</a><br>
29 <a href=
"#ENVIRONMENT VARIABLES">ENVIRONMENT VARIABLES
</a><br>
30 <a href=
"#FILES">FILES
</a><br>
31 <a href=
"#AUTHORS">AUTHORS
</a><br>
32 <a href=
"#COPYRIGHT">COPYRIGHT
</a><br>
33 <a href=
"#SEE ALSO">SEE ALSO
</a><br>
43 <p style=
"margin-left:11%; margin-top: 1em">zkt-conf
44 — Secure DNS zone key config tool
</p>
47 <a name=
"SYNOPSYS"></a>
52 <p style=
"margin-left:11%; margin-top: 1em"><b>zkt-conf
</b>
53 [
<b>−V
</b> <i>name
</i>] [
<b>−w
</b>]
54 <b>−d
</b> [
<b>−O
</b> <i>optstr
</i>]
<b><br>
55 zkt-conf
</b> [
<b>−V
</b> <i>name
</i>] [
<b>−w
</b>]
56 [
<b>−s
</b>] [
<b>−c
</b> <i>file
</i>]
57 [
<b>−O
</b> <i>optstr
</i>]
<b><br>
58 zkt-conf
</b> [
<b>−V
</b> <i>name
</i>] [
<b>−w
</b>]
59 <b>−l
</b> [
<b>−a
</b>] [
<b>−c
</b>
60 <i>file
</i>] [
<b>−O
</b> <i>optstr
</i>]
</p>
63 <p style=
"margin-left:11%; margin-top: 1em"><b>zkt-conf
</b>
64 [
<b>−c
</b> <i>file
</i>] [
<b>−w
</b>]
68 <a name=
"DESCRIPTION"></a>
72 <p style=
"margin-left:11%; margin-top: 1em">The
73 <i>zkt-conf
</i> command helps to create and show a config
74 file for use by the Zone Key Tool commands, which are
75 currently
<i>zkt-ls(
8) , zkt-keyman(
8) ,
</i> and
76 <i>zkt-signer(
8)
</i>.
</p>
78 <p style=
"margin-left:11%; margin-top: 1em">In general, the
79 ZKT commands uses up to three consequitive sources for
80 config parameter settings:
</p>
82 <p style=
"margin-left:22%; margin-top: 1em">a) The build-in
83 default parameters
</p>
85 <p style=
"margin-left:22%; margin-top: 1em">b) The side
86 wide config file or the file specified with option -c
87 overloads the built-in vars. The file is
88 <i>/var/named/dnssec.conf
</i> or the one set by the
89 environment variable ZKT_CONFFILE.
</p>
91 <p style=
"margin-left:22%; margin-top: 1em">c) The local
92 config file
<i>dnssec.conf
</i> in the current zone directory
93 also overloads the parameter read so far.
</p>
95 <p style=
"margin-left:11%; margin-top: 1em">Because of the
96 overload feature, none of the config files has to have a
97 complete parameter set. Typically the local config file will
98 have only those parameters which are different from the
99 global or built-in ones.
</p>
101 <p style=
"margin-left:11%; margin-top: 1em">The default
102 operation of
<i>zkt-conf(
8)
</i> is to print the site wide
103 config file (same as option
<b>−s
</b>). Option
104 <b>−d
</b> will print out the built-in defaults while
105 <b>−l
</b> print those local parameters which are
106 different to the global ones. In the last case
107 <b>−a
</b> gives the fully (
<b>−−all
</b>)
110 <p style=
"margin-left:11%; margin-top: 1em">In all forms of
111 the command, the parameters are changeable via option
112 <b>−O
</b> (
<b>−−config-option
</b>).
</p>
114 <p style=
"margin-left:11%; margin-top: 1em">With option
115 <b>−w
</b> (
<b>−−write
</b>) the confg
116 parameters are written back to the config file. This is
117 useful in case of an ZKT upgrade or if one or more
118 parameters are changed by option
<b>−O
</b>.
</p>
120 <p style=
"margin-left:11%; margin-top: 1em">Option
121 <b>−t
</b> checks some of the parameter for reasonable
124 <p style=
"margin-left:11%; margin-top: 1em">Which config
125 file is shown (or modified or checked) is determined by an
126 option.
<b>−d
</b> means the built-in defaults, option
127 <b>−l
</b> is for the local config file and
128 <b>−s
</b> specifies the site wide config file. Option
129 <b>−s
</b> is the default.
</p>
131 <p style=
"margin-left:11%; margin-top: 1em">In the last
132 form of the command, the maximum TTL value of all the
133 resource records of
<i>zonefile
</i> is calculated and print
134 on stdout. Additional, the zonefile is checked if the key
135 database (
<i>dnskey.db
</i>) is included in the zone file. If
136 option
<b>−w
</b> is set, than the INCLUDE directive
137 will be added to the zone file if necessary, and the maximum
138 ttl value is written to a local config file.
</p>
141 <a name=
"COMMAND OPTIONS"></a>
146 <p style=
"margin-left:11%; margin-top: 1em"><b>−h
</b>,
147 <b>−−help
</b></p>
149 <p style=
"margin-left:22%;">Print out the online help.
</p>
151 <p style=
"margin-left:11%;"><b>−d
</b>,
152 <b>−−built-in-defaults
</b></p>
154 <p style=
"margin-left:22%;">List all the built-in default
157 <p style=
"margin-left:11%;"><b>−s
</b>,
158 <b>−−sitecfg
</b></p>
160 <p style=
"margin-left:22%;">List all site wide config
161 parameter (this is the default).
</p>
163 <p style=
"margin-left:11%;"><b>−l
</b>,
164 <b>−−localcfg
</b></p>
166 <p style=
"margin-left:22%;">List local config parameter
167 which are different to the site wide config parameter. With
168 otion
<b>−a
</b> (
<b>−−all
</b>) all config
169 parameters will be shown.
</p>
172 <a name=
"OPTIONS"></a>
177 <p style=
"margin-left:11%; margin-top: 1em"><b>−V
</b>
178 <i>view
</i><b>,
−−view=
</b><i>view
</i></p>
180 <p style=
"margin-left:22%;">Try to read the default
181 configuration out of a file named
182 <i>dnssec-
<view
>.conf .
</i> Instead of specifying the
183 <b>−V
</b> or
<b>−−view
</b> option every
184 time, it is also possible to create a hard or softlink to
185 the executable file and name it like
186 <i>zkt-conf-
<view
> .
</i></p>
188 <p style=
"margin-left:11%;"><b>−c
</b> <i>file
</i><b>,
189 −−config=
</b><i>file
</i></p>
191 <p style=
"margin-left:22%;">Read all parameter from the
192 specified config file. Otherwise the default config file is
193 read or build in defaults will be used.
</p>
195 <p style=
"margin-left:11%;"><b>−O
</b>
197 −−config-option=
</b><i>optstr
</i></p>
199 <p style=
"margin-left:22%;">Set any config file parameter
200 via the commandline. Several config file options could be
201 specified at the argument string but have to be delimited by
202 semicolon (or newline).
</p>
204 <p style=
"margin-left:11%;"><b>−a
</b>,
205 <b>−−all
</b></p>
207 <p style=
"margin-left:22%;">In case of showing the local
208 config file parameter (
<b>−l
</b>) this prints all
209 parameter, not just the ones different to the site wide or
210 built-in defaults.
</p>
213 <a name=
"SAMPLE USAGE"></a>
217 <p style=
"margin-left:11%; margin-top: 1em"><b>zkt-conf
220 <p style=
"margin-left:22%;">Print the built-in default
223 <p style=
"margin-left:11%;"><b>zkt-conf
−d
226 <p style=
"margin-left:22%;">Write all the built-in defaults
227 into the site wide config file.
</p>
229 <p style=
"margin-left:11%;"><b>zkt-conf
−s
−O
230 "SerialFormat: Incremental; Zonedir:
231 /var/named/zones
" <br>
234 <p style=
"margin-left:22%;">Change two parameters in the
235 site wide
<i>dnssec.conf
</i> file.
</p>
237 <p style=
"margin-left:11%;"><b>zkt-conf
−w
240 <p style=
"margin-left:22%;">Add
<b>$INCLUDE dnskey.db
</b>
241 to the zone file and set the maximum ttl paramter in the
242 local config file to the maximum ttl fond in any RR of
245 <h2>ENVIRONMENT VARIABLES
246 <a name=
"ENVIRONMENT VARIABLES"></a>
251 <p style=
"margin-left:11%; margin-top: 1em">ZKT_CONFFILE
</p>
253 <p style=
"margin-left:22%;">Specifies the name of the
254 default global configuration files.
</p>
262 <p style=
"margin-left:11%; margin-top: 1em"><i>/var/named/dnssec.conf
</i></p>
264 <p style=
"margin-left:22%;">Default global configuration
265 file. The name of the default global config file is settable
266 via the environment variable ZKT_CONFFILE.
</p>
269 <p style=
"margin-left:11%;"><i>/var/named/dnssec-
<view
>.conf
</i></p>
271 <p style=
"margin-left:22%;">View specific global
272 configuration file.
</p>
274 <p style=
"margin-left:11%;"><i>./dnssec.conf
</i></p>
276 <p style=
"margin-left:22%;">Local configuration file
277 (additionally used in
<b>−l
</b> mode).
</p>
280 <a name=
"AUTHORS"></a>
284 <p style=
"margin-left:11%; margin-top: 1em">Holger
288 <a name=
"COPYRIGHT"></a>
292 <p style=
"margin-left:11%; margin-top: 1em">Copyright (c)
293 2005 − 2010 by Holger Zuleger. Licensed under the BSD
294 Licences. There is NO warranty; not even for MERCHANTABILITY
295 or FITNESS FOR A PARTICULAR PURPOSE.
</p>
298 <a name=
"SEE ALSO"></a>
303 <p style=
"margin-left:11%; margin-top: 1em">dnssec-keygen(
8),
304 dnssec-signzone(
8), rndc(
8), named.conf(
5), zkt-signer(
8),
305 zkt-ls(
8), zkt-keyman(
8),
<br>
306 RFC4641
"DNSSEC Operational Practices
" by Miek
307 Gieben and Olaf Kolkman,
<br>
308 DNSSEC HOWTO Tutorial by Olaf Kolkman, RIPE NCC
<br>
309 (http://www.nlnetlabs.nl/dnssec_howto/)
</p>
