| blob | 76f949f7364f4ebad501cecae32465dd0af728f5 |
1 .\" $NetBSD: zkt-ls.8,v 1.1.1.1 2015/07/08 15:37:49 christos Exp $
2 .\"
3 .TH zkt-ls 8 "February 25, 2010" "ZKT 1.0" ""
4 \" turn off hyphenation
5 .\" if n .nh
6 .nh
7 .SH NAME
8 zkt\-ls \(em list dnskeys
10 .SH SYNOPSYS
11 .na
12 .B zkt\-ls
13 .B \-H
15 .B zkt\-ls
16 .RB [ \-V|--view
17 .IR "view" ]
18 .RB [ \-c
19 .IR "file" ]
20 .RB [ \-l
21 .IR "list" ]
22 .RB [ \-adefhkLprtz ]
23 .RI [{ keyfile | dir }
24 .RI "" ... ]
26 .B zkt\-ls
27 .B \-T
28 .RB [ \-V|--view
29 .IR "view" ]
30 .RB [ \-c
31 .IR "file" ]
32 .RB [ \-l
33 .IR "list" ]
34 .RB [ \-dhrz ]
35 .RI [{ keyfile | dir }
36 .RI "" ... ]
37 .br
38 .B zkt\-ls
39 .B \-\-list-trustedkeys
40 .RB [ \-V|--view
41 .IR "view" ]
42 .RB [ \-c
43 .IR "file" ]
44 .RB [ \-l
45 .IR "list" ]
46 .RB [ \-dhrz ]
47 .RI [{ keyfile | dir }
48 .RI "" ... ]
50 .B zkt\-ls
51 .B \-M
52 .RB [ \-V|--view
53 .IR "view" ]
54 .RB [ \-c
55 .IR "file" ]
56 .RB [ \-l
57 .IR "list" ]
58 .RB [ \-dhrz ]
59 .RI [{ keyfile | dir }
60 .RI "" ... ]
61 .br
62 .B zkt\-ls
63 .B \-\-list-managedkeys
64 .RB [ \-V|--view
65 .IR "view" ]
66 .RB [ \-c
67 .IR "file" ]
68 .RB [ \-l
69 .IR "list" ]
70 .RB [ \-dhrz ]
71 .RI [{ keyfile | dir }
72 .RI "" ... ]
74 .B zkt\-ls
75 .B \-K
76 .RB [ \-V|--view
77 .IR "view" ]
78 .RB [ \-c
79 .IR "file" ]
80 .RB [ \-l
81 .IR "list" ]
82 .RB [ \-dhkrz ]
83 .RI [{ keyfile | dir }
84 .RI "" ... ]
85 .br
86 .B zkt\-ls
87 .B \-\-list-dnskeys
88 .RB [ \-V|--view
89 .IR "view" ]
90 .RB [ \-c
91 .IR "file" ]
92 .RB [ \-l
93 .IR "list" ]
94 .RB [ \-dhkrz ]
95 .RI [{ keyfile | dir }
96 .RI "" ... ]
98 .SH DESCRIPTION
99 The
100 .I zkt-ls
101 command list all dnssec zone keys found in the given or predefined
102 default directory.
103 It is also possible to specify keyfiles (K*.key) as arguments.
104 With option
105 .B \-r
106 subdirectories will be searched recursively and all dnssec keys found
107 are listed, sorted by domain name, key type and generation time.
108 In that mode the use of option
109 .B \-p
110 may be helpful to find the location of the keyfile in the directory tree.
111 .PP
112 Other forms of the command, print out keys in a format suitable for
113 a trusted- or managed-key section
114 .RB ( \-T or \-M )
115 or as a DNSKEY
116 .RB ( \-K )
117 resource record.
119 .SH GENERAL OPTIONS
120 .TP
121 .BI \-V " view" ", \-\-view=" view
122 Try to read the default configuration out of a file named
123 .I dnssec-<view>.conf .
124 Instead of specifying the \-V or --view option every time,
125 it is also possible to create a hard or softlink to the
126 executable file to give it an additional name like
127 .I zkt-ls-<view> .
128 .TP
129 .BI \-c " file" ", \-\-config=" file
130 Read default values from the specified config file.
131 Otherwise the default config file is read or build in defaults
132 will be used.
133 .TP
134 .BI \-O " optstr" ", \-\-config-option=" optstr
135 Set any config file option via the commandline.
136 Several config file options could be specified at the argument string
137 but have to be delimited by semicolon (or newline).
138 .TP
139 .BI \-l " list" ", \-\-label=" list
140 Print out information solely about domains given in the comma or space separated
141 list.
142 Take care of, that every domain name has a trailing dot.
143 .TP
144 .BR \-d ", " \-\-directory
145 Skip directory arguments.
146 This will be useful in combination with wildcard arguments
147 to prevent dnsssec-zkt to list all keys found in subdirectories.
148 For example "zkt-ls -d *" will print out a list of all keys only found in
149 the current directory.
150 Maybe it is easier to use "zkt-ls ." instead (without -r set).
151 The option works similar to the \-d option of
152 .IR ls(1) .
153 .TP
154 .BR \-L ", " \-\-left-justify
155 Print out the domain name left justified.
156 .TP
157 .BR \-k ", " \-\-ksk
158 Select and print key signing keys only (default depends on command mode).
159 .TP
160 .BR \-z ", " \-\-zsk
161 Select and print zone signing keys only (default depends on command mode).
162 .TP
163 .BR \-r ", " \-\-recursive
164 Recursive mode (default is off).
165 .br
166 Also settable in the dnssec.conf file (Parameter: Recursive).
167 .TP
168 .BR \-p ", " \-\-path
169 Print pathname in listing mode.
170 In -C mode, don't create the new key in the same directory as (already existing)
171 keys with the same label.
172 .TP
173 .BR \-a ", " \-\-age
174 Print age of key in weeks, days, hours, minutes and seconds (default is off).
175 .br
176 Also settable in the dnssec.conf file (Parameter: PrintAge).
177 .TP
178 .BR \-f ", " \-\-lifetime
179 Print the key lifetime.
180 .TP
181 .BR \-e ", " \-\-exptime
182 Print the key expiration time.
183 .TP
184 .BR \-t ", " \-\-time
185 Print the key generation time (default is on).
186 .br
187 Also settable in the dnssec.conf file (Parameter: PrintTime).
188 .TP
189 .B \-h
190 No header or trusted-key resp. managed-key section header and trailer in \-T or \-M mode.
192 .SH COMMAND OPTIONS
193 .TP
194 .BR \-H ", " \-\-help
195 Print out the online help.
196 .TP
197 .BR \-T ", " \-\-list-trustedkeys
198 List all key signing keys as a
199 .I named.conf
200 trusted-key section.
201 Use
202 .B \-h
203 to supress the section header/trailer.
204 .TP
205 .BR \-K ", " \-\-list-dnskeys
206 List the public part of all the keys in DNSKEY resource record format.
207 Use
208 .B \-h
209 to suppress comment lines.
211 .SH SAMPLE USAGE
212 .TP
213 .fam C
214 .B "zkt\-ls \-r .
215 .fam T
216 Print out a list of all zone keys found below the current directory.
217 .TP
218 .fam C
219 .B "zkt\-ls \-Z \-c """"
220 .fam T
221 Print out the compiled in default parameters.
222 .TP
223 .fam C
224 .B "zkt\-ls \-T ./zonedir/example.net
225 .fam T
226 Print out a trusted-key section containing the key signing keys of "example.net".
227 .TP
228 .fam C
229 .B "zkt\-ls --view intern
230 .fam T
231 Print out a list of all zone keys found below the directory where all
232 the zones of view intern live.
233 There should be a seperate dnssec config file
234 .I dnssec-intern.conf
235 with a directory option to take affect of this.
236 .TP
237 .fam C
238 .B "zkt\-ls\-intern
239 .fam T
240 Same as above.
241 The binary file
242 .I zkt\-ls
243 has another link, named
244 .I zkt\-ls\-intern
245 made, and
246 .I zkt\-ls
247 examines argv[0] to find a view whose zones it proceeds to process.
249 .SH ENVIRONMENT VARIABLES
250 .TP
251 ZKT_CONFFILE
252 Specifies the name of the default global configuration files.
254 .SH FILES
255 .TP
256 .I /var/named/dnssec.conf
257 Built-in default global configuration file.
258 The name of the default global config file is settable via
259 the environment variable ZKT_CONFFILE.
260 .TP
261 .I /var/named/dnssec-<view>.conf
262 View specific global configuration file.
263 .TP
264 .I ./dnssec.conf
265 Local configuration file (only used in
266 .B \-C
267 mode).
269 .SH BUGS
270 .PP
271 Some of the general options will not be meaningful in all of the command modes.
272 .br
273 The option
274 .B \-l
275 and the ksk rollover options
276 insist on domain names ending with a dot.
278 .SH AUTHORS
279 Holger Zuleger
281 .SH COPYRIGHT
282 Copyright (c) 2005 \- 2010 by Holger Zuleger.
283 Licensed under the BSD Licences. There is NO warranty; not even for MERCHANTABILITY or
284 FITNESS FOR A PARTICULAR PURPOSE.
285 .\"--------------------------------------------------
286 .SH SEE ALSO
287 dnssec-keygen(8), dnssec-signzone(8), rndc(8), named.conf(5), zkt-conf(8), zkt-keyman(8), zkt-signer(8)
288 .br
289 RFC4641
290 "DNSSEC Operational Practices" by Miek Gieben and Olaf Kolkman,
291 .br
292 DNSSEC HOWTO Tutorial by Olaf Kolkman, RIPE NCC
293 .br
294 (http://www.nlnetlabs.nl/dnssec_howto/)