etc/services - sync with NetBSD-8
[minix.git] / external / bsd / bind / dist / bin / python / dnssec-checkds.docbook
blob8c528502e6c09dde3452ff53bb62ff32e92a244b
1 <!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
2                "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
3                [<!ENTITY mdash "&#8212;">]>
4 <!--
5  - Copyright (C) 2012-2014  Internet Systems Consortium, Inc. ("ISC")
6  -
7  - Permission to use, copy, modify, and/or distribute this software for any
8  - purpose with or without fee is hereby granted, provided that the above
9  - copyright notice and this permission notice appear in all copies.
10  -
11  - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
12  - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
13  - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
14  - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
15  - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
16  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
17  - PERFORMANCE OF THIS SOFTWARE.
18 -->
20 <refentry id="man.dnssec-checkds">
21   <refentryinfo>
22     <date>January 01, 2013</date>
23   </refentryinfo>
25   <refmeta>
26     <refentrytitle><application>dnssec-checkds</application></refentrytitle>
27     <manvolnum>8</manvolnum>
28     <refmiscinfo>BIND9</refmiscinfo>
29   </refmeta>
31   <refnamediv>
32     <refname><application>dnssec-checkds</application></refname>
33     <refpurpose>A DNSSEC delegation consistency checking tool.</refpurpose>
34   </refnamediv>
36   <docinfo>
37     <copyright>
38       <year>2012</year>
39       <year>2013</year>
40       <year>2014</year>
41       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
42     </copyright>
43   </docinfo>
45   <refsynopsisdiv>
46     <cmdsynopsis>
47       <command>dnssec-checkds</command>
48       <arg><option>-l <replaceable class="parameter">domain</replaceable></option></arg>
49       <arg><option>-f <replaceable class="parameter">file</replaceable></option></arg>
50       <arg><option>-d <replaceable class="parameter">dig path</replaceable></option></arg>
51       <arg><option>-D <replaceable class="parameter">dsfromkey path</replaceable></option></arg>
52       <arg choice="req">zone</arg>
53     </cmdsynopsis>
54     <cmdsynopsis>
55       <command>dnssec-dsfromkey</command>
56       <arg><option>-l <replaceable class="parameter">domain</replaceable></option></arg>
57       <arg><option>-f <replaceable class="parameter">file</replaceable></option></arg>
58       <arg><option>-d <replaceable class="parameter">dig path</replaceable></option></arg>
59       <arg><option>-D <replaceable class="parameter">dsfromkey path</replaceable></option></arg>
60       <arg choice="req">zone</arg>
61    </cmdsynopsis>
62   </refsynopsisdiv>
64   <refsect1>
65     <title>DESCRIPTION</title>
66     <para><command>dnssec-checkds</command>
67       verifies the correctness of Delegation Signer (DS) or DNSSEC
68       Lookaside Validation (DLV) resource records for keys in a specified
69       zone.
70     </para>
71   </refsect1>
73   <refsect1>
74     <title>OPTIONS</title>
76     <variablelist>
77       <varlistentry>
78         <term>-f <replaceable class="parameter">file</replaceable></term>
79         <listitem>
80           <para>
81             If a <option>file</option> is specified, then the zone is
82             read from that file to find the DNSKEY records.  If not,
83             then the DNSKEY records for the zone are looked up in the DNS.
84           </para>
85         </listitem>
86       </varlistentry>
88       <varlistentry>
89         <term>-l <replaceable class="parameter">domain</replaceable></term>
90         <listitem>
91           <para>
92             Check for a DLV record in the specified lookaside domain, 
93             instead of checking for a DS record in the zone's parent.
94             For example, to check for DLV records for "example.com"
95             in ISC's DLV zone, use:
96             <command>dnssec-checkds -l dlv.isc.org example.com</command>
97           </para>
98         </listitem>
99       </varlistentry>
101       <varlistentry>
102         <term>-d <replaceable class="parameter">dig path</replaceable></term>
103         <listitem>
104           <para>
105             Specifies a path to a <command>dig</command> binary.  Used
106             for testing.
107           </para>
108         </listitem>
109       </varlistentry>
111       <varlistentry>
112         <term>-D <replaceable class="parameter">dsfromkey path</replaceable></term>
113         <listitem>
114           <para>
115             Specifies a path to a <command>dnssec-dsfromkey</command> binary.
116             Used for testing.
117           </para>
118         </listitem>
119       </varlistentry>
120     </variablelist>
121   </refsect1>
123   <refsect1>
124     <title>SEE ALSO</title>
125     <para><citerefentry>
126         <refentrytitle>dnssec-dsfromkey</refentrytitle><manvolnum>8</manvolnum>
127       </citerefentry>,
128       <citerefentry>
129         <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
130       </citerefentry>,
131       <citerefentry>
132         <refentrytitle>dnssec-signzone</refentrytitle><manvolnum>8</manvolnum>
133       </citerefentry>,
134     </para>
135   </refsect1>
137   <refsect1>
138     <title>AUTHOR</title>
139     <para><corpauthor>Internet Systems Consortium</corpauthor>
140     </para>
141   </refsect1>
143 </refentry><!--
144  - Local variables:
145  - mode: sgml
146  - End: