1 <!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
2 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
3 [<!ENTITY mdash "—">]>
5 - Copyright (C) 2012-2014 Internet Systems Consortium, Inc. ("ISC")
7 - Permission to use, copy, modify, and/or distribute this software for any
8 - purpose with or without fee is hereby granted, provided that the above
9 - copyright notice and this permission notice appear in all copies.
11 - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
12 - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
13 - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
14 - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
15 - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
16 - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
17 - PERFORMANCE OF THIS SOFTWARE.
20 <refentry id="man.dnssec-checkds">
22 <date>January 01, 2013</date>
26 <refentrytitle><application>dnssec-checkds</application></refentrytitle>
27 <manvolnum>8</manvolnum>
28 <refmiscinfo>BIND9</refmiscinfo>
32 <refname><application>dnssec-checkds</application></refname>
33 <refpurpose>A DNSSEC delegation consistency checking tool.</refpurpose>
41 <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
47 <command>dnssec-checkds</command>
48 <arg><option>-l <replaceable class="parameter">domain</replaceable></option></arg>
49 <arg><option>-f <replaceable class="parameter">file</replaceable></option></arg>
50 <arg><option>-d <replaceable class="parameter">dig path</replaceable></option></arg>
51 <arg><option>-D <replaceable class="parameter">dsfromkey path</replaceable></option></arg>
52 <arg choice="req">zone</arg>
55 <command>dnssec-dsfromkey</command>
56 <arg><option>-l <replaceable class="parameter">domain</replaceable></option></arg>
57 <arg><option>-f <replaceable class="parameter">file</replaceable></option></arg>
58 <arg><option>-d <replaceable class="parameter">dig path</replaceable></option></arg>
59 <arg><option>-D <replaceable class="parameter">dsfromkey path</replaceable></option></arg>
60 <arg choice="req">zone</arg>
65 <title>DESCRIPTION</title>
66 <para><command>dnssec-checkds</command>
67 verifies the correctness of Delegation Signer (DS) or DNSSEC
68 Lookaside Validation (DLV) resource records for keys in a specified
74 <title>OPTIONS</title>
78 <term>-f <replaceable class="parameter">file</replaceable></term>
81 If a <option>file</option> is specified, then the zone is
82 read from that file to find the DNSKEY records. If not,
83 then the DNSKEY records for the zone are looked up in the DNS.
89 <term>-l <replaceable class="parameter">domain</replaceable></term>
92 Check for a DLV record in the specified lookaside domain,
93 instead of checking for a DS record in the zone's parent.
94 For example, to check for DLV records for "example.com"
95 in ISC's DLV zone, use:
96 <command>dnssec-checkds -l dlv.isc.org example.com</command>
102 <term>-d <replaceable class="parameter">dig path</replaceable></term>
105 Specifies a path to a <command>dig</command> binary. Used
112 <term>-D <replaceable class="parameter">dsfromkey path</replaceable></term>
115 Specifies a path to a <command>dnssec-dsfromkey</command> binary.
124 <title>SEE ALSO</title>
126 <refentrytitle>dnssec-dsfromkey</refentrytitle><manvolnum>8</manvolnum>
129 <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
132 <refentrytitle>dnssec-signzone</refentrytitle><manvolnum>8</manvolnum>
138 <title>AUTHOR</title>
139 <para><corpauthor>Internet Systems Consortium</corpauthor>