This can be used to hide noisy details such as key states, and keys that
have been fully retired.
dst_algorithm_t algorithm = 0;
/* variables for -status */
bool status = false;
+ bool verbose = false;
char output[4096];
isc_stdtime_t now, when;
isc_time_t timenow, timewhen;
CHECK(DNS_R_SYNTAX);
}
+ if (status) {
+ /* Check for options */
+ for (;;) {
+ ptr = next_token(lex, text);
+ if (ptr == NULL) {
+ msg = "Bad format";
+ CHECK(ISC_R_UNEXPECTEDEND);
+ } else if (argcheck(ptr, "v")) {
+ verbose = true;
+ } else if (ptr[0] == '-') {
+ msg = "Unknown option";
+ CHECK(DNS_R_SYNTAX);
+ } else {
+ zonetext = ptr;
+ }
+ break;
+ }
+ }
+
if (rollover || checkds) {
/* Check for options */
for (;;) {
See also :option:`rndc addzone` and :option:`rndc modzone`.
-.. option:: dnssec (-status | -step | -rollover -key id [-alg algorithm] [-when time] | -checkds [-key id [-alg algorithm]] [-when time] published | withdrawn)) zone [class [view]]
+.. option:: dnssec (-status [-v] | -step | -rollover -key id [-alg algorithm] [-when time] | -checkds [-key id [-alg algorithm]] [-when time] published | withdrawn)) zone [class [view]]
This command allows you to interact with the "dnssec-policy" of a given
zone.
``rndc dnssec -status`` show the DNSSEC signing state for the specified
- zone.
+ zone. Add ``-v`` to show more verbose output on key states.
``rndc dnssec -step`` sends a signal to an instance of :iscman:`named` for a
zone configured with ``dnssec-policy`` in manual mode, telling it to
projects / thirdparty / bind9.git / commitdiff
