ldns-keyfetcher \- retrieve the DNSSEC DNSKEYs for a zone
.SH SYNOPSIS
.B ldns-keyfetcher
+[
+.IR OPTIONS
+]
.IR DOMAIN
.SH DESCRIPTION
.SH OPTIONS
+\fB-4\f \fI\fR
+Only use IPv4
+
+\fB-6\f \fI\fR
+Only use IPv6
+
+\fB-h\f \fI\fR
+Show a help text and exit
+
+\fB-i\fR
+Insecurer mode; there will only be one query for the DNSKEYS. There will not
+be crosschecking of all authoritative nameservers.
+
\fB-v\f \fIverbosity\fR
Set the verbosity level. The following levels are available:
format. The default is /etc/named.root. You can get this file from
http://www.internic.net/zones/named.root.
+\fB-s\f \fI\fR
+Don't print the keys to stdout, but store them in files.
+
+The filenames will be of the format K<file>.+<alg>.+<keytag>.key
+
.SH AUTHOR
Written by Jelte Jansen for NLnet Labs.
fprintf(fp, "-4\t\tUse IPv4 only\n");
fprintf(fp, "-6\t\tUse IPv6 only\n");
fprintf(fp, "-h\t\tShow this help\n");
+ fprintf(fp, "-i\t\tInsecurer mode; don't do checks, just query for the keys\n");
fprintf(fp, "-r <file>\tUse file to read root hints from\n");
fprintf(fp, "-s\t\tDon't print the keys but store them in files\n\t\tcalled K<file>.+<alg>.+<keytag>.key\n");
fprintf(fp, "-v <int>\tVerbosity level (0-5, not verbose-very verbose)\n");
- fprintf(fp, "-i\tInsecurer mode; don't do checks, just query for the keys\n");
}
ldns_rr_list *
} else if (strncmp("-h", argv[i], 3) == 0) {
usage(stdout, argv[0]);
exit(EXIT_SUCCESS);
+ } else if (strncmp("-i", argv[i], 2) == 0) {
+ insecure = true;
} else if (strncmp("-r", argv[i], 2) == 0) {
if (strlen(argv[i]) > 2) {
root_file = argv[i]+2;
verbosity = atoi(argv[i+1]);
i++;
}
- } else if (strncmp("-i", argv[i], 2) == 0) {
- insecure = true;
} else {
/* create a rdf from the command line arg */
if (domain) {
.TH ldns-keygen 1 "30 May 2005"
.SH NAME
-ldns-keygen \- generate a keypair and print out the public part as a DNSKEY RR
+ldns-keygen \- generate a DNSSEC key pair
.SH SYNOPSIS
.B ldns-keygen
[
.IR DOMAIN
.SH DESCRIPTION
-\fBldns-keygen\fR is used to generate a private/public keypair. When run it
+\fBldns-keygen\fR is used to generate a private/public keypair. When run, it
will create 3 files; a .key file with the public DNSKEY, a .private
file with the private keydata and a .ds with the DS record of the
DNSKEY record.
-It prints out the basename for
all these files: (K<name>+<alg>+<id>
+It prints out the basename for
these files: K<name>+<alg>+<id>
.SH OPTIONS
.TP
-\fBR\fR
+\fB-R\fR
Generate a RSA key.
.TP
-\fBD\fR
+\fB-D\fR
Generate a DSA key.
.TP
-\fBk\fR
+\fB-k\fR
When given generate a key signing key. This just sets the flag field to
257 instead of 256.
.TP
-\fBb \fIbits\fR
+\fB-b \fIbits\fR
Use this many bits for the key length.
.TP
-\fbr \fdevice\fR
+\fb-r \fIdevice\fR
Make ldns-keygen use this file for its random data. This will default
to /dev/random.
+.TP
+\fb-v\fR
+Show the version and exit
+
.SH AUTHOR
Written by the ldns team as an example for ldns usage.
.SH SYNOPSIS
.B ldns-signzone
[
-.IR OPTION
+.IR OPTIONS
]
.IR ZONEFILE
.IR
Set expiration date of the signatures to this date, the format can be
YYYYMMDD[hhmmss], or a timestamp.
+.TP
+\fB-f\f \fIfile\fR
+Use this file to store the signed zone in (default <originalfile>.signed)
+
.TP
\fB-i\f \fIdate\fR
Set inception date of the signatures to this date, the format can be
YYYYMMDD[hhmmss], or a timestamp.
.TP
-\fB-f\f \fIfile\fR
-Use this file to store the signed zone in (default <originalfile>.signed)
+\fB-l\fR
+Leave old DNSSEC RRSIGS and NSEC records intact (by default, they are removed from the zone)
.TP
\fB-o\f \fIorigin\fR
Use this as the origin of the zone, if it cannot be read from the zonefile
+.TP
+\fB-v\fR
+Print the version and exit
+
+.TP
+\fB-E\f \fIname\fR
+Use the EVP cryptographic engine with the given name for signing. This can have some extra options; see ENGINE OPTIONS for more information.
+
+
+.TP
+\fB-k\f \fIid,int\fR
+Use the key with the given id as the signing key for algorithm int as a Zone signing key.
+
+.TP
+\fB-K\f \fIid,int\fR
+Use the key with the given id as the signing key for algorithm int as a Key signing key.
+
+
.SH AUTHOR
Written by the ldns team as an example for ldns usage.
projects / thirdparty / ldns.git / commitdiff
