doc/man/dnssec-keyfromlabel.8in
doc/man/dnssec-keygen.8in
doc/man/dnssec-keymgr.8in
+doc/man/dnssec-ksr.8in
doc/man/dnssec-revoke.8in
doc/man/dnssec-settime.8in
doc/man/dnssec-signzone.8in
dnssec-dsfromkey
dnssec-keyfromlabel
dnssec-keygen
+dnssec-ksr
dnssec-makekeyset
dnssec-revoke
dnssec-settime
dnssec-importkey \
dnssec-keyfromlabel \
dnssec-keygen \
+ dnssec-ksr \
dnssec-revoke \
dnssec-settime \
dnssec-signzone \
--- /dev/null
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+/*! \file */
+
+#include <stdio.h>
+
+#include <isc/commandline.h>
+#include <isc/mem.h>
+
+#include "dnssectool.h"
+
+const char *program = "dnssec-ksr";
+
+/*
+ * Infrastructure
+ */
+static isc_log_t *lctx = NULL;
+static isc_mem_t *mctx = NULL;
+
+static void
+usage(int ret) {
+ fprintf(stderr, "Usage:\n");
+ fprintf(stderr, " %s options [options]\n", program);
+ fprintf(stderr, "Version: %s\n", PACKAGE_VERSION);
+ fprintf(stderr, "Options:\n"
+ " -h: print usage and exit\n"
+ " -v <level>: set verbosity level\n"
+ " -V: print version information\n");
+ exit(ret);
+}
+
+int
+main(int argc, char *argv[]) {
+ int ch;
+ char *endp;
+
+ isc_mem_create(&mctx);
+
+ isc_commandline_errprint = false;
+
+#define OPTIONS "hv:V"
+ while ((ch = isc_commandline_parse(argc, argv, OPTIONS)) != -1) {
+ switch (ch) {
+ case 'h':
+ usage(0);
+ break;
+ case 'V':
+ version(program);
+ break;
+ case 'v':
+ verbose = strtoul(isc_commandline_argument, &endp, 0);
+ if (*endp != '\0') {
+ fatal("-v must be followed by a number");
+ }
+ break;
+ default:
+ usage(1);
+ break;
+ }
+ }
+ argv += isc_commandline_index;
+ argc -= isc_commandline_index;
+
+ if (argc != 0) {
+ usage(1);
+ }
+
+ setup_logging(mctx, &lctx);
+
+ vbprintf(verbose, "KSR: Hello, world.\n");
+
+ exit(0);
+}
--- /dev/null
+.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+..
+.. SPDX-License-Identifier: MPL-2.0
+..
+.. This Source Code Form is subject to the terms of the Mozilla Public
+.. License, v. 2.0. If a copy of the MPL was not distributed with this
+.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
+..
+.. See the COPYRIGHT file distributed with this work for additional
+.. information regarding copyright ownership.
+
+.. highlight: console
+
+.. iscman:: dnssec-ksr
+.. program:: dnssec-ksr
+.. _man_dnssec-ksr:
+
+dnssec-ksr - Create signed key response (SKR) files for offline KSK setups
+--------------------------------------------------------------------------
+
+Synopsis
+~~~~~~~~
+
+:program:`dnssec-ksr [**-h**]` [**-V**] [**-v** level]
+
+Description
+~~~~~~~~~~~
+
+The :program:`dnssec-ksr` command creates signed key responses (SKRs) that can
+be loaded by a DNS authoritative server. An SKR is a RRset of type DNSKEY,
+CDNSKEY, or CDS, with signatures from a key that is typically offline during
+normal operation.
+
+Options
+~~~~~~~
+
+.. option:: -h
+
+ This option prints a short summary of the options and arguments to
+ :program:`dnssec-ksr`.
+
+.. option:: -V
+
+ This option prints version information.
+
+.. option:: -v level
+
+ This option sets the debugging level. Level 1 is intended to be usefully
+ verbose for general users; higher levels are intended for developers.
+
+Exit Status
+~~~~~~~~~~~
+
+The :program:`dnssec-ksr` command exits 0 on success, or non-zero if an error
+occurred.
+
+Examples
+~~~~~~~~
+
+To do.
+
+See Also
+~~~~~~~~
+
+:iscman:`dnssec-keygen(8) <dnssec-keygen>`,
+:iscman:`dnssec-signzone(8) <dnssec-signzone>`,
+BIND 9 Administrator Reference Manual.
export JOURNALPRINT=$TOP_BUILDDIR/bin/tools/named-journalprint
export KEYFRLAB=$TOP_BUILDDIR/bin/dnssec/dnssec-keyfromlabel
export KEYGEN=$TOP_BUILDDIR/bin/dnssec/dnssec-keygen
+export KSR=$TOP_BUILDDIR/bin/dnssec/dnssec-ksr
export MDIG=$TOP_BUILDDIR/bin/tools/mdig
export NAMED=$TOP_BUILDDIR/bin/named/named
export NSEC3HASH=$TOP_BUILDDIR/bin/tools/nsec3hash
.. include:: ../../bin/dnssec/dnssec-importkey.rst
.. include:: ../../bin/dnssec/dnssec-keyfromlabel.rst
.. include:: ../../bin/dnssec/dnssec-keygen.rst
+.. include:: ../../bin/dnssec/dnssec-ksr.rst
.. include:: ../../bin/dnssec/dnssec-revoke.rst
.. include:: ../../bin/dnssec/dnssec-settime.rst
.. include:: ../../bin/dnssec/dnssec-signzone.rst
dnssec-importkey.rst \
dnssec-keyfromlabel.rst \
dnssec-keygen.rst \
+ dnssec-ksr.rst \
dnssec-revoke.rst \
dnssec-settime.rst \
dnssec-signzone.rst \
../../bin/dnssec/dnssec-importkey.rst \
../../bin/dnssec/dnssec-keyfromlabel.rst \
../../bin/dnssec/dnssec-keygen.rst \
+ ../../bin/dnssec/dnssec-ksr.rst \
../../bin/dnssec/dnssec-revoke.rst \
../../bin/dnssec/dnssec-settime.rst \
../../bin/dnssec/dnssec-signzone.rst \
dnssec-importkey.1 \
dnssec-keyfromlabel.1 \
dnssec-keygen.1 \
+ dnssec-ksr.1 \
dnssec-revoke.1 \
dnssec-settime.1 \
dnssec-signzone.1 \
1,
),
("dnssec-keygen", "dnssec-keygen", "DNSSEC key generation tool", author, 1),
+ (
+ "dnssec-ksr",
+ "dnssec-ksr",
+ "create signed key response (SKR) files for offline KSK setups",
+ author,
+ 1,
+ ),
(
"dnssec-revoke",
"dnssec-revoke",
--- /dev/null
+.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+..
+.. SPDX-License-Identifier: MPL-2.0
+..
+.. This Source Code Form is subject to the terms of the Mozilla Public
+.. License, v. 2.0. If a copy of the MPL was not distributed with this
+.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
+..
+.. See the COPYRIGHT file distributed with this work for additional
+.. information regarding copyright ownership.
+
+:orphan:
+
+.. include:: ../../bin/dnssec/dnssec-ksr.rst
projects / thirdparty / bind9.git / commitdiff
