other versions
- jessie 1:9.9.5.dfsg-9+deb8u15
- stretch 1:9.10.3.dfsg.P4-12.3+deb9u4
- testing 1:9.11.5.P1+dfsg-2
- stretch-backports 1:9.11.5.P4+dfsg-1~bpo9+1
- unstable 1:9.11.5.P4+dfsg-1
- experimental 1:9.13.3-1
| DNSSEC-CHECKDS(8) | BIND9 | DNSSEC-CHECKDS(8) |
NAME¶
dnssec-checkds - A DNSSEC delegation consistency checking tool.SYNOPSIS¶
dnssec-checkds [-l domain]
[-f file]
[-d dig path] [
-D dsfromkey path] {zone}
dnssec-dsfromkey [-l domain]
[ -f file]
[-d dig path] [
-D dsfromkey path] {zone}
DESCRIPTION¶
dnssec-checkds verifies the correctness of Delegation Signer (DS) or DNSSEC Lookaside Validation (DLV) resource records for keys in a specified zone.OPTIONS¶
-f fileIf a file is specified, then the zone is read from
that file to find the DNSKEY records. If not, then the DNSKEY records for the
zone are looked up in the DNS.
-l domain
Check for a DLV record in the specified lookaside domain,
instead of checking for a DS record in the zone's parent. For example, to
check for DLV records for "example.com" in ISC's DLV zone, use:
dnssec-checkds -l dlv.isc.org example.com
-d dig path
Specifies a path to a dig binary. Used for
testing.
-D dsfromkey path
Specifies a path to a dnssec-dsfromkey binary.
Used for testing.
SEE ALSO¶
dnssec-dsfromkey(8), dnssec-keygen(8), dnssec-signzone(8),AUTHOR¶
Internet Systems ConsortiumCOPYRIGHT¶
Copyright © 2012, 2013 Internet Systems Consortium, Inc. ("ISC")| April 11, 2012 | BIND9 |