other versions
- wheezy-backports 1:9.9.5.dfsg-4~bpo70+1
- jessie 1:9.9.5.dfsg-9+deb8u10
- testing 1:9.10.3.dfsg.P4-12.3
- unstable 1:9.10.3.dfsg.P4-12.3
- experimental 1:9.10.4-P5-1
| DNSSEC-CHECKDS(8) | BIND9 | DNSSEC-CHECKDS(8) |
NAME¶
dnssec-checkds - A DNSSEC delegation consistency checking tool.SYNOPSIS¶
dnssec-checkds
[ -l domain] [-f file]
[-d dig path]
[-D dsfromkey path] {zone}
dnssec-dsfromkey
[ -l domain] [-f file]
[-d dig path]
[-D dsfromkey path] {zone}
DESCRIPTION¶
dnssec-checkds verifies the correctness of Delegation Signer (DS) or DNSSEC Lookaside Validation (DLV) resource records for keys in a specified zone.OPTIONS¶
-f fileIf a file is specified, then the zone
is read from that file to find the DNSKEY records. If not, then the DNSKEY
records for the zone are looked up in the DNS.
-l domain
Check for a DLV record in the specified
lookaside domain, instead of checking for a DS record in the zone's parent.
For example, to check for DLV records for "example.com" in ISC's DLV
zone, use: dnssec-checkds -l dlv.isc.org example.com
-d dig path
Specifies a path to a dig binary. Used
for testing.
-D dsfromkey path
Specifies a path to a dnssec-dsfromkey
binary. Used for testing.
SEE ALSO¶
dnssec-dsfromkey(8), dnssec-keygen(8), dnssec-signzone(8),AUTHOR¶
Internet Systems ConsortiumCOPYRIGHT¶
Copyright © 2012, 2013 Internet Systems Consortium, Inc. ("ISC")| April 11, 2012 | BIND9 |