Annotation of src/external/mpl/bind/dist/bin/dnssec/dnssec-verify.8, Revision 1.2.2.2
1.2.2.2 ! pgoyette 1: .\" $NetBSD: dnssec-verify.8,v 1.2 2018/08/12 13:02:27 christos Exp $
! 2: .\"
! 3: .\" Copyright (C) 2012, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
! 4: .\"
! 5: .\" This Source Code Form is subject to the terms of the Mozilla Public
! 6: .\" License, v. 2.0. If a copy of the MPL was not distributed with this
! 7: .\" file, You can obtain one at http://mozilla.org/MPL/2.0/.
! 8: .\"
! 9: .hy 0
! 10: .ad l
! 11: '\" t
! 12: .\" Title: dnssec-verify
! 13: .\" Author:
! 14: .\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
! 15: .\" Date: 2014-01-15
! 16: .\" Manual: BIND9
! 17: .\" Source: ISC
! 18: .\" Language: English
! 19: .\"
! 20: .TH "DNSSEC\-VERIFY" "8" "2014\-01\-15" "ISC" "BIND9"
! 21: .\" -----------------------------------------------------------------
! 22: .\" * Define some portability stuff
! 23: .\" -----------------------------------------------------------------
! 24: .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
! 25: .\" http://bugs.debian.org/507673
! 26: .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
! 27: .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
! 28: .ie \n(.g .ds Aq \(aq
! 29: .el .ds Aq '
! 30: .\" -----------------------------------------------------------------
! 31: .\" * set default formatting
! 32: .\" -----------------------------------------------------------------
! 33: .\" disable hyphenation
! 34: .nh
! 35: .\" disable justification (adjust text to left margin only)
! 36: .ad l
! 37: .\" -----------------------------------------------------------------
! 38: .\" * MAIN CONTENT STARTS HERE *
! 39: .\" -----------------------------------------------------------------
! 40: .SH "NAME"
! 41: dnssec-verify \- DNSSEC zone verification tool
! 42: .SH "SYNOPSIS"
! 43: .HP \w'\fBdnssec\-verify\fR\ 'u
! 44: \fBdnssec\-verify\fR [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-I\ \fR\fB\fIinput\-format\fR\fR] [\fB\-o\ \fR\fB\fIorigin\fR\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-V\fR] [\fB\-x\fR] [\fB\-z\fR] {zonefile}
! 45: .SH "DESCRIPTION"
! 46: .PP
! 47: \fBdnssec\-verify\fR
! 48: verifies that a zone is fully signed for each algorithm found in the DNSKEY RRset for the zone, and that the NSEC / NSEC3 chains are complete\&.
! 49: .SH "OPTIONS"
! 50: .PP
! 51: \-c \fIclass\fR
! 52: .RS 4
! 53: Specifies the DNS class of the zone\&.
! 54: .RE
! 55: .PP
! 56: \-E \fIengine\fR
! 57: .RS 4
! 58: Specifies the cryptographic hardware to use, when applicable\&.
! 59: .sp
! 60: When BIND is built with OpenSSL PKCS#11 support, this defaults to the string "pkcs11", which identifies an OpenSSL engine that can drive a cryptographic accelerator or hardware service module\&. When BIND is built with native PKCS#11 cryptography (\-\-enable\-native\-pkcs11), it defaults to the path of the PKCS#11 provider library specified via "\-\-with\-pkcs11"\&.
! 61: .RE
! 62: .PP
! 63: \-I \fIinput\-format\fR
! 64: .RS 4
! 65: The format of the input zone file\&. Possible formats are
! 66: \fB"text"\fR
! 67: (default) and
! 68: \fB"raw"\fR\&. This option is primarily intended to be used for dynamic signed zones so that the dumped zone file in a non\-text format containing updates can be verified independently\&. The use of this option does not make much sense for non\-dynamic zones\&.
! 69: .RE
! 70: .PP
! 71: \-o \fIorigin\fR
! 72: .RS 4
! 73: The zone origin\&. If not specified, the name of the zone file is assumed to be the origin\&.
! 74: .RE
! 75: .PP
! 76: \-v \fIlevel\fR
! 77: .RS 4
! 78: Sets the debugging level\&.
! 79: .RE
! 80: .PP
! 81: \-V
! 82: .RS 4
! 83: Prints version information\&.
! 84: .RE
! 85: .PP
! 86: \-x
! 87: .RS 4
! 88: Only verify that the DNSKEY RRset is signed with key\-signing keys\&. Without this flag, it is assumed that the DNSKEY RRset will be signed by all active keys\&. When this flag is set, it will not be an error if the DNSKEY RRset is not signed by zone\-signing keys\&. This corresponds to the
! 89: \fB\-x\fR
! 90: option in
! 91: \fBdnssec\-signzone\fR\&.
! 92: .RE
! 93: .PP
! 94: \-z
! 95: .RS 4
! 96: Ignore the KSK flag on the keys when determining whether the zone if correctly signed\&. Without this flag it is assumed that there will be a non\-revoked, self\-signed DNSKEY with the KSK flag set for each algorithm and that RRsets other than DNSKEY RRset will be signed with a different DNSKEY without the KSK flag set\&.
! 97: .sp
! 98: With this flag set, we only require that for each algorithm, there will be at least one non\-revoked, self\-signed DNSKEY, regardless of the KSK flag state, and that other RRsets will be signed by a non\-revoked key for the same algorithm that includes the self\-signed key; the same key may be used for both purposes\&. This corresponds to the
! 99: \fB\-z\fR
! 100: option in
! 101: \fBdnssec\-signzone\fR\&.
! 102: .RE
! 103: .PP
! 104: zonefile
! 105: .RS 4
! 106: The file containing the zone to be signed\&.
! 107: .RE
! 108: .SH "SEE ALSO"
! 109: .PP
! 110: \fBdnssec-signzone\fR(8),
! 111: BIND 9 Administrator Reference Manual,
! 112: RFC 4033\&.
! 113: .SH "AUTHOR"
! 114: .PP
! 115: \fBInternet Systems Consortium, Inc\&.\fR
! 116: .SH "COPYRIGHT"
! 117: .br
! 118: Copyright \(co 2012, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
! 119: .br
CVSweb <webmaster@jp.NetBSD.org>
![[BACK]](/icons/back.gif){kind=icon}
Return to dnssec-verify.8 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [cvs.NetBSD.org] / src / external / mpl / bind / dist / bin / dnssec