Go to main content

man pages section 8: System Administration Commands

Exit Print View

Updated: Wednesday, July 27, 2022
 
 

dnssec-checkds (8)

Name

dnssec-checkds - DNSSEC delegation consistency checking tool

Synopsis

dnssec-checkds  [-ddig  path]  [-Ddsfromkey  path]  [-ffile] [-ldomain]
[-sfile] {zone}

Description

DNSSEC-CHECKDS(8)                   BIND 9                   DNSSEC-CHECKDS(8)



NAME
       dnssec-checkds - DNSSEC delegation consistency checking tool

SYNOPSIS
       dnssec-checkds  [-ddig  path]  [-Ddsfromkey  path]  [-ffile] [-ldomain]
       [-sfile] {zone}

DESCRIPTION
       dnssec-checkds verifies  the  correctness  of  Delegation  Signer  (DS)
       resource records for keys in a specified zone.

OPTIONS
       -a algorithm
          Specify  a  digest algorithm to use when converting the zones DNSKEY
          records to expected DS records. This option can be repeated, so that
          multiple records are checked for each DNSKEY record.

          The  algorithm must be one of SHA-1, SHA-256, or SHA-384. These val-
          ues are case insensitive, and the hyphen may be omitted. If no algo-
          rithm is specified, the default is SHA-256.

       -f file
          If a file is specified, then the zone is read from that file to find
          the DNSKEY records. If not, then the DNSKEY records for the zone are
          looked up in the DNS.

       -s file
          Specifies  a  prepared  dsset  file,  such  as would be generated by
          dnssec-signzone, to use as a source for  the  DS  RRset  instead  of
          querying the parent.

       -d dig path
          Specifies a path to a dig binary. Used for testing.

       -D dsfromkey path
          Specifies a path to a dnssec-dsfromkey binary. Used for testing.


ATTRIBUTES
       See attributes(7) for descriptions of the following attributes:


       +---------------+--------------------------+
       |ATTRIBUTE TYPE |     ATTRIBUTE VALUE      |
       +---------------+--------------------------+
       |Availability   | network/dns/bind         |
       +---------------+--------------------------+
       |Stability      | Pass-through uncommitted |
       +---------------+--------------------------+

SEE ALSO
       dnssec-dsfromkey(8), dnssec-keygen(8), dnssec-signzone(8),

AUTHOR
       Internet Systems Consortium

COPYRIGHT
       2022, Internet Systems Consortium



NOTES
       Source  code  for open source software components in Oracle Solaris can
       be found at https://www.oracle.com/downloads/opensource/solaris-source-
       code-downloads.html.

       This     software     was    built    from    source    available    at
       https://github.com/oracle/solaris-userland.   The  original   community
       source                was                downloaded                from
       http://ftp.isc.org/isc/bind9/9.16.29/bind-9.16.29.tar.xz.

       Further information about this software can be found on the open source
       community website at http://www.isc.org/software/bind/.



9.16.29                           2022-05-10                 DNSSEC-CHECKDS(8)