Go to main content

man pages section 8: System Administration Commands

Exit Print View

Updated: Thursday, June 13, 2019
 
 

dnssec-checkds (8)

Name

dnssec-checkds - DNSSEC delegation consistency checking tool

Synopsis

dnssec-checkds [-l domain] [-f file] [-d dig path] [-D dsfromkey path]
{zone}

dnssec-dsfromkey [-l domain] [-f file] [-d dig path]
[-D dsfromkey path] {zone}

Description

DNSSEC-CHECKDS(8)                    BIND9                   DNSSEC-CHECKDS(8)



NAME
       dnssec-checkds - DNSSEC delegation consistency checking tool

SYNOPSIS
       dnssec-checkds [-l domain] [-f file] [-d dig path] [-D dsfromkey path]
                      {zone}

       dnssec-dsfromkey [-l domain] [-f file] [-d dig path]
                        [-D dsfromkey path] {zone}

DESCRIPTION
       dnssec-checkds verifies the correctness of Delegation Signer (DS) or
       DNSSEC Lookaside Validation (DLV) resource records for keys in a
       specified zone.

OPTIONS
       -f file
           If a file is specified, then the zone is read from that file to
           find the DNSKEY records. If not, then the DNSKEY records for the
           zone are looked up in the DNS.

       -l domain
           Check for a DLV record in the specified lookaside domain, instead
           of checking for a DS record in the zone's parent.

       -d dig path
           Specifies a path to a dig binary. Used for testing.

       -D dsfromkey path
           Specifies a path to a dnssec-dsfromkey binary. Used for testing.


ATTRIBUTES
       See attributes(7) for descriptions of the following attributes:


       +---------------+------------------+
       |ATTRIBUTE TYPE | ATTRIBUTE VALUE  |
       +---------------+------------------+
       |Availability   | network/dns/bind |
       +---------------+------------------+
       |Stability      | Uncommitted      |
       +---------------+------------------+
SEE ALSO
       dnssec-dsfromkey(8), dnssec-keygen(8), dnssec-signzone(8),

AUTHOR
       Internet Systems Consortium, Inc.

COPYRIGHT
       Copyright (C) 2012-2019 Internet Systems Consortium, Inc. ("ISC")



NOTES
       This software was built from source available at
       https://github.com/oracle/solaris-userland.  The original community
       source was downloaded from
       http://ftp.isc.org/isc/bind9/9.11.6/bind-9.11.6.tar.gz

       Further information about this software can be found on the open source
       community website at http://www.isc.org/software/bind/.



ISC                               2013-01-01                 DNSSEC-CHECKDS(8)