dnssec-checkds - DNSSEC delegation consistency checking tool
dnssec-checkds [-ddig path] [-Ddsfromkey path] [-ffile] [-ldomain]
[-sfile] {zone}
DNSSEC-CHECKDS(8) BIND 9 DNSSEC-CHECKDS(8)
NAME
dnssec-checkds - DNSSEC delegation consistency checking tool
SYNOPSIS
dnssec-checkds [-ddig path] [-Ddsfromkey path] [-ffile] [-ldomain]
[-sfile] {zone}
DESCRIPTION
dnssec-checkds verifies the correctness of Delegation Signer (DS)
resource records for keys in a specified zone.
OPTIONS
-a algorithm
Specify a digest algorithm to use when converting the zones DNSKEY
records to expected DS records. This option can be repeated, so that
multiple records are checked for each DNSKEY record.
The algorithm must be one of SHA-1, SHA-256, or SHA-384. These val-
ues are case insensitive, and the hyphen may be omitted. If no algo-
rithm is specified, the default is SHA-256.
-f file
If a file is specified, then the zone is read from that file to find
the DNSKEY records. If not, then the DNSKEY records for the zone are
looked up in the DNS.
-s file
Specifies a prepared dsset file, such as would be generated by
dnssec-signzone, to use as a source for the DS RRset instead of
querying the parent.
-d dig path
Specifies a path to a dig binary. Used for testing.
-D dsfromkey path
Specifies a path to a dnssec-dsfromkey binary. Used for testing.
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
+---------------+--------------------------+
|ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+---------------+--------------------------+
|Availability | network/dns/bind |
+---------------+--------------------------+
|Stability | Pass-through uncommitted |
+---------------+--------------------------+
SEE ALSO
dnssec-dsfromkey(8), dnssec-keygen(8), dnssec-signzone(8),
AUTHOR
Internet Systems Consortium
COPYRIGHT
2022, Internet Systems Consortium
NOTES
Source code for open source software components in Oracle Solaris can
be found at https://www.oracle.com/downloads/opensource/solaris-source-
code-downloads.html.
This software was built from source available at
https://github.com/oracle/solaris-userland. The original community
source was downloaded from
http://ftp.isc.org/isc/bind9/9.16.29/bind-9.16.29.tar.xz.
Further information about this software can be found on the open source
community website at http://www.isc.org/software/bind/.
9.16.29 2022-05-10 DNSSEC-CHECKDS(8)