Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
DNSSEC-CHECKDS(8)		    BIND 9		     DNSSEC-CHECKDS(8)

NAME
       dnssec-checkds -	DNSSEC delegation consistency checking tool

SYNOPSIS
       dnssec-checkds  [-ddig  path]  [-Ddsfromkey  path]  [-ffile] [-ldomain]
       [-sfile]	{zone}

DESCRIPTION
       dnssec-checkds verifies the correctness of Delegation Signer  (DS)  re-
       source records for keys in a specified zone.

OPTIONS
       -a algorithm
	  Specify  a  digest algorithm to use when converting the zones	DNSKEY
	  records to expected DS records. This option can be repeated, so that
	  multiple records are checked for each	DNSKEY record.

	  The  algorithm must be one of	SHA-1, SHA-256,	or SHA-384. These val-
	  ues are case insensitive, and	the hyphen may be omitted. If no algo-
	  rithm	is specified, the default is SHA-256.

       -f file
	  If a file is specified, then the zone	is read	from that file to find
	  the DNSKEY records. If not, then the DNSKEY records for the zone are
	  looked up in the DNS.

       -s file
	  Specifies  a	prepared  dsset	 file,	such  as would be generated by
	  dnssec-signzone, to use as a source for  the	DS  RRset  instead  of
	  querying the parent.

       -d dig path
	  Specifies a path to a	dig binary. Used for testing.

       -D dsfromkey path
	  Specifies a path to a	dnssec-dsfromkey binary. Used for testing.

SEE ALSO
       dnssec-dsfromkey(8), dnssec-keygen(8), dnssec-signzone(8),

AUTHOR
       Internet	Systems	Consortium

COPYRIGHT
       2020, Internet Systems Consortium

9.16.6				  2020-08-10		     DNSSEC-CHECKDS(8)

NAME | SYNOPSIS | DESCRIPTION | OPTIONS | SEE ALSO | AUTHOR | COPYRIGHT

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=dnssec-checkds&sektion=8&manpath=FreeBSD+12.2-RELEASE+and+Ports>

home | help