keyarch

Langue: en

Autres versions - même langue

Version: 2007-05-21 (mandriva - 01/05/08)

Section: 1 (Commandes utilisateur)

Sommaire

NAME

keyarch - DNSSEC-Tools daemon to archive old KSK and ZSK keys.

SYNOPSIS

   keyarch [options] <keyrec_file | rollrec_file>

DESCRIPTION

The keyarch program archives old KSK and ZSK keys. Keys are considered old if they are obsolete and are marked as either kskobs or zskobs. Archived keys are prefixed with the seconds-since-epoch as a means of distinguishing a zone's keys that have the same five digit number.

If the required file argument is a keyrec file, then expired keys listed in that file are archived. If the file argument is a rollrec file, the keyrec files of the zones in that file are checked for expired keys.

If the -zone option is given, then only obsolete keys belonging to the specified zone will be archived.

The archive directory is either zone-specific (listed in the zone's keyrec record in the zone's keyrec file) or the default archive directory given in the DNSSEC-Tools configuration file.

The count of archived keys is given as the program's exit code. Error exit codes are negative.

OPTIONS

The following options are recognized:
-zone zone_file
Name of the zone whose KSKs will be archived. If this is not given, then all the zones defined in the rollrec file will be checked.
-kskonly
Only archive KSK keys.
-zskonly
Only archive ZSK keys.
-quiet
No output will be given.
-verbose
Verbose output will be given.
-help
Display a usage message.
-Version
Display the program versions.

EXIT VALUES

On success, keyarch's exit code is the number of keys archived.

keyarch has a 0 exit code if the help message is given.

keyarch has a negative exit code if an error is encountered.

Copyright 2007 SPARTA, Inc. All rights reserved. See the COPYING file included with the DNSSEC-Tools package for details.

AUTHOR

Wayne Morrison, tewok@users.sourceforge.net

SEE ALSO

rollerd(8), zonesigner(8)

Net::DNS::SEC::Tools::conf.pm(3), Net::DNS::SEC::Tools::dnssectools.pm(3), Net::DNS::SEC::Tools::defaults.pm(3), Net::DNS::SEC::Tools::keyrec.pm(3), Net::DNS::SEC::Tools::rollrec.pm(3)

keyrec(5), rollrec(5)