Rechercher une page de manuel
rollinit
Langue: en
Version: 2007-05-21 (mandriva - 01/05/08)
Section: 1 (Commandes utilisateur)
NAME
rollinit - Create new rollrec records for a DNSSEC-Tools rollrec file.SYNOPSIS
rollinit [options] <zonename1> ... <zonenameN>
DESCRIPTION
rollinit creates new rollrec entries for a rollrec file. This rollrec file will be used by rollerd to manage key rollover for the named domains.A rollrec entry has this format:
roll "example.com"
zonefile "example.com.signed"
keyrec "example.com.krf"
kskphase "0"
zskphase "0"
administrator "bob@bobhost.example.com"
directory "/var/dns/zones/example.com"
loglevel "phase"
ksk_rolldate " "
ksk_rollsecs "0"
zsk_rolldate " "
zsk_rollsecs "0"
maxttl "604800"
display "1"
phasestart "Mon Jan 9 16:00:00 2006"
The zonefile and keyrec fields are set according to command-line options and arguments. The manner of generating the rollrec's actual values is a little complex and is described in the ZONEFILE And KEYREC FIELDS section below.
The administrator field is set to ``bob@bobhost.example.com'' to indicate that the email messages to the zone's administrator should be sent to ``bob@bobhost.example.com''.
The directory field is set to ``/var/dns/zones/example.com'' to indicate that the files for this zone (zone file, signed zone file, keyrec file, etc.) should be found in /var/dns/zones/example.com.
The loglevel field is set to ``phase'' to indicate that rollerd should only log phase-level (and greater) log messages for this zone.
The kskphase field is set to 0 to indicate that the zone is in normal operation (non-rollover) for KSK keys. The zskphase field is set to 0 to indicate that the zone is in normal operation (non-rollover) for ZSK keys.
The ksk_rolldate and ksk_rollsecs fields are set to indicate that the zone has not yet undergone KSK rollover.
The zsk_rolldate and zsk_rollsecs fields are set to indicate that the zone has not yet undergone ZSK rollover.
The display field is set to indicate that blinkenlights should display the record. The maxttl and phasestart fields are set to dummy values.
The keywords roll and skip indicate whether rollerd should process or ignore a particular rollrec entry. roll records are created by default; skip entries are created if the -skip option is specified.
The newly generated rollrec entries are written to standard output, unless the -out option is specified.
ZONEFILE and KEYREC FIELDS
The zonefile and keyrec fields may be given by using the -zone and -keyrec options, or default values may be used.The default values use the rollrec's zone name, taken from the command line, as a base. .signed is appended to the domain name for the zone file; .krf is appended to the domain name for the keyrec file.
If -zone or -keyrec are specified, then the options values are used in one of two ways:
- 1. A single domain name is given on the command line.
- The option values for -zone and/or -keyrec are used for the actual rollrec fields.
- 2. Multiple domain names are given on the command line.
- The option values for -zone and/or -keyrec are used as templates for the actual rollrec fields. The option values must contain the string =. This string is replaced by the domain whose rollrec is being created.
See the EXAMPLES section for examples of how options are used by rollinit.
OPTIONS
rollinit may be given the following options:- -zone zonefile
- This specifies the value of the zonefile field. See the ZONEFILE And KEYREC FIELDS and EXAMPLES sections for more details.
- -keyrec keyrec-file
- This specifies the value of the keyrec field. See the ZONEFILE And KEYREC FIELDS and EXAMPLES sections for more details.
- -admin
- This specifies the value of the administrator field. If it is not given, an administrator field will not be included for the record.
- -directory
- This specifies the value of the directory field. If it is not given, a directory field will not be included for the record.
- -loglevel
- This specifies the value of the loglevel field. If it is not given, a loglevel field will not be included for the record.
- -skip
- By default, roll records are generated. If this option is given, then skip records will be generated instead.
- -out output-file
- The new rollrec entries will be appended to output-file. The file will be created if it does not exist.
If this option is not given, the new rollrec entries will be written to standard output.
- -help
- Display a usage message.
EXAMPLES
The following options should make clear how rollinit deals with options and the new rollrecs. Example 1 will show the complete new rollrec record. For the sake of brevity, the remaining examples will only show the newly created zonefile and keyrec records.Example 1. One domain, no options
This example shows the rollrec generated by giving rollinit a single domain, without any options.
$ rollinit example.com
roll "example.com"
zonefile "example.com.signed"
keyrec "example.com.krf"
kskphase "0"
zskphase "0"
ksk_rolldate " "
ksk_rollsecs "0"
zsk_rolldate " "
zsk_rollsecs "0"
maxttl "0"
display "1"
phasestart "new"
Example 2. One domain, -zone option
This example shows the rollrec generated by giving rollinit a single domain, with the -zone option.
$ rollinit -zone signed-example example.com
roll "example.com"
zonefile "signed-example"
keyrec "example.com.krf"
Example 3. One domain, -keyrec option
This example shows the rollrec generated by giving rollinit a single domain, with the -keyrec option.
$ rollinit -keyrec x-rrf example.com
roll "example.com"
zonefile "example.com.signed"
keyrec "x-rrf"
Example 4. One domain, -zone and -keyrec options
This example shows the rollrec generated by giving rollinit a single domain, with the -zone and -keyrec options.
$ rollinit -zone signed-example -keyrec example.rrf example.com
roll "example.com"
zonefile "signed-example"
keyrec "xkrf"
Example 5. One domain, -skip option
This example shows the rollrec generated by giving rollinit a single domain, with the -zone and -keyrec options.
$ rollinit -skip example.com
skip "example.com"
zonefile "example.com.signed"
keyrec "example.com.krf"
Example 6. Multiple domains, no options
This example shows the rollrecs generated by giving rollinit several domains, without any options.
$ rollinit example1.com example2.com
roll "example1.com"
zonefile "example1.com.signed"
keyrec "example1.com.krf"
roll "example2.com"
zonefile "example2.com.signed"
keyrec "example2.com.krf"
Example 7. Multiple domains, -zone option
This example shows the rollrecs generated by giving rollinit several domains, with the -zone option.
$ rollinit -zone =-signed example1.com example2.com
roll "example1.com"
zonefile "example1.com-signed"
keyrec "example1.com.krf"
roll "example2.com"
zonefile "example2.com-signed"
keyrec "example2.com.krf"
Example 8. Multiple domains, -keyrec option
This example shows the rollrecs generated by giving rollinit several domains, with the -keyrec option.
$ rollinit -keyrec zone-=-keyrec example1.com example2.com
roll "example1.com"
zonefile "example1.com.signed"
keyrec "zone-example1.com-keyrec"
roll "example2.com"
zonefile "example2.com.signed"
keyrec "zone-example2.com-keyrec"
Example 9. Multiple domains, -zone and -keyrec options
This example shows the rollrecs generated by giving rollinit several domains, with the -zone and -keyrec options.
$ rollinit -zone Z-= -keyrec =K example1.com example2.com
roll "example1.com"
zonefile "Z-example1.com"
keyrec "example1.comK"
roll "example2.com"
zonefile "Z-example2.com"
keyrec "example2.comK"
Example 10. Single domain, -zone and -keyrec options with template
This example shows the rollrec generated by giving rollinit a single domain, with the -zone and -keyrec options. The options use the multi-domain = template.
$ rollinit -zone Z-= -keyrec =.K example.com
roll "example.com"
zonefile "Z-="
keyrec "=.K"
This is probably not what is wanted, since it results in the zonefile and keyrec field values containing the =.
Example 11. Multiple domains, -zone and -keyrec options without template
This example shows the rollrecs generated by giving rollinit several domains, with the -zone and -keyrec options. The options do not use the multi-domain = template.
$ rollinit -zone ex.zone -keyrec ex.krf example1.com example2.com
roll "example1.com"
zonefile "ex.zone"
keyrec "ex.krf"
roll "example2.com"
zonefile "ex.zone"
keyrec "ex.krf"
This may not be what is wanted, since it results in the same zonefile and keyrec fields values for each rollrec.
COPYRIGHT
Copyright 2006-2007 SPARTA, Inc. All rights reserved. See the COPYING file included with the DNSSEC-Tools package for details.AUTHOR
Wayne Morrison, tewok@users.sourceforge.netSEE ALSO
lsroll(1), rollerd(8), rollchk(8), zonesigner(8)Net::DNS::SEC::Tools::keyrec.pm(3), Net::DNS::SEC::Tools::rollrec.pm(3)
Net::DNS::SEC::Tools::file-keyrec.pm(5), Net::DNS::SEC::Tools::file-rollrec.pm(5)
Contenus ©2006-2024 Benjamin Poulain
Design ©2006-2024 Maxime Vantorre