diff options
Diffstat (limited to 'contrib/bind9/bin/dnssec/dnssec-makekeyset.8')
-rw-r--r-- | contrib/bind9/bin/dnssec/dnssec-makekeyset.8 | 113 |
1 files changed, 0 insertions, 113 deletions
diff --git a/contrib/bind9/bin/dnssec/dnssec-makekeyset.8 b/contrib/bind9/bin/dnssec/dnssec-makekeyset.8 deleted file mode 100644 index 0189b31e62e5..000000000000 --- a/contrib/bind9/bin/dnssec/dnssec-makekeyset.8 +++ /dev/null @@ -1,113 +0,0 @@ -.\" Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") -.\" Copyright (C) 2000, 2001, 2003 Internet Software Consortium. -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH -.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, -.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -.\" PERFORMANCE OF THIS SOFTWARE. -.\" -.\" $Id: dnssec-makekeyset.8,v 1.16.2.2.4.1 2004/03/06 07:41:39 marka Exp $ -.\" -.TH "DNSSEC-MAKEKEYSET" "8" "June 30, 2000" "BIND9" "" -.SH NAME -dnssec-makekeyset \- DNSSEC zone signing tool -.SH SYNOPSIS -.sp -\fBdnssec-makekeyset\fR [ \fB-a\fR ] [ \fB-s \fIstart-time\fB\fR ] [ \fB-e \fIend-time\fB\fR ] [ \fB-h\fR ] [ \fB-p\fR ] [ \fB-r \fIrandomdev\fB\fR ] [ \fB-t\fIttl\fB\fR ] [ \fB-v \fIlevel\fB\fR ] \fBkey\fR\fI...\fR -.SH "DESCRIPTION" -.PP -\fBdnssec-makekeyset\fR generates a key set from one -or more keys created by \fBdnssec-keygen\fR. It creates -a file containing a KEY record for each key, and self-signs the key -set with each zone key. The output file is of the form -\fIkeyset-nnnn.\fR, where \fInnnn\fR -is the zone name. -.SH "OPTIONS" -.TP -\fB-a\fR -Verify all generated signatures. -.TP -\fB-s \fIstart-time\fB\fR -Specify the date and time when the generated SIG records -become valid. This can be either an absolute or relative -time. An absolute start time is indicated by a number -in YYYYMMDDHHMMSS notation; 20000530144500 denotes -14:45:00 UTC on May 30th, 2000. A relative start time is -indicated by +N, which is N seconds from the current time. -If no \fBstart-time\fR is specified, the current -time is used. -.TP -\fB-e \fIend-time\fB\fR -Specify the date and time when the generated SIG records -expire. As with \fBstart-time\fR, an absolute -time is indicated in YYYYMMDDHHMMSS notation. A time relative -to the start time is indicated with +N, which is N seconds from -the start time. A time relative to the current time is -indicated with now+N. If no \fBend-time\fR is -specified, 30 days from the start time is used as a default. -.TP -\fB-h\fR -Prints a short summary of the options and arguments to -\fBdnssec-makekeyset\fR. -.TP -\fB-p\fR -Use pseudo-random data when signing the zone. This is faster, -but less secure, than using real random data. This option -may be useful when signing large zones or when the entropy -source is limited. -.TP -\fB-r \fIrandomdev\fB\fR -Specifies the source of randomness. If the operating -system does not provide a \fI/dev/random\fR -or equivalent device, the default source of randomness -is keyboard input. \fIrandomdev\fR specifies -the name of a character device or file containing random -data to be used instead of the default. The special value -\fIkeyboard\fR indicates that keyboard -input should be used. -.TP -\fB-t \fIttl\fB\fR -Specify the TTL (time to live) of the KEY and SIG records. -The default is 3600 seconds. -.TP -\fB-v \fIlevel\fB\fR -Sets the debugging level. -.TP -\fBkey\fR -The list of keys to be included in the keyset file. These keys -are expressed in the form \fIKnnnn.+aaa+iiiii\fR -as generated by \fBdnssec-keygen\fR. -.SH "EXAMPLE" -.PP -The following command generates a keyset containing the DSA key for -\fBexample.com\fR generated in the -\fBdnssec-keygen\fR man page. -.PP -\fBdnssec-makekeyset -t 86400 -s 20000701120000 -e +2592000 Kexample.com.+003+26160\fR -.PP -In this example, \fBdnssec-makekeyset\fR creates -the file \fIkeyset-example.com.\fR. This file -contains the specified key and a self-generated signature. -.PP -The DNS administrator for \fBexample.com\fR could -send \fIkeyset-example.com.\fR to the DNS -administrator for \fB.com\fR for signing, if the -\&.com zone is DNSSEC-aware and the administrators of the two zones -have some mechanism for authenticating each other and exchanging -the keys and signatures securely. -.SH "SEE ALSO" -.PP -\fBdnssec-keygen\fR(8), -\fBdnssec-signkey\fR(8), -\fIBIND 9 Administrator Reference Manual\fR, -\fIRFC 2535\fR. -.SH "AUTHOR" -.PP -Internet Software Consortium |