mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-31 06:25:31 +00:00
Code Issues Releases Wiki Activity

regen master

Browse Source
This commit is contained in:
Tinderbox User
2015-10-06 05:45:21 +00:00
parent 14a656f94b
commit 2eeb74d1cf
195 changed files with 11659 additions and 7977 deletions
Download Patch File Download Diff File Expand all files Collapse all files

159
bin/python/dnssec-coverage.html
View File

@@ -14,31 +14,55 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>dnssec-coverage</title>
<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
<meta name="generator" content="DocBook XSL Stylesheets V1.76.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" title="dnssec-coverage">
<a name="man.dnssec-coverage"></a><div class="titlepage"></div>
<div class="refnamediv">
<div class="refnamediv">
<h2>Name</h2>
<p><span class="application">dnssec-coverage</span> &#8212; checks future DNSKEY coverage for a zone</p>
<p>
<span class="application">dnssec-coverage</span>
&#8212; checks future DNSKEY coverage for a zone
</p>
</div>
<div class="refsynopsisdiv">
<div class="refsynopsisdiv" title="Synopsis">
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p><code class="command">dnssec-coverage</code> [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-l <em class="replaceable"><code>length</code></em></code>] [<code class="option">-f <em class="replaceable"><code>file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>DNSKEY TTL</code></em></code>] [<code class="option">-m <em class="replaceable"><code>max TTL</code></em></code>] [<code class="option">-r <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-c <em class="replaceable"><code>compilezone path</code></em></code>] [<code class="option">-k</code>] [<code class="option">-z</code>] [zone]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543419"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-coverage</strong></span>
<div class="cmdsynopsis"><p>
<code class="command">dnssec-coverage</code>
[<code class="option">-K <em class="replaceable"><code>directory</code></em></code>]
[<code class="option">-l <em class="replaceable"><code>length</code></em></code>]
[<code class="option">-f <em class="replaceable"><code>file</code></em></code>]
[<code class="option">-d <em class="replaceable"><code>DNSKEY TTL</code></em></code>]
[<code class="option">-m <em class="replaceable"><code>max TTL</code></em></code>]
[<code class="option">-r <em class="replaceable"><code>interval</code></em></code>]
[<code class="option">-c <em class="replaceable"><code>compilezone path</code></em></code>]
[<code class="option">-k</code>]
[<code class="option">-z</code>]
[zone]
</p></div>
</div>
<div class="refsection" title="DESCRIPTION">
<a name="idp60896080"></a><h2>DESCRIPTION</h2>
<p><span class="command"><strong>dnssec-coverage</strong></span>
verifies that the DNSSEC keys for a given zone or a set of zones
have timing metadata set properly to ensure no future lapses in DNSSEC
coverage.
</p>
<p>
<p>
If <code class="option">zone</code> is specified, then keys found in
the key repository matching that zone are scanned, and an ordered
list is generated of the events scheduled for that key (i.e.,
@@ -51,47 +75,54 @@
key is rolled, and cached data signed by the prior key has not had
time to expire from resolver caches.
</p>
<p>
<p>
If <code class="option">zone</code> is not specified, then all keys in the
key repository will be scanned, and all zones for which there are
keys will be analyzed. (Note: This method of reporting is only
accurate if all the zones that have keys in a given repository
share the same TTL parameters.)
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543444"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
</div>
<div class="refsection" title="OPTIONS">
<a name="idp60899280"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
<dd><p>
<dd>
<p>
Sets the directory in which keys can be found. Defaults to the
current working directory.
</p></dd>
</p>
</dd>
<dt><span class="term">-f <em class="replaceable"><code>file</code></em></span></dt>
<dd><p>
<dd>
<p>
If a <code class="option">file</code> is specified, then the zone is
read from that file; the largest TTL and the DNSKEY TTL are
determined directly from the zone data, and the
<code class="option">-m</code> and <code class="option">-d</code> options do
not need to be specified on the command line.
</p></dd>
</p>
</dd>
<dt><span class="term">-l <em class="replaceable"><code>duration</code></em></span></dt>
<dd>
<p>
<p>
The length of time to check for DNSSEC coverage. Key events
scheduled further into the future than <code class="option">duration</code>
will be ignored, and assumed to be correct.
</p>
<p>
<p>
The value of <code class="option">duration</code> can be set in seconds,
or in larger units of time by adding a suffix: 'mi' for minutes,
'h' for hours, 'd' for days, 'w' for weeks, 'mo' for months,
'y' for years.
</p>
</dd>
</dd>
<dt><span class="term">-m <em class="replaceable"><code>maximum TTL</code></em></span></dt>
<dd>
<p>
<p>
Sets the value to be used as the maximum TTL for the zone or
zones being analyzed when determining whether there is a
possibility of validation failure. When a zone-signing key is
@@ -100,21 +131,21 @@
before that key can be purged from the DNSKEY RRset. If that
condition does not apply, a warning will be generated.
</p>
<p>
<p>
The length of the TTL can be set in seconds, or in larger units
of time by adding a suffix: 'mi' for minutes, 'h' for hours,
'd' for days, 'w' for weeks, 'mo' for months, 'y' for years.
</p>
<p>
<p>
This option is mandatory unless the <code class="option">-f</code> has
been used to specify a zone file. (If <code class="option">-f</code> has
been specified, this option may still be used; it will override
the value found in the file.)
</p>
</dd>
</dd>
<dt><span class="term">-d <em class="replaceable"><code>DNSKEY TTL</code></em></span></dt>
<dd>
<p>
<p>
Sets the value to be used as the DNSKEY TTL for the zone or
zones being analyzed when determining whether there is a
possibility of validation failure. When a key is rolled (that
@@ -124,68 +155,80 @@
signatures. If that condition does not apply, a warning
will be generated.
</p>
<p>
<p>
The length of the TTL can be set in seconds, or in larger units
of time by adding a suffix: 'mi' for minutes, 'h' for hours,
'd' for days, 'w' for weeks, 'mo' for months, 'y' for years.
</p>
<p>
<p>
This option is mandatory unless the <code class="option">-f</code> has
been used to specify a zone file, or a default key TTL was
set with the <code class="option">-L</code> to
<span><strong class="command">dnssec-keygen</strong></span>. (If either of those is true,
<span class="command"><strong>dnssec-keygen</strong></span>. (If either of those is true,
this option may still be used; it will override the value found
in the zone or key file.)
</p>
</dd>
</dd>
<dt><span class="term">-r <em class="replaceable"><code>resign interval</code></em></span></dt>
<dd>
<p>
<p>
Sets the value to be used as the resign interval for the zone
or zones being analyzed when determining whether there is a
possibility of validation failure. This value defaults to
22.5 days, which is also the default in
<span><strong class="command">named</strong></span>. However, if it has been changed
<span class="command"><strong>named</strong></span>. However, if it has been changed
by the <code class="option">sig-validity-interval</code> option in
<code class="filename">named.conf</code>, then it should also be
changed here.
</p>
<p>
<p>
The length of the interval can be set in seconds, or in larger
units of time by adding a suffix: 'mi' for minutes, 'h' for hours,
'd' for days, 'w' for weeks, 'mo' for months, 'y' for years.
</p>
</dd>
</dd>
<dt><span class="term">-k</span></dt>
<dd><p>
<dd>
<p>
Only check KSK coverage; ignore ZSK events. Cannot be
used with <code class="option">-z</code>.
</p></dd>
</p>
</dd>
<dt><span class="term">-z</span></dt>
<dd><p>
<dd>
<p>
Only check ZSK coverage; ignore KSK events. Cannot be
used with <code class="option">-k</code>.
</p></dd>
</p>
</dd>
<dt><span class="term">-c <em class="replaceable"><code>compilezone path</code></em></span></dt>
<dd><p>
Specifies a path to a <span><strong class="command">named-compilezone</strong></span> binary.
<dd>
<p>
Specifies a path to a <span class="command"><strong>named-compilezone</strong></span> binary.
Used for testing.
</p></dd>
</p>
</dd>
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543745"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">dnssec-checkds</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-dsfromkey</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>
</div>
<div class="refsection" title="SEE ALSO">
<a name="idp60930384"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry">
<span class="refentrytitle">dnssec-checkds</span>(8)
</span>,
<span class="citerefentry">
<span class="refentrytitle">dnssec-dsfromkey</span>(8)
</span>,
<span class="citerefentry">
<span class="refentrytitle">dnssec-keygen</span>(8)
</span>,
<span class="citerefentry">
<span class="refentrytitle">dnssec-signzone</span>(8)
</span>
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543788"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
</div>
</div></body>
</html>