Scroll to navigation

ods-kaspcheck(1) OpenDNSSEC ods-kaspcheck ods-kaspcheck(1)

NAME

ods-kaspcheck - Performs a sanity check of the policy for OpenDNSSEC

SYNOPSIS

ods-kaspcheck [-c path -k path]

DESCRIPTION

The OpenDNSSEC XML configuration files (conf.xml and kasp.xml) offer the user many options to configure the OpenDNSSEC signing system. Some syntactic constraints are placed on the configuration by the .rng definition (for example, whether an element is required or optional), but some semantic constraints cannot be defined this way (for example, if NSEC3 is used to secure the zone, then a consistent DNSKEY algorithm choice should be made).

ods-kaspcheck is provided to check that the configuration files (conf.xml and kasp.xml) are semantically sane and contain no inconsistencies. It is advisable to use this tool to check your configuration before starting to use OpenDNSSEC.

OPTIONS

Path to an OpenDNSSEC configuration file

(defaults to /etc/opendnssec/conf.xml)

Path to KASP policy file

(defaults to the path given in the configuration file)

Display version information
Show the help screen

SEE ALSO

ods-control(8), ods-enforcerd(8), ods-enforcer(8), ods-hsmspeed(1), ods-hsmutil(1), ods-signer(8), ods-signerd(8), ods-timing(5), ods-kasp, opendnssec(7), http://www.opendnssec.org/

AUTHORS

ods-kaspcheck was written by Alex Dalitz and Nominet as part of the OpenDNSSEC project.

February 2010 OpenDNSSEC