NAME¶
cleanarch - Clean a DNSSEC-Tools key archive of old keys
SYNOPSIS¶
cleanarch [options] <keyrec-file | rollrec-file>
DESCRIPTION¶
cleanarch deletes old keys from a DNSSEC-Tools key archive. Key
"age" and archives are determined by options and arguments.
Command line options and arguments allow selection of archives, keys to delete,
amount of output to provide. The options are divided into three groups:
archive selection, key selection, and output format. Complete information on
options is provided in the OPTIONS section.
cleanarch takes a single argument (as distinguished from an option.) This
argument may be either a
keyrec file or a
rollrec file. If the
file is a
keyrec file, the archive directory for its zone
keyrecs are added to the list of archives to clean. If the file is a
rollrec file,
keyrec files for its zones are searched for the
zones' archive directory, and those directories are added to the list of
archives to clean. If a zone does not have an archive directory explicitly
defined, then the DNSSEC-Tools default will be cleaned. The archives specified
by this argument may be modified by archive-selection options.
The archive-selection options combine with the
keyrec or
rollrec
file to select a set of archive directories to clean. (Some options can take
the place of the file argument.)
The key-selection options allow the set of keys to be deleted to contain an
entire archive, a particular zone's keys, or all the keys prior to a certain
date.
The output-format options sets how much output will be given. Without any
options selected, the names of keys will be printed as they are deleted. If
the
-verbose option is given, then the directories selected for
searching and the keys selected for deletion will be printed. If the
-dirlist option is given, then the directories selected for searching
will be printed and no other action will be taken. If the
-list option
is given, then the keys selected for deletion will be printed and no other
action will be taken.
cleanarch only cleans the archive directories; the
keyrec files
are left intact. The
cleankrf command should be used in conjunction
with
cleanarch in order to have a consistent environment.
OPTIONS¶
Archive-Selection Options¶
The following options allow the user to select the archives to be cleaned.
- -archive directory
- This option specifies an archive directory to be
cleaned.
- -defarch
- This option indicates that the default archive directory
(named in the DNSSEC-Tools configuration file) should be cleaned.
- -zone zone
- This option indicates that zone is the only zone
whose archive will be cleaned. If the archive directory is shared by other
zones then their keys may also be deleted.
Key-Selection Options¶
The following options allow the user to select the keys to be deleted.
- -all
- Deletes all keys in the selected archives. This option may
not be used with any other key-selection options.
- -days days
- Deletes all keys except those whose modification date is
within the days full days preceding the current day.
- -onezone zone
- Only keys with zone in the key's filename are
deleted. This is intended for use in cleaning a multi-zone key archive.
This does not validate that zone is an actual zone. Any string
can be used here. For example, using "private" will select old
private key files for deletion and using "com" will select any
filename that contains "com".
Options for Output Control¶
The following options allow the user to control
cleanarch's output.
- -dirlist
- This option lists the selected archive directories. No
other action is taken.
- -list
- This option lists the selected keys. No other action is
taken.
- -quiet
- Display no output.
- -verbose
- Display verbose output.
- -Version
- Displays the version information for cleanarch and
the DNSSEC-Tools package.
- -help
- Display a usage message and exit.
WARNINGS¶
The user is advised to invest a bit of time testing this tool
prior to
putting it into production use. Once a key is deleted, it is
gone. Some
may find this to be detrimental to the health of their DNSSEC-Tools
installation.
COPYRIGHT¶
Copyright 2007-2012 SPARTA, Inc. All rights reserved. See the COPYING file
included with the DNSSEC-Tools package for details.
AUTHOR¶
Wayne Morrison, tewok@tislabs.com
SEE ALSO¶
cleankrf(8),
lskrf(8),
zonesigner(8)
Net::DNS::SEC::Tools::keyrec.pm(3),
Net::DNS::SEC::Tools::rollrec.pm (3)
dnssec-tools.conf(5),
keyrec.pm(5),
rollrec.pm(5)