.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . nr % 0 . rr F .\} .el \{\ . de IX .. .\} .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "DTINITCONF 1p" .TH DTINITCONF 1p "2012-06-21" "perl v5.14.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" dtinitconf \- Creates a DNSSEC\-Tools configuration file .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& dtinitconf [options] .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \fBdtinitconf\fR program initializes the DNSSEC-Tools configuration file. By default, the actual configuration file will be created, though the created file can be specified by the user. Existing files, whether the default or one specified by the user, will not be overwritten unless specifically directed by the user. .PP Each configuration field can be individually specified on the command line. The user will also be prompted for the fields, with default values taken from the DNSSEC-Tools \fBdefaults.pm\fR module. If the \fB\-noprompt\fR option is given, then a default configuration file (modulo command-line arguments) will be created. .PP Configuration entries are created for several \s-1BIND\s0 programs. Several locations on the system are searched to find the locations of these programs. First, the directories in the path environment variable are checked; the names of any directories that contain the \s-1BIND\s0 programs are saved. Next, several common locations for \s-1BIND\s0 programs are checked; again, the names of directories that contain the \s-1BIND\s0 programs are saved. After collecting these directories, the user is presented with this list and may choose to use whichever set is desired. If no directories are found that contain the \s-1BIND\s0 programs, the user is prompted for the proper location. .PP If the configuration file's parent directory does not exist, then an attempt is made to create the directory. The new directory's ownership will be set to \fIroot\fR for the owner and \fIdnssec\fR for the group, assuming the \fIdnssec\fR group exists. Writability checks for the directory will not be performed if the \fI\-outfile\fR option is given. .SH "OPTIONS" .IX Header "OPTIONS" \&\fBdtinitconf\fR takes options that control the contents of the newly generated DNSSEC-Tools configuration file. Each configuration file entry has a corresponding command-line option. The options, described below, are ordered in logical groups. .SS "Key-related Options" .IX Subsection "Key-related Options" These options deal with different aspects of creating and managing encryption keys. .IP "\fB\-algorithm algorithm\fR" 4 .IX Item "-algorithm algorithm" Selects the cryptographic algorithm. The value of algorithm must be one that is recognized by the installed version of \fBdnssec-keygen\fR. .IP "\fB\-kskcount KSK-count\fR" 4 .IX Item "-kskcount KSK-count" The default number of \s-1KSK\s0 keys that will be created for a zone. .IP "\fB\-ksklength keylen\fR" 4 .IX Item "-ksklength keylen" The default \s-1KSK\s0 key length to be passed to \fBdnssec-keygen\fR. .IP "\fB\-ksklife lifespan\fR" 4 .IX Item "-ksklife lifespan" The default length of time between \s-1KSK\s0 rollovers. This is measured in seconds. This value must be within the range of the \fBminlife\fR and \&\fBmaxlife\fR values. .Sp This value is \fBonly\fR used for key rollover. Keys do not have a life-time in any other sense. .IP "\fB\-maxlife maxlifespan\fR" 4 .IX Item "-maxlife maxlifespan" The maximum length of time between key rollovers. This is measured in seconds. The \fBksklife\fR and \fBzsklife\fR values must be not greater than this value. .Sp This value is \fBonly\fR used for key rollover. Keys do not have a life-time in any other sense. .IP "\fB\-minlife minlifespan\fR" 4 .IX Item "-minlife minlifespan" The minimum length of time between key rollovers. This is measured in seconds. The \fBksklife\fR and \fBzsklife\fR values must be not less than this value. .Sp This value is \fBonly\fR used for key rollover. Keys do not have a life-time in any other sense. .IP "\fB\-zskcount ZSK-count\fR" 4 .IX Item "-zskcount ZSK-count" The default number of \s-1ZSK\s0 keys that will be created for a zone. .IP "\fB\-zsklength keylen\fR" 4 .IX Item "-zsklength keylen" The default \s-1ZSK\s0 key length to be passed to \fBdnssec-keygen\fR. .IP "\fB\-zsklife lifespan\fR" 4 .IX Item "-zsklife lifespan" The default length of time between \s-1ZSK\s0 rollovers. This is measured in seconds. This value must be within the range of the \fBminlife\fR and \&\fBmaxlife\fR values. .Sp This value is \fBonly\fR used for key rollover. Keys do not have a life-time in any other sense. .IP "\fB\-random randomdev\fR" 4 .IX Item "-random randomdev" The random device generator to be passed to \fBdnssec-keygen\fR. .SS "Zone-related Options" .IX Subsection "Zone-related Options" These options deal with different aspects of zone signing. .IP "\fB\-endtime endtime\fR" 4 .IX Item "-endtime endtime" The zone default expiration time to be passed to \fBdnssec-signzone\fR. .SS "trustman-related Options" .IX Subsection "trustman-related Options" These options deal with different aspects of executing \fBtrustman\fR. .IP "\fB\-genroothints roothints\fR" 4 .IX Item "-genroothints roothints" A new \fBroot.hints\fR file will be created at the specified location. \&\fBdtinitconf\fR requires that the file not already exist. .Sp The \fBroot.hints\fR file is retrieved from \&\fBhttp://www.internic.net/zones/named.root\fR. It is not considered a fatal error if \fBdtinitconf\fR is unable to fetch the file. Rather, a warning message will be given and creation of the configuration file will continue. .IP "\fB\-ta\-contact email\fR" 4 .IX Item "-ta-contact email" The email address of the \fBtrustman\fR administrator. .IP "\fB\-ta\-resolvconf resolvconffile\fR" 4 .IX Item "-ta-resolvconf resolvconffile" The location of the \fBresolv.conf\fR file. .IP "\fB\-ta\-smtpserver hostname\fR" 4 .IX Item "-ta-smtpserver hostname" The \s-1SMTP\s0 server for the \fBtrustman\fR command. .IP "\fB\-ta\-tmpdir hostname\fR" 4 .IX Item "-ta-tmpdir hostname" The temporary directory for the \fBtrustman\fR command. .SS "\s-1BIND\s0 Options" .IX Subsection "BIND Options" These options deal specifically with functionality provided by \s-1BIND\s0. .IP "\fB\-rndc rndc-path\fR" 4 .IX Item "-rndc rndc-path" \&\fBrndc\fR is the path to \s-1BIND\s0's \fBrndc\fR command. .SS "DNSSEC-Tools Options" .IX Subsection "DNSSEC-Tools Options" These options deal specifically with functionality provided by DNSSEC-Tools. .IP "\fB\-admin email-address\fR" 4 .IX Item "-admin email-address" \&\fBadmin\fR is the email address of the DNSSEC-Tools administrator. This is the default address used by the \fI\fIdt_adminmail()\fI\fR routine. .IP "\fB\-archivedir directory\fR" 4 .IX Item "-archivedir directory" \&\fBdirectory\fR is the archived-key directory. Old encryption keys are moved to this directory, but only if they are to be saved and not deleted. .IP "\fB\-autosign\fR" 4 .IX Item "-autosign" A flag indicating that \fBrollerd\fR should automatically sign zonefiles that are found to be newer than their signed zonefile. If \fB\-noautosign\fR is specified, this will be set to false. .IP "\fB\-binddir directory\fR" 4 .IX Item "-binddir directory" \&\fBdirectory\fR is the directory holding the \s-1BIND\s0 programs. If the reserved word \*(L"path\*(R" is specified, then existence of the \s-1BIND\s0 programs is not verified when \fBdtinitconf\fR is executed. Rather, the user's \s-1PATH\s0 directories will be searched for the \s-1BIND\s0 programs when the DNSSEC-Tools are executed. .IP "\fB\-dtdir directory\fR" 4 .IX Item "-dtdir directory" \&\fBdirectory\fR is the directory holding the DNSSEC-Tools programs. If the reserved word \*(L"path\*(R" is specified, then existence of the DNSSEC-Tools programs is not verified when \fBdtinitconf\fR is executed. Rather, the user's \s-1PATH\s0 directories will be searched for the DNSSEC-Tools programs when those tools are executed. .IP "\fB\-entropy_msg\fR" 4 .IX Item "-entropy_msg" A flag indicating that \fBzonesigner\fR should display a message about entropy generation. This is primarily dependent on the implementation of a system's random number generation. .IP "\fB\-mailer\-server host\fR" 4 .IX Item "-mailer-server host" The mail server that will be contacted by \fI\fIdt_adminmail()\fI\fR. This is passed to \fIMail::Send\fR. .IP "\fB\-mailer\-server mailtype\fR" 4 .IX Item "-mailer-server mailtype" The mail type that will be contacted by \fI\fIdt_adminmail()\fI\fR. This is passed to \fIMail::Mailer\fR (by way of \fIMail::Send\fR.) Any values recognized by \fIMail::Mailer\fR may be used here. .IP "\fB\-noentropy_msg\fR" 4 .IX Item "-noentropy_msg" A flag indicating that \fBzonesigner\fR should not display a message about entropy generation. This is primarily dependent on the implementation of a system's random number generation. .IP "\fB\-roll\-loadzone\fR" 4 .IX Item "-roll-loadzone" .PD 0 .IP "\fB\-no\-roll\-loadzone\fR" 4 .IX Item "-no-roll-loadzone" .PD Flags indicating whether or not \fBrollerd\fR should have the \s-1DNS\s0 daemon load zones. .IP "\fB\-roll\-logfile logfile\fR" 4 .IX Item "-roll-logfile logfile" \&\fBlogfile\fR is the logfile for the \fBrollerd\fR daemon. .IP "\fB\-roll\-loglevel loglevel\fR" 4 .IX Item "-roll-loglevel loglevel" \&\fBloglevel\fR is the logging level for the \fBrollerd\fR daemon. .IP "\fB\-roll\-phasemsg length\fR" 4 .IX Item "-roll-phasemsg length" \&\fBlength\fR is the default length of phase-related log messages used by \&\fBrollerd\fR. The valid levels are \*(L"long\*(R" and \*(L"short\*(R", with \*(L"long\*(R" being the default value. .Sp The long message length means that a phase description will be included with some log messages. For example, the long form of a message about \s-1ZSK\s0 rollover phase 3 will look like this: \*(L"\s-1ZSK\s0 phase 3 (Waiting for old zone data to expire from caches)\*(R". .Sp The short message length means that a phase description will not be included with some log messages. For example, the short form of a message about \s-1ZSK\s0 rollover phase 3 will look like this: \*(L"\s-1ZSK\s0 phase 3\*(R". .IP "\fB\-roll\-sleeptime sleep-time\fR" 4 .IX Item "-roll-sleeptime sleep-time" \&\fBsleep-time\fR is the sleep-time for the \fBrollerd\fR daemon. .IP "\fB\-roll\-username username\fR" 4 .IX Item "-roll-username username" \&\fBusername\fR is the user for which the \fBrollerd\fR daemon will be executed. If this is a username, it must correspond to a valid uid; if it is a uid, it must correspond to a valid username. .IP "\fB\-roll\-logtz logtz\fR" 4 .IX Item "-roll-logtz logtz" \&\fBloglevel\fR is the timezone of the message timestamp for \fBrollerd\fR's logfile. .IP "\fB\-zoneerrs error-count\fR" 4 .IX Item "-zoneerrs error-count" \&\fBerror-count\fR is the maximum error count for zones used by the \fBrollerd\fR daemon. .IP "\fB\-savekeys\fR" 4 .IX Item "-savekeys" A flag indicating that old keys should be moved to the archive directory. .IP "\fB\-nosavekeys\fR" 4 .IX Item "-nosavekeys" A flag indicating that old keys should not be moved to the archive directory but will instead be left in place. .IP "\fB\-usegui\fR" 4 .IX Item "-usegui" A flag indicating that the \s-1GUI\s0 for specifying command options may be used. .IP "\fB\-nousegui\fR" 4 .IX Item "-nousegui" A flag indicating that the \s-1GUI\s0 for specifying command options should not be used. .SS "dtinitconf Options" .IX Subsection "dtinitconf Options" These options deal specifically with \fBdtinitconf\fR. .IP "\fB\-outfile conffile\fR" 4 .IX Item "-outfile conffile" The configuration file will be written to \fBconffile\fR. If this is not given, then the default configuration file (as returned by \&\fI\fINet::DNS::SEC::Tools::conf::getconffile()\fI\fR) will be used. .Sp If \fBconffile\fR is given as \fB\-\fR, then the new configuration file will be written to the standard output. .Sp \&\fBconffile\fR must be writable. .IP "\fB\-overwrite\fR" 4 .IX Item "-overwrite" If \fB\-overwrite\fR is specified, existing output files may be overwritten. Without \fB\-overwrite\fR, if the output file is found to exist then \fBdtinitconf\fR will give an error message and exit. .IP "\fB\-noprompt\fR" 4 .IX Item "-noprompt" If \fB\-noprompt\fR is specified, the user will not be prompted for any input. The configuration file will be created from command-line options and DNSSEC-Tools defaults. Guesses will be made for the \s-1BIND\s0 paths, based on the \s-1PATH\s0 environment variable. .Sp \&\fB\s-1WARNING\s0\fR: After using the \fB\-noprompt\fR option, the configuration file \&\fBmust\fR be checked to ensure that the defaults are appropriate and acceptable for the installation. .IP "\fB\-template\fR" 4 .IX Item "-template" If \fB\-template\fR is specified, a default configuration file is created. However, all entries are commented out. .Sp The only command line options that may be used in conjunction with \&\fB\-template\fR are \fB\-outfile\fR and \fB\-overwrite\fR. .IP "\fB\-edit\fR" 4 .IX Item "-edit" If \fB\-edit\fR is specified, the output file will be edited after it has been created. The \s-1EDITOR\s0 environment variable is consulted for the editor to use. If the \s-1EDITOR\s0 environment variable isn't defined, then the \fBvi\fR editor will be used. .IP "\fB\-verbose\fR" 4 .IX Item "-verbose" Provide verbose output. .IP "\fB\-Version\fR" 4 .IX Item "-Version" Displays the version information for \fBdtinitconf\fR and the DNSSEC-Tools package. .IP "\fB\-help\fR" 4 .IX Item "-help" Display a usage message and exit. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2006\-2012 \s-1SPARTA\s0, Inc. All rights reserved. See the \s-1COPYING\s0 file included with the DNSSEC-Tools package for details. .SH "AUTHOR" .IX Header "AUTHOR" Wayne Morrison, tewok@tislabs.com .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fB\f(BIdnssec\-keygen\fB\|(8)\fR, \&\fB\f(BIdnssec\-signzone\fB\|(8)\fR, \&\fB\f(BInamed\-checkzone\fB\|(8)\fR, \&\fB\f(BIkeyarch\fB\|(8)\fR, \&\fB\f(BIrollckk\fB\|(8)\fR, \&\fB\f(BIrollerd\fB\|(8)\fR, \&\fB\f(BIzonesigner\fB\|(8)\fR .PP \&\fB\f(BINet::DNS::SEC::Tools::conf.pm\fB\|(3)\fR, \&\fB\f(BINet::DNS::SEC::Tools::defaults.pm\fB\|(3)\fR, \&\fB\f(BINet::DNS::SEC::Tools::dnssectools.pm\fB\|(3)\fR, \&\fB\f(BINet::DNS::SEC::Tools::tooloptions.pm\fB\|(3)\fR, \&\fB\f(BIQWizard.pm\fB\|(3)\fR .PP \&\fB\f(BIdnssec\-tools.conf\fB\|(5)\fR