NAME¶
keyarch - DNSSEC-Tools daemon to archive old KSK and ZSK keys
SYNOPSIS¶
keyarch [options] <keyrec_file | rollrec_file>
DESCRIPTION¶
The
keyarch program archives old KSK and ZSK keys. Keys are considered
old if they are revoked or obsolete. Keys marked as either
kskrev or
zskrev are revoked; keys marked as either
kskobs or
zskobs are obsolete. Archived keys are prefixed with the
seconds-since-epoch as a means of distinguishing a zone's keys that have the
same five digit number.
If the required file argument is a
keyrec file, then expired keys listed
in that file are archived. If the file argument is a
rollrec file, the
keyrec files of the zones in that file are checked for expired keys.
If the
-zone option is given, then only revoked and obsolete keys
belonging to the specified zone will be archived.
The archive directory is either zone-specific (listed in the zone's
keyrec record in the zone's
keyrec file) or the default archive
directory given in the DNSSEC-Tools configuration file.
The count of archived keys is given as the program's exit code. Error exit codes
are negative.
OPTIONS¶
The following options are recognized:
- -zone zone_file
- Name of the zone whose KSKs will be archived. If this is
not given, then all the zones defined in the rollrec file will be
checked.
- -kskonly
- Only archive KSK keys.
- -zskonly
- Only archive ZSK keys.
- -dtconfig config_file
- Name of an alternate DNSSEC-Tools configuration file to be
processed. If specified, this configuration file is used in place
of the normal DNSSEC-Tools configuration file not in addition to
it. Also, it will be handled prior to keyrec files, rollrec
files, and command-line options.
- -quiet
- No output will be given.
- -verbose
- Verbose output will be given.
- -help
- Display a usage message.
- -Version
- Displays the version information for keyarch and the
DNSSEC-Tools package.
EXIT VALUES¶
On success,
keyarch's exit code is the number of keys archived.
keyarch has a 0 exit code if the help message is given.
keyarch has a negative exit code if an error is encountered.
COPYRIGHT¶
Copyright 2007-2012 SPARTA, Inc. All rights reserved. See the COPYING file
included with the DNSSEC-Tools package for details.
AUTHOR¶
Wayne Morrison, tewok@tislabs.com
SEE ALSO¶
rollerd(8),
zonesigner(8)
Net::DNS::SEC::Tools::conf.pm(3),
Net::DNS::SEC::Tools::dnssectools.pm (3),
Net::DNS::SEC::Tools::defaults.pm(3),
Net::DNS::SEC::Tools::keyrec.pm(3),
Net::DNS::SEC::Tools::rollrec.pm (3)
keyrec(5),
rollrec(5)