|
Packit Service |
ae04f2 |
.\" Copyright (C) 2013-2016, 2018-2020 Internet Systems Consortium, Inc. ("ISC")
|
|
Packit Service |
ae04f2 |
.\"
|
|
Packit Service |
ae04f2 |
.\" This Source Code Form is subject to the terms of the Mozilla Public
|
|
Packit Service |
ae04f2 |
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
Packit Service |
ae04f2 |
.\" file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
Packit Service |
ae04f2 |
.\"
|
|
Packit Service |
ae04f2 |
.hy 0
|
|
Packit Service |
ae04f2 |
.ad l
|
|
Packit Service |
ae04f2 |
'\" t
|
|
Packit Service |
ae04f2 |
.\" Title: dnssec-importkey
|
|
Packit Service |
ae04f2 |
.\" Author:
|
|
Packit Service |
ae04f2 |
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
|
|
Packit Service |
ae04f2 |
.\" Date: August 21, 2015
|
|
Packit Service |
ae04f2 |
.\" Manual: BIND9
|
|
Packit Service |
ae04f2 |
.\" Source: ISC
|
|
Packit Service |
ae04f2 |
.\" Language: English
|
|
Packit Service |
ae04f2 |
.\"
|
|
Packit Service |
ae04f2 |
.TH "DNSSEC\-IMPORTKEY" "8" "August 21, 2015" "ISC" "BIND9"
|
|
Packit Service |
ae04f2 |
.\" -----------------------------------------------------------------
|
|
Packit Service |
ae04f2 |
.\" * Define some portability stuff
|
|
Packit Service |
ae04f2 |
.\" -----------------------------------------------------------------
|
|
Packit Service |
ae04f2 |
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
Packit Service |
ae04f2 |
.\" http://bugs.debian.org/507673
|
|
Packit Service |
ae04f2 |
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
|
|
Packit Service |
ae04f2 |
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
Packit Service |
ae04f2 |
.ie \n(.g .ds Aq \(aq
|
|
Packit Service |
ae04f2 |
.el .ds Aq '
|
|
Packit Service |
ae04f2 |
.\" -----------------------------------------------------------------
|
|
Packit Service |
ae04f2 |
.\" * set default formatting
|
|
Packit Service |
ae04f2 |
.\" -----------------------------------------------------------------
|
|
Packit Service |
ae04f2 |
.\" disable hyphenation
|
|
Packit Service |
ae04f2 |
.nh
|
|
Packit Service |
ae04f2 |
.\" disable justification (adjust text to left margin only)
|
|
Packit Service |
ae04f2 |
.ad l
|
|
Packit Service |
ae04f2 |
.\" -----------------------------------------------------------------
|
|
Packit Service |
ae04f2 |
.\" * MAIN CONTENT STARTS HERE *
|
|
Packit Service |
ae04f2 |
.\" -----------------------------------------------------------------
|
|
Packit Service |
ae04f2 |
.SH "NAME"
|
|
Packit Service |
ae04f2 |
dnssec-importkey \- import DNSKEY records from external systems so they can be managed
|
|
Packit Service |
ae04f2 |
.SH "SYNOPSIS"
|
|
Packit Service |
ae04f2 |
.HP \w'\fBdnssec\-importkey\fR\ 'u
|
|
Packit Service |
ae04f2 |
\fBdnssec\-importkey\fR [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-L\ \fR\fB\fIttl\fR\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-P\ sync\ \fR\fB\fIdate/offset\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-D\ sync\ \fR\fB\fIdate/offset\fR\fR] [\fB\-h\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-V\fR] {\fBkeyfile\fR}
|
|
Packit Service |
ae04f2 |
.HP \w'\fBdnssec\-importkey\fR\ 'u
|
|
Packit Service |
ae04f2 |
\fBdnssec\-importkey\fR {\fB\-f\ \fR\fB\fIfilename\fR\fR} [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-L\ \fR\fB\fIttl\fR\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-P\ sync\ \fR\fB\fIdate/offset\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-D\ sync\ \fR\fB\fIdate/offset\fR\fR] [\fB\-h\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-V\fR] [\fBdnsname\fR]
|
|
Packit Service |
ae04f2 |
.SH "DESCRIPTION"
|
|
Packit Service |
ae04f2 |
.PP
|
|
Packit Service |
ae04f2 |
\fBdnssec\-importkey\fR
|
|
Packit Service |
ae04f2 |
reads a public DNSKEY record and generates a pair of \&.key/\&.private files\&. The DNSKEY record may be read from an existing \&.key file, in which case a corresponding \&.private file will be generated, or it may be read from any other file or from the standard input, in which case both \&.key and \&.private files will be generated\&.
|
|
Packit Service |
ae04f2 |
.PP
|
|
Packit Service |
ae04f2 |
The newly\-created \&.private file does
|
|
Packit Service |
ae04f2 |
\fInot\fR
|
|
Packit Service |
ae04f2 |
contain private key data, and cannot be used for signing\&. However, having a \&.private file makes it possible to set publication (\fB\-P\fR) and deletion (\fB\-D\fR) times for the key, which means the public key can be added to and removed from the DNSKEY RRset on schedule even if the true private key is stored offline\&.
|
|
Packit Service |
ae04f2 |
.SH "OPTIONS"
|
|
Packit Service |
ae04f2 |
.PP
|
|
Packit Service |
ae04f2 |
\-f \fIfilename\fR
|
|
Packit Service |
ae04f2 |
.RS 4
|
|
Packit Service |
ae04f2 |
Zone file mode: instead of a public keyfile name, the argument is the DNS domain name of a zone master file, which can be read from
|
|
Packit Service |
ae04f2 |
\fBfile\fR\&. If the domain name is the same as
|
|
Packit Service |
ae04f2 |
\fBfile\fR, then it may be omitted\&.
|
|
Packit Service |
ae04f2 |
.sp
|
|
Packit Service |
ae04f2 |
If
|
|
Packit Service |
ae04f2 |
\fBfile\fR
|
|
Packit Service |
ae04f2 |
is set to
|
|
Packit Service |
ae04f2 |
"\-", then the zone data is read from the standard input\&.
|
|
Packit Service |
ae04f2 |
.RE
|
|
Packit Service |
ae04f2 |
.PP
|
|
Packit Service |
ae04f2 |
\-K \fIdirectory\fR
|
|
Packit Service |
ae04f2 |
.RS 4
|
|
Packit Service |
ae04f2 |
Sets the directory in which the key files are to reside\&.
|
|
Packit Service |
ae04f2 |
.RE
|
|
Packit Service |
ae04f2 |
.PP
|
|
Packit Service |
ae04f2 |
\-L \fIttl\fR
|
|
Packit Service |
ae04f2 |
.RS 4
|
|
Packit Service |
ae04f2 |
Sets the default TTL to use for this key when it is converted into a DNSKEY RR\&. If the key is imported into a zone, this is the TTL that will be used for it, unless there was already a DNSKEY RRset in place, in which case the existing TTL would take precedence\&. Setting the default TTL to
|
|
Packit Service |
ae04f2 |
0
|
|
Packit Service |
ae04f2 |
or
|
|
Packit Service |
ae04f2 |
none
|
|
Packit Service |
ae04f2 |
removes it\&.
|
|
Packit Service |
ae04f2 |
.RE
|
|
Packit Service |
ae04f2 |
.PP
|
|
Packit Service |
ae04f2 |
\-h
|
|
Packit Service |
ae04f2 |
.RS 4
|
|
Packit Service |
ae04f2 |
Emit usage message and exit\&.
|
|
Packit Service |
ae04f2 |
.RE
|
|
Packit Service |
ae04f2 |
.PP
|
|
Packit Service |
ae04f2 |
\-v \fIlevel\fR
|
|
Packit Service |
ae04f2 |
.RS 4
|
|
Packit Service |
ae04f2 |
Sets the debugging level\&.
|
|
Packit Service |
ae04f2 |
.RE
|
|
Packit Service |
ae04f2 |
.PP
|
|
Packit Service |
ae04f2 |
\-V
|
|
Packit Service |
ae04f2 |
.RS 4
|
|
Packit Service |
ae04f2 |
Prints version information\&.
|
|
Packit Service |
ae04f2 |
.RE
|
|
Packit Service |
ae04f2 |
.SH "TIMING OPTIONS"
|
|
Packit Service |
ae04f2 |
.PP
|
|
Packit Service |
ae04f2 |
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS\&. If the argument begins with a \*(Aq+\*(Aq or \*(Aq\-\*(Aq, it is interpreted as an offset from the present time\&. For convenience, if such an offset is followed by one of the suffixes \*(Aqy\*(Aq, \*(Aqmo\*(Aq, \*(Aqw\*(Aq, \*(Aqd\*(Aq, \*(Aqh\*(Aq, or \*(Aqmi\*(Aq, then the offset is computed in years (defined as 365 24\-hour days, ignoring leap years), months (defined as 30 24\-hour days), weeks, days, hours, or minutes, respectively\&. Without a suffix, the offset is computed in seconds\&. To explicitly prevent a date from being set, use \*(Aqnone\*(Aq or \*(Aqnever\*(Aq\&.
|
|
Packit Service |
ae04f2 |
.PP
|
|
Packit Service |
ae04f2 |
\-P \fIdate/offset\fR
|
|
Packit Service |
ae04f2 |
.RS 4
|
|
Packit Service |
ae04f2 |
Sets the date on which a key is to be published to the zone\&. After that date, the key will be included in the zone but will not be used to sign it\&.
|
|
Packit Service |
ae04f2 |
.RE
|
|
Packit Service |
ae04f2 |
.PP
|
|
Packit Service |
ae04f2 |
\-P sync \fIdate/offset\fR
|
|
Packit Service |
ae04f2 |
.RS 4
|
|
Packit Service |
ae04f2 |
Sets the date on which CDS and CDNSKEY records that match this key are to be published to the zone\&.
|
|
Packit Service |
ae04f2 |
.RE
|
|
Packit Service |
ae04f2 |
.PP
|
|
Packit Service |
ae04f2 |
\-D \fIdate/offset\fR
|
|
Packit Service |
ae04f2 |
.RS 4
|
|
Packit Service |
ae04f2 |
Sets the date on which the key is to be deleted\&. After that date, the key will no longer be included in the zone\&. (It may remain in the key repository, however\&.)
|
|
Packit Service |
ae04f2 |
.RE
|
|
Packit Service |
ae04f2 |
.PP
|
|
Packit Service |
ae04f2 |
\-D sync \fIdate/offset\fR
|
|
Packit Service |
ae04f2 |
.RS 4
|
|
Packit Service |
ae04f2 |
Sets the date on which the CDS and CDNSKEY records that match this key are to be deleted\&.
|
|
Packit Service |
ae04f2 |
.RE
|
|
Packit Service |
ae04f2 |
.SH "FILES"
|
|
Packit Service |
ae04f2 |
.PP
|
|
Packit Service |
ae04f2 |
A keyfile can be designed by the key identification
|
|
Packit Service |
ae04f2 |
Knnnn\&.+aaa+iiiii
|
|
Packit Service |
ae04f2 |
or the full file name
|
|
Packit Service |
ae04f2 |
Knnnn\&.+aaa+iiiii\&.key
|
|
Packit Service |
ae04f2 |
as generated by
|
|
Packit Service |
ae04f2 |
dnssec\-keygen(8)\&.
|
|
Packit Service |
ae04f2 |
.SH "SEE ALSO"
|
|
Packit Service |
ae04f2 |
.PP
|
|
Packit Service |
ae04f2 |
\fBdnssec-keygen\fR(8),
|
|
Packit Service |
ae04f2 |
\fBdnssec-signzone\fR(8),
|
|
Packit Service |
ae04f2 |
BIND 9 Administrator Reference Manual,
|
|
Packit Service |
ae04f2 |
RFC 5011\&.
|
|
Packit Service |
ae04f2 |
.SH "AUTHOR"
|
|
Packit Service |
ae04f2 |
.PP
|
|
Packit Service |
ae04f2 |
\fBInternet Systems Consortium, Inc\&.\fR
|
|
Packit Service |
ae04f2 |
.SH "COPYRIGHT"
|
|
Packit Service |
ae04f2 |
.br
|
|
Packit Service |
ae04f2 |
Copyright \(co 2013-2016, 2018-2020 Internet Systems Consortium, Inc. ("ISC")
|
|
Packit Service |
ae04f2 |
.br
|