Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

ldns-verify-zone(1) [centos man page]

ldns-verifyzone(1)					      General Commands Manual						ldns-verifyzone(1)

NAME

       ldns-verify-zone - read a DNSSEC signed zone and verify it.

SYNOPSIS

       ldns-verify-zone ZONEFILE

DESCRIPTION

       ldns-verify-zone reads a DNS zone file and verifies it.

       RRSIG resource records are checked against the DNSKEY set at the zone apex.

       Each name is checked for an NSEC(3), if appropriate.

OPTIONS

       -h     Show usage and exit

       -a     Apex only, check only the zone apex

       -e period
	      Signatures may not expire within this period.  Default no period is used.

       -i period
	      Signatures must have been valid at least this long.  Default signatures should just be valid now.

       -k file
	      A file that contains a trusted DNSKEY or DS rr.  This option may be given more than once.

	      Alternatively,  if -k is not specified, and a default trust anchor (/var/lib/unbound/root.key) exists and contains a valid DNSKEY or
	      DS record, it will be used as the trust anchor.

       -p [0-100]
	      Only check this percentage of the zone.  Which names to check is determined randomly.  Defaults to 100.

       -S     Chase signature(s) to a known key.  The network may be accessed to validate the zone's DNSKEYs. (implies -k)

       -t YYYYMMDDhhmmss | [+|-]offset
	      Set the validation time either by an absolute time value or as an offset in seconds from the current time.

       -v     Show the version and exit

       -V number
	      Set the verbosity level (default 3):

	       0: Be silent
	       1: Print result, and any errors
	       2: Same as 1 for now
	       3: Print result, any errors, and the names that are
		  being checked
	       4: Same as 3 for now
	       5: Print the zone after it has been read, the result,
		  any errors, and the names that are being checked

       periods are given in ISO 8601 duration format:
	      P[n]Y[n]M[n]DT[n]H[n]M[n]S

       If no file is given standard input is read.

FILES

       /var/lib/unbound/root.key
	      The file from which trusted keys are loaded for signature chasing, when no -k option is given.

SEE ALSO

       unbound-anchor(8)

AUTHOR

       Written by the ldns team as an example for ldns usage.

REPORTING BUGS

       Report bugs to <ldns-team@nlnetlabs.nl>.

COPYRIGHT

       Copyright (C) 2008 NLnet Labs. This is free software. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A  PARTICULAR  PUR-
       POSE.

								    27 May 2008 						ldns-verifyzone(1)

Check Out this Related Man Page

ldns-compare-zones(1)					      General Commands Manual					     ldns-compare-zones(1)

NAME

       ldns-compare-zones - read and compare two zonefiles and print differences

SYNOPSIS

       ldns-compare-zones [-c] [-i] [-d] [-z] [-s] ZONEFILE1 ZONEFILE2

DESCRIPTION

       ldns-compare-zones reads two DNS zone files and prints number of differences.
       Output is formated to:
	       +NUM_INS        -NUM_DEL        ~NUM_CHG

       The  major  comparison  is  based on the owner name. If an owner name is present in zonefile 1, but not in zonefile 2, the resource records
       with this owner name are considered deleted, and counted as NUM_DEL. If an owner name is present in zonefile 2, but not in zonefile 1,  the
       resource  records with this owner name are considered inserted, and counted as NUM_INS. If an owner name is present in both, but there is a
       difference in the amount or content of the records, these are considered changed, and counted as NUM_CHG.

OPTIONS

       -c     Print resource records whose owner names are in both zone files, but with different resource records. (a.k.a. changed)

       -i     Print resource records whose owner names are present only in ZONEFILE2 (a.k.a. inserted)

       -d     Print resource records whose owner names are present only in ZONEFILE1 (a.k.a. deleted)

       -a     Print all changes. Specifying this option is the same as specifying -c -i amd -d.

       -z     Suppress zone sorting; this option is not recommended; it can cause records to be incorrectly marked as changed,	depending  of  the
	      nature of the changes.

       -s     Do  not  exclude the SOA record from the comparison.  The SOA record may then show up as changed due to a new serial number.  Off by
	      default since you may be interested to know if (other zone apex elements) have changed.

       -h     Show usage and exit

       -v     Show the version and exit

AUTHOR

       Written by Ondej Sury <ondrej@sury.org> for CZ.NIC, z.s.p.o. (czech domain registry)

REPORTING BUGS

       Report bugs to <ondrej@sury.org>.

COPYRIGHT

       Copyright (C) 2005 CZ.NIC, z.s.p.o.. This is free software. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A	PARTICULAR
       PURPOSE.

								    17 Oct 2007 					     ldns-compare-zones(1)
Man Page