keyarch(1p) [debian man page]
KEYARCH(1p) User Contributed Perl Documentation KEYARCH(1p) NAME
keyarch - DNSSEC-Tools daemon to archive old KSK and ZSK keys SYNOPSIS
keyarch [options] <keyrec_file | rollrec_file> DESCRIPTION
The keyarch program archives old KSK and ZSK keys. Keys are considered old if they are revoked or obsolete. Keys marked as either kskrev or zskrev are revoked; keys marked as either kskobs or zskobs are obsolete. Archived keys are prefixed with the seconds-since-epoch as a means of distinguishing a zone's keys that have the same five digit number. If the required file argument is a keyrec file, then expired keys listed in that file are archived. If the file argument is a rollrec file, the keyrec files of the zones in that file are checked for expired keys. If the -zone option is given, then only revoked and obsolete keys belonging to the specified zone will be archived. The archive directory is either zone-specific (listed in the zone's keyrec record in the zone's keyrec file) or the default archive directory given in the DNSSEC-Tools configuration file. The count of archived keys is given as the program's exit code. Error exit codes are negative. OPTIONS
The following options are recognized: -zone zone_file Name of the zone whose KSKs will be archived. If this is not given, then all the zones defined in the rollrec file will be checked. -kskonly Only archive KSK keys. -zskonly Only archive ZSK keys. -dtconfig config_file Name of an alternate DNSSEC-Tools configuration file to be processed. If specified, this configuration file is used in place of the normal DNSSEC-Tools configuration file not in addition to it. Also, it will be handled prior to keyrec files, rollrec files, and command-line options. -quiet No output will be given. -verbose Verbose output will be given. -help Display a usage message. -Version Displays the version information for keyarch and the DNSSEC-Tools package. EXIT VALUES
On success, keyarch's exit code is the number of keys archived. keyarch has a 0 exit code if the help message is given. keyarch has a negative exit code if an error is encountered. COPYRIGHT
Copyright 2007-2012 SPARTA, Inc. All rights reserved. See the COPYING file included with the DNSSEC-Tools package for details. AUTHOR
Wayne Morrison, tewok@tislabs.com SEE ALSO
rollerd(8), zonesigner(8) Net::DNS::SEC::Tools::conf.pm(3), Net::DNS::SEC::Tools::dnssectools.pm(3), Net::DNS::SEC::Tools::defaults.pm(3), Net::DNS::SEC::Tools::keyrec.pm(3), Net::DNS::SEC::Tools::rollrec.pm(3) keyrec(5), rollrec(5) perl v5.14.2 2012-06-21 KEYARCH(1p)
Check Out this Related Man Page
dnssectools(3pm) User Contributed Perl Documentation dnssectools(3pm) NAME
Net::DNS::SEC::Tools::dnssectools - General routines for the DNSSEC-Tools package. SYNOPSIS
use Net::DNS::SEC::Tools::dnssectools; dt_adminmail($subject,$msgbody,$recipient); $zspath = dt_cmdpath('zonesigner'); $ftype = dt_findtype($path); DESCRIPTION
The dnssectools module provides a general set of methods for use with DNSSEC-Tools utilities. INTERFACES
The interfaces to the dnssectools module are given below. dt_adminmail(subject,msgbody,recipient) This routine emails a message to the administrative user listed in the DNSSEC-Tools configuration file. dt_adminmail() requires two parameters, both scalars. The subject parameter is the subject for the mail message. The msgbody parameter is the body of the mail message. A third parameter, recipient, may be given to specify the message's recipient. If this is not given, then the recipient will be taken from the admin-email record of the DNSSEC-Tools configuration file. If recipient is "nomail", then no message will be sent and success will be returned. Return values: 1 - the message was created and sent. 0 - an invalid recipient was specified. It relies on the the following dnssec-tools.conf configuration parameters: admin-email The email address that the mail should come from. mailer-type Should be one of: sendmail, smtp, qmail. This option is not required and will default to trying sendmail and qmail to deliever the mail. If mailer-server is set to a defined value but mailer-type is not, then mailer-type will default to mailer-server The server, if admin-mail is set to smtp, that the mail should be delivered to. dt_cmdpath(command) This routine returns the path to a specified DNSSEC-Tools command. command should be the name only, without any leading directories. The command name is checked to ensure that it is a valid DNSEC-Tools command, Return values: The absolute path to the command is returned if the command is valid. Null is returned if the command is not valid. dt_filetype(path) This routine returns the type of the file named in path. The rollrec and keyrec records contained therein are counted and a type determination is made. Return values: "keyrec" - At least one keyrec record was found and no rollrec records were found. "rollrec" - At least one rollrec record was found and no keyrec records were found. "mixed" - At least one rollrec record and at least one keyrec record were found. This is most likely an erroneous file. "unknown" - No rollrec records nor keyrec records were found. "nofile" - The specified file does not exist. COPYRIGHT
Copyright 2006-2012 SPARTA, Inc. All rights reserved. See the COPYING file included with the DNSSEC-Tools package for details. AUTHOR
Wayne Morrison, tewok@tislabs.com SEE ALSO
Mail::Send.pm(3), Net::DNS::SEC::Tools::conf.pm(3) POD ERRORS
Hey! The above document had some coding errors, which are explained below: Around line 309: =back without =over perl v5.14.2 2012-06-28 dnssectools(3pm)