net::dns::sec::tools::dnssectools(3pm) [debian man page]
dnssectools(3pm) User Contributed Perl Documentation dnssectools(3pm) NAME
Net::DNS::SEC::Tools::dnssectools - General routines for the DNSSEC-Tools package. SYNOPSIS
use Net::DNS::SEC::Tools::dnssectools; dt_adminmail($subject,$msgbody,$recipient); $zspath = dt_cmdpath('zonesigner'); $ftype = dt_findtype($path); DESCRIPTION
The dnssectools module provides a general set of methods for use with DNSSEC-Tools utilities. INTERFACES
The interfaces to the dnssectools module are given below. dt_adminmail(subject,msgbody,recipient) This routine emails a message to the administrative user listed in the DNSSEC-Tools configuration file. dt_adminmail() requires two parameters, both scalars. The subject parameter is the subject for the mail message. The msgbody parameter is the body of the mail message. A third parameter, recipient, may be given to specify the message's recipient. If this is not given, then the recipient will be taken from the admin-email record of the DNSSEC-Tools configuration file. If recipient is "nomail", then no message will be sent and success will be returned. Return values: 1 - the message was created and sent. 0 - an invalid recipient was specified. It relies on the the following dnssec-tools.conf configuration parameters: admin-email The email address that the mail should come from. mailer-type Should be one of: sendmail, smtp, qmail. This option is not required and will default to trying sendmail and qmail to deliever the mail. If mailer-server is set to a defined value but mailer-type is not, then mailer-type will default to mailer-server The server, if admin-mail is set to smtp, that the mail should be delivered to. dt_cmdpath(command) This routine returns the path to a specified DNSSEC-Tools command. command should be the name only, without any leading directories. The command name is checked to ensure that it is a valid DNSEC-Tools command, Return values: The absolute path to the command is returned if the command is valid. Null is returned if the command is not valid. dt_filetype(path) This routine returns the type of the file named in path. The rollrec and keyrec records contained therein are counted and a type determination is made. Return values: "keyrec" - At least one keyrec record was found and no rollrec records were found. "rollrec" - At least one rollrec record was found and no keyrec records were found. "mixed" - At least one rollrec record and at least one keyrec record were found. This is most likely an erroneous file. "unknown" - No rollrec records nor keyrec records were found. "nofile" - The specified file does not exist. COPYRIGHT
Copyright 2006-2012 SPARTA, Inc. All rights reserved. See the COPYING file included with the DNSSEC-Tools package for details. AUTHOR
Wayne Morrison, tewok@tislabs.com SEE ALSO
Mail::Send.pm(3), Net::DNS::SEC::Tools::conf.pm(3) POD ERRORS
Hey! The above document had some coding errors, which are explained below: Around line 309: =back without =over perl v5.14.2 2012-06-28 dnssectools(3pm)
Check Out this Related Man Page
GENKRF(1p) User Contributed Perl Documentation GENKRF(1p) NAME
genkrf - Generate a keyrec file from Key Signing Key (KSK) and/or Zone Signing Key (ZSK) files SYNOPSIS
genkrf [options] <zone-file> [<signed-zone-file>] DESCRIPTION
genkrf generates a keyrec file from KSK and/or ZSK files. It generates new KSK and ZSK keys if needed. The name of the keyrec file to be generated is given by the -krfile option. If this option is not specified, zone-name.krf is used as the name of the keyrec file. If the keyrec file already exists, it will be overwritten with new keyrec definitions. The zone-file argument is required. It specifies the name of the zone file from which the signed zone file was created. The optional signed-zone-file argument specifies the name of the signed zone file. If it is not given, then it defaults to zone-file.signed. The signed zone file field is, in effect, a dummy field as the zone file is not actually signed. OPTIONS
genkrf has a number of options that assist in creation of the keyrec file. These options will be set to the first value found from this search path: command line options DNSSEC-Tools configuration file DNSSEC-Tools defaults See tooloptions.pm(3) for more details. Exceptions to this are given in the option descriptions. The genkrf options are described below. General genkrf Options -zone zone-name This option specifies the name of the zone. If it is not given then zone-file will be used as the name of the zone. -krfile keyrec-file This option specifies the name of the keyrec file to be generated. If it is not given, then zone-name.krf will be used. -algorithm algorithm This option specifies the algorithm used to generate encryption keys. -endtime endtime This option specifies the time that the signature on the zone expires, measured in seconds. -random random-device Source of randomness used to generate the zone's keys. See the man page for dnssec-signzone for the valid format of this field. -verbose Display additional messages during processing. If this option is given at least once, then a message will be displayed indicating the successful generation of the keyrec file. If it is given twice, then the values of all options will also be displayed. -Version Displays the version information for genkrf and the DNSSEC-Tools package. -help Display a usage message. KSK-related Options -kskcur KSK-name This option specifies the Current KSK's key file being used to sign the zone. If this option is not given, a new KSK will be created. -kskcount KSK-count This option specifies the number of KSK keys that will be generated. If this option is not given, the default given in the DNSSEC- Tools configuration file will be used. -kskdir KSK-directory This option specifies the absolute or relative path of the directory where the KSK resides. If this option is not given, it defaults to the current directory ".". -ksklength KSK-length This option specifies the length of the KSK encryption key. -ksklife KSK-lifespan This option specifies the lifespan of the KSK encryption key. This lifespan is not inherent to the key itself. It is only used to determine when the KSK must be rolled over. ZSK-related Options -zskcur ZSK-name This option specifies the current ZSK being used to sign the zone. If this option is not given, a new ZSK will be created. -zskpub ZSK-name This option specifies the published ZSK for the zone. If this option is not given, a new ZSK will be created. -zskcount ZSK-count This option specifies the number of current and published ZSK keys that will be generated. If this option is not given, the default given in the DNSSEC-Tools configuration file will be used. -zskdir ZSK-directory This option specifies the absolute or relative path of the directory where the ZSKs reside. If this option is not given, it defaults to the current directory ".". -zsklength ZSK-length This option specifies the length of the ZSK encryption key. -zsklife ZSK-lifespan This option specifies the lifespan of the ZSK encryption key. This lifespan is not inherent to the key itself. It is only used to determine when the ZSK must be rolled over. COPYRIGHT
Copyright 2005-2012 SPARTA, Inc. All rights reserved. See the COPYING file included with the DNSSEC-Tools package for details. AUTHOR
Wayne Morrison, tewok@tislabs.com SEE ALSO
dnssec-keygen(8), dnssec-signzone(8), zonesigner(8) Net::DNS::SEC::Tools::conf.pm(3), Net::DNS::SEC::Tools::defaults.pm(3), Net::DNS::SEC::Tools::keyrec.pm(3) conf(5), keyrec(5) perl v5.14.2 2012-06-21 GENKRF(1p)