dnssec-dsfromkey(1M) System Administration Commands dnssec-dsfromkey(1M)NAMEdnssec-dsfromkey - DNSSEC DS RR generation tool
SYNOPSISdnssec-dsfromkey [-v level] [-1] [-2] [-a alg] keyfile
dnssec-dsfromkey-s [-v level] [-1] [-2] [-a alg] [-c class]
[-d dir] keyfile
DESCRIPTIONdnssec-dsfromkeyOPTIONS
The following options are supported:
-1
Use SHA-1 as the digest algorithm. The default is to use both SHA-1
and SHA-256.
-2
Use SHA-256 as the digest algorithm.
-a algorithm
Select the digest algorithm. The value of algorithm must be one of
SHA-1 (SHA1) or SHA-256 (SHA256). These values are case-insensi‐
tive.
-v level
Sets the debugging level.
-s
Keyset mode: in place of the keyfile name, the argument is the DNS
domain name of a keyset file. The -c and -d options have meaning
only in this mode.
-c class
Specifies the DNS class (default is IN); useful only in the keyset
mode.
-d directory
Look for keyset files in directory as the directory; ignored when
not in the keyset mode.
EXAMPLES
To build the SHA-256 DS RR from the Kexample.com.+003+26160 keyfile
name, use a command such as the following:
# dnssec-dsfromkey-2 Kexample.com.+003+26160
This command would produce output similar to the following:
example.com. IN DS 26160 5 2
3A1EADA7A74B8D0BA86726B0C227AA85AB8BBD2B2004F41A868A54F0
C5EA0B94
FILES
The keyfile can be designated by the key identification
Knnnn.+aaa+iiiii, or the full file name Knnnn.+aaa+iiiii.key, as gener‐
ated by dnssec-keygen(1M).
The keyset file name is built from the directory, the string keyset-
and the dnsname.
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
┌─────────────────────────────┬─────────────────────────────┐
│ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
├─────────────────────────────┼─────────────────────────────┤
│Availability │service/network/dns/bind │
├─────────────────────────────┼─────────────────────────────┤
│Interface Stability │Volatile │
└─────────────────────────────┴─────────────────────────────┘
SEE ALSOdnssec-keygen(1M), dnssec-signzone(1M), attributes(5)
RFC 3658, RFC 4509
See the BIND 9 Administrator's Reference Manual. As of the date of pub‐
lication of this man page, this document is available at
https://www.isc.org/software/bind/documentation.
CAUTION
A keyfile error can produce a "file not found" message, even if the
file exists.
SunOS 5.10 11 Jan 2010 dnssec-dsfromkey(1M)