aboutsummaryrefslogtreecommitdiffstats
path: root/meta-networking/recipes-support/dnssec-conf/dnssec-conf/dnskey-pull.1
diff options
context:
space:
mode:
Diffstat (limited to 'meta-networking/recipes-support/dnssec-conf/dnssec-conf/dnskey-pull.1')
-rw-r--r--meta-networking/recipes-support/dnssec-conf/dnssec-conf/dnskey-pull.1118
1 files changed, 118 insertions, 0 deletions
diff --git a/meta-networking/recipes-support/dnssec-conf/dnssec-conf/dnskey-pull.1 b/meta-networking/recipes-support/dnssec-conf/dnssec-conf/dnskey-pull.1
new file mode 100644
index 0000000000..554c686874
--- /dev/null
+++ b/meta-networking/recipes-support/dnssec-conf/dnssec-conf/dnskey-pull.1
@@ -0,0 +1,118 @@
+'\" t
+.\" Title: DNSKEY-PULL
+.\" Author: [see the "AUTHOR" section]
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\" Date: 7 November 2008
+.\" Manual: User\*(Aqs Manual
+.\" Source: User's Manual
+.\" Language: English
+.\"
+.TH "DNSKEY\-PULL" "1" "7 November 2008" "User's Manual" "User\*(Aqs Manual"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+dnskey-pull \- fetch DNSKEY records from a zone, from all sub\-zones or from a webpage
+.SH "SYNOPSIS"
+.HP \w'\fBdnskey\-pull\fR\ 'u
+\fBdnskey\-pull\fR [\-a] [\-t] [\-o\ \fI<output>\fR] [\-s\ \fI<ns>\fR] \fIzone\fR \fI[\&.\&.]\fR
+.HP \w'\fBdnskey\-pull\fR\ 'u
+\fBdnskey\-pull\fR [\-o\ \fI<output>\fR] \fIurl\fR \fI[\&.\&.]\fR
+.SH "DESCRIPTION"
+.PP
+\fBdnskey\-pull\fR
+obtains Key\-Signing\-Key (KSK) DNSKEY records for use as
+\fItrust\-anchor\fR
+with recursing nameserver that are setup to use
+\fBDNSSEC\&.\fR
+.PP
+dnskey\-pull itself performs no DNSSEC validation\&. dnskey\-pull pulls KSK DNSKEY records for a single zone but can also be told, if it has
+\fIzone\-transfer\fR
+(AXFR) permission, to lookup KSK DNSKEY records for all NS records found in a zone\&. This latter feature can be used to find new DNSKEY\*(Aqs in TLD\*(Aqs\&.
+.PP
+The output of this command can be directly included in the configuration files for the
+\fBBind\fR
+and
+\fBUnbound\fR
+recursing nameservers as DNSSEC trust anchor\&.
+.PP
+dnskey\-pull ignores the system\*(Aqs
+/etc/resolv\&.conf
+setting for domain appending, and treats all zone arguments as FQDN\&. It does use the system\*(Aqs resolver settings for recursive lookups\&.
+.SH "OPTIONS"
+.PP
+\fB\-a\fR
+.RS 4
+Use a zone\-transfer (AXFR) to find all NS records in a zone and return any DNSKEY records found for these NS records in
+\fItrusted\-key\fR
+format\&. Note that AXFR is often blocked on nameservers\&.
+.RE
+.PP
+\fB\-s\ \&<\fR\fInameserver>\fR
+.RS 4
+Use the specified nameserver to perform the zone\-transfer (AXFR)\&.
+.RE
+.PP
+\fB\-t\fR
+.RS 4
+Return the resulting DNSKEY\*(Aqs within a
+\fItrusted\-key { };\fR
+statement, compatible for including with a
+\fIbind\fR
+or
+\fIunbound\fR
+nameserver configuration\&.
+.RE
+.SH "EXAMPLES"
+.PP
+Get all DNSKEY records for Top Level Domains (TLD\*(Aqs) in the Root ("\&.") zone, using the F root\-server that allows zone\-transfers:
+.PP
+\fB% dnskey\-pull \-t \-a \-s f\&.root\-servers\&.net \&.\fR
+.PP
+Get a trusted\-key statement for the xelerance\&.com zone:
+.PP
+\fB% dnskey\-pull \-t xelerance\&.com\fR
+.PP
+Get the trusted keys for the TLD\*(Aqs of Sweden, Brasil and Bulgaria:
+.PP
+\fB% dnskey\-pull se\&. br\&. bg\&.\fR
+.PP
+Find all secured
+\fIENUM\fR
+zones:
+.PP
+\fB% dnskey\-pull \-a \-s ns\-pri\&.ripe\&.net\&. e164\&.arpa\&.\fR
+.PP
+Find the keys on the webpage of the Brasil NIC:
+.PP
+\fB% dnskey\-pull https://registro\&.br/ksk/index\&.html\fR
+.SH "EXIT STATUS"
+.PP
+dnskey\-pull returns 0 when it found one or more DNSKEY records, and non\-zero upon finding no DNSKEY records\&.
+.SH "SEE ALSO"
+.PP
+\fBdnssec-configure\fR(1),
+\fBsystem-config-dnssec\fR(1),
+\fBnamed.conf\fR(8),
+\fBunbound.conf\fR(8),
+\fBautotrust\fR(8),
+\fBunbound-host\fR(8)\&.
+.SH "AUTHOR"
+.PP
+Paul Wouters <paul@xelerance\&.com>