NAME
ods-auditor - auditor component of OpenDNSSEC
SYNOPSIS
ods-auditor [options]
DESCRIPTION
ods-auditor is a module which provides auditing capabilities to
OpenDNSSEC.
Once an unsigned zone has been signed, this module is used to check
that the signing process has run successfully. It checks that no data
has been lost (or non-DNSSEC data added), and that all the DNSSEC
records are correct. It used the OpenDNSSEC standard logging (defined
in /etc/opendnssec/conf.xml).
The Auditor takes the signed and unsigned zones and compares them. It
first parses both files, and creates transient files which are then
sorted into canonical order. These files are then processed by the
Auditor. If processing an NSEC3-signed file, the Auditor will create
additional temporary files, which are processed after the main auditing
run.
Specific options:
-c, --conf [PATH_TO_CONF_FILE]
Path to OpenDNSSEC configuration file
(defaults to /etc/opendnssec/conf.xml)
-k, --kasp [PATH_TO_KASP_FILE]
Path to KASP policy file
(defaults to the path given in the configuration file)
-z, --zone [ZONE_NAME]
Single zone to audit
(defaults to audit all zones)
-s,--signed [PATH_TO_SIGNED_FILE]
If a single zone is specified, then this option may override the
specified signed file with another. This is for use by the
signer.
(defaults to the path given in the zone list)
-v, --version
Display version information
Common options:
-h, -?, --help
Show this message