Man Linux: Main Page and Category List

NAME

       ldns-keyfetcher - retrieve the DNSSEC DNSKEYs for a zone

SYNOPSIS

       ldns-keyfetcher [ OPTIONS ] DOMAIN

DESCRIPTION

       ldns-keyfetcher is used to retrieve the DNSKEYs of a zone.

       First  it finds all authoritative nameservers of the zone by tracing it
       from the root down. All  authoritative  nameservers  are  then  queried
       (using  TCP)  for the DNSKEY RRset of the zone apex. If the results are
       all the same, the key resource record set is printed.

OPTIONS

       -4 Only use IPv4

       -6 Only use IPv6

       -h Show a help text and exit

       -i Insecurer mode; there will only be one query for the DNSKEYS.  There
       will not be crosschecking of all authoritative nameservers.

       -v verbosity

       Set the verbosity level. The following levels are available:

        0: default, only print the DNSKEY RRset found, or an error on failure.
        1: Show the nameservers that are queried
        2: Show more info on what is checked
        3: Show the intermediate results (authority and dnskey rrsets)
        4: Print the answer packets that are returned

       -r file

       Use  file  as  the  root  hints  file,  should  contain  A  records  in
       presentation  format.  The default is /etc/named.root. You can get this
       file from http://www.internic.net/zones/named.root.

       -s Don’t print the keys to stdout, but store them in files.

       The filenames will be of the format K<file>.+<alg>.+<keytag>.key

AUTHOR

       Written by Jelte Jansen for NLnet Labs.

REPORTING BUGS

       Report bugs to <ldns-team@nlnetlabs.nl>.

COPYRIGHT

       Copyright (C) 2006 NLnet Labs. This  is  free  software.  There  is  NO
       warranty;  not  even  for  MERCHANTABILITY  or FITNESS FOR A PARTICULAR
       PURPOSE.

                                  4 Apr 2006                ldns-keyfetcher(1)