ods-kaspcheck man page

ods-kaspcheck — Performs a sanity check of the policy for OpenDNSSEC


ods-kaspcheck [-c path -k path]


The OpenDNSSEC XML configuration files (conf.xml and kasp.xml) offer the user many options to configure the OpenDNSSEC signing system. Some syntactic constraints are placed on the configuration by the .rng definition (for example, whether an element is required or optional), but some semantic constraints cannot be defined this way (for example, if NSEC3 is used to secure the zone, then a consistent DNSKEY algorithm choice should be made).

ods-kaspcheck is provided to check that the configuration files (conf.xml and kasp.xml) are semantically sane and contain no inconsistencies. It is advisable to use this tool to check your configuration before starting to use OpenDNSSEC.


-c, --conf path

Path to an OpenDNSSEC configuration file

(defaults to /etc/opendnssec/conf.xml)

-k, --kasp path

Path to KASP policy file

(defaults to the path given in the configuration file)

-v, --version
Display version information
-h, -?, --help
Show the help screen

See Also

ods-control(8), ods-enforcerd(8), ods-hsmspeed(1), ods-hsmutil(1), ods-ksmutil(1), ods-signer(8), ods-signerd(8), ods-timing(5), opendnssec(7), http://www.opendnssec.org/


ods-kaspcheck was written by Alex Dalitz and Nominet as part of the OpenDNSSEC project.

Referenced By

ods-control(8), ods-enforcerd(8), ods-getconf(8), ods-hsmspeed(1), ods-hsmutil(1), ods-ksmutil(1), ods-signer(8), ods-signerd(8), ods-timing(5), opendnssec(7).

Explore man page connections for ods-kaspcheck(1).

OpenDNSSEC OpenDNSSEC ods-kaspcheck February 2010