ods-kaspcheck man page

ods-kaspcheck — Performs a sanity check of the policy for OpenDNSSEC

Synopsis

ods-kaspcheck [-c path -k path]

Description

The OpenDNSSEC XML configuration files (conf.xml and kasp.xml) offer the user many options to configure the OpenDNSSEC signing system. Some syntactic constraints are placed on the configuration by the .rng definition (for example, whether an element is required or optional), but some semantic constraints cannot be defined this way (for example, if NSEC3 is used to secure the zone, then a consistent DNSKEY algorithm choice should be made).

ods-kaspcheck is provided to check that the configuration files (conf.xml and kasp.xml) are semantically sane and contain no inconsistencies. It is advisable to use this tool to check your configuration before starting to use OpenDNSSEC.

Options

-c, --conf path

Path to an OpenDNSSEC configuration file

(defaults to /etc/opendnssec/conf.xml)

-k, --kasp path

Path to KASP policy file

(defaults to the path given in the configuration file)

-v, --version
Display version information
-h, -?, --help
Show the help screen

See Also

ods-control(8), ods-enforcerd(8), ods-hsmspeed(1), ods-hsmutil(1), ods-ksmutil(1), ods-signer(8), ods-signerd(8), ods-timing(5), opendnssec(7), http://www.opendnssec.org/

Authors

ods-kaspcheck was written by Alex Dalitz and Nominet as part of the OpenDNSSEC project.

Referenced By

ods-control(8), ods-enforcerd(8), ods-getconf(8), ods-hsmspeed(1), ods-hsmutil(1), ods-ksmutil(1), ods-signer(8), ods-signerd(8), ods-timing(5), opendnssec(7).

February 2010 OpenDNSSEC OpenDNSSEC ods-kaspcheck