ods-kaspcheck man page

ods-kaspcheck — Performs a sanity check of the policy for OpenDNSSEC

Synopsis

ods-kaspcheck [-c path -k path]

Description

The OpenDNSSEC XML configuration files (conf.xml and kasp.xml) offer the user many options to configure the OpenDNSSEC signing system. Some syntactic  constraints are placed on the configuration by the .rng definition (for example, whether an element is required or optional), but some semantic  constraints cannot be defined this way (for example, if NSEC3 is used to secure the zone, then a consistent DNSKEY algorithm choice should be made).

ods-kaspcheck is provided to check that the configuration files (conf.xml and kasp.xml) are semantically sane and contain no  inconsistencies. It is advisable to use this tool to check your configuration before starting to use OpenDNSSEC.

Options

-c, --conf path

Path to an OpenDNSSEC configuration file

(defaults to /etc/opendnssec/conf.xml)

-k, --kasp path

Path to KASP policy file

(defaults to the path given in the configuration file)

-v, --version

Display version information

-h, -?, --help

Show the help screen

See Also

ods-control(8), ods-enforcerd(8), ods-hsmspeed(1), ods-hsmutil(1), ods-ksmutil(1), ods-signer(8), ods-signerd(8), ods-timing(5), opendnssec(7), http://www.opendnssec.org/

Authors

ods-kaspcheck was written by Alex Dalitz and Nominet as part of the OpenDNSSEC project.

Referenced By

ods-control(8), ods-enforcerd(8), ods-getconf(8), ods-hsmspeed(1), ods-hsmutil(1), ods-ksmutil(1), ods-signer(8), ods-signerd(8), ods-timing(5), opendnssec(7).

February 2010 OpenDNSSEC ods-kaspcheck