Package dnssec-tools

A suite of tools for managing dnssec aware DNS usage

http://www.dnssec-tools.org/


The goal of the DNSSEC-Tools project is to create a set of tools,
patches, applications, wrappers, extensions, and plugins that will
help ease the deployment of DNSSEC-related technologies.

General Commands (Section 1)
blinkenlights
blinkenlights is a GUI tool for use with monitoring and controlling the DNSSEC-Tools rollerd program. It displays information on the current state of the zones...
bubbles
bubbles gives a simple display of the roll status of a set of zones listed in a rollrec file. In contrast, blinkenlights gives a detailed display of the roll...
buildrealms
buildrealms helps in setting up a realms environment for use by dtrealms. buildrealms creates the required file hierarchies for each realm, it moves a realm's...
check-zone-expiration
The check-zone-exiration script reports how long until a zone will expire by querying for the zone's (top level) RRSIG and calculating how much time is left...
cleanarch
cleanarch deletes old keys from a DNSSEC-Tools key archive. Key "age" and archives are determined by options and arguments. Command line options and arguments...
cleankrf
cleankrf cleans old data out of a set of DNSSEC-Tools keyrec files. The old data are obsolete signing sets, orphaned keys, and obsolete keys. Obsolete signing...
convertar
convertar operates on input and output files of different Trust Anchor Repository (TAR) formats. convertar decides what type of file format is being referred to...
dnspktflow
The dnspktflow application takes a tcpdump network traffic dump file, passes it through the tshark application and then displays the resulting DNS packet flows...
dnssec-tools
The DNSSEC-Tools package contains a wide variety of tools that are helpful to zone operators, resolver operators, network operators, application developers and...
donuts
donuts is a DNS lint application that examines DNS zone files looking for particular problems. This is especially important for zones making use of DNSSEC...
donutsd
donutsd runs donuts on a set of zone files every so often (the frequency is specified by the -z flag which defaults to 24 hours) and watches for changes in the...
drawvalmap
drawvalmap is a simple utility that can be used to display the validator status values in a graphical format. The input to this script is a set of log messages...
dtck
dtck checks DNSSEC-Tools data files to determine if the entries are valid. dtck checks the validity of DNSSEC-Tools configuration files, rollrec files, and...
dtconf
dtconf displays the key/value pairs of a DNSSEC-Tools configuration file. If a configuration file isn't specified, the system configuration file will be...
dtconfchk
dtconfchk checks a DNSSEC-Tools configuration file to determine if the entries are valid. If a configuration file isn't specified, the system configuration file...
dtdefs
The dtdefs program displays defaults defined for DNSSEC-Tools.
dt-getaddr
This utility is a command-line wrapper around the val_getaddrinfo() function. It invokes the val_getaddrinfo() operation for the given command-line arguments...
dt-gethost
This utility is a command-line wrapper around the val_gethostbyname() (and related) functions. It invokes the val_gethostbyname(), val_gethostbyname_r() and...
dt-getname
This utility is a command-line wrapper around the val_getnameinfo() function. It invokes the val_getnameinfo() function with the given command-line arguments...
dt-getquery
This utility is a command-line wrapper around the val_res_query() function. It invokes the val_res_query() function with the given command-line arguments and...
dt-getrrset
This utility is a command-line wrapper around the val_get_rrset() function. It invokes the val_get_rrset() function with the given command-line arguments and...
dtinitconf
The dtinitconf program initializes the DNSSEC-Tools configuration file. By default, the actual configuration file will be created, though the created file can...
dt-libval_check_conf
This program checks a given validator configuration file for any syntax errors. If no file is specified as a command line option, the default dnsval.conf file...
dtrealms
dtrealms manages multiple distinct DNSSEC-Tools rollover environments running simultaneously. Each rollover environment, called a realm, is defined in a realms...
dt-validate
dt-validate is a diagnostic tool built on top of the DNSSEC validator. It takes DOMAIN_NAME as an argument and queries the DNS for that domain name. It outputs...
expchk
expchk checks a set of keyrec files to determine if the zone keyrecs are valid or expired. The type of zones displayed depends on the options chosen; if no...
fixkrf
fixkrf checks a specified keyrec file to ensure that the referenced encryption key files exist where listed. If a key is not where the keyrec specifies it...
genkrf
genkrf generates a keyrec file from KSK and/or ZSK files. It generates new KSK and ZSK keys if needed. The name of the keyrec file to be generated is given by...
getdnskeys
getdnskeys manages lists of DNSKEYs from DNS zones. It may be used to retrieve and compare DNSKEYs. The output from getdnskeys may be included (directly or...
getds
getds will create a DS record from DNSKEYs for the specified DNS domain. It does this by converting DNSKEYs to DS records using the specified hashing algorithm...
grandvizier
THIS NEEDS MAJOR EDITTING!!! Warning: This is an early prototype. Consider it to be beta quality, if not alpha. grandvizier is a GUI tool for use with...
keyarch
The keyarch program archives old KSK and ZSK keys. Keys are considered old if they are revoked or obsolete. Keys marked as either kskrev or zskrev are revoked...
keymod
keymod modifies the key parameters in a keyrec file that are used to generate cryptographics keys used to sign zones. The new parameters will be used by...
krfcheck
This script checks a keyrec file for problems, potential problems, and inconsistencies.
lights
lights gives a very simple overview of the rollover status of a set of zones. The rollover status counts are given in a "traffic light" display. In contrast...
lsdnssec
The lsdnssec program summarizes information about DNSSEC-related files. These files may be specified on the command line or found in directories that were given...
lskrf
lskrf lists the contents of the specified keyrec files. All keyrec files are loaded before the output is displayed. If any keyrecs have duplicated names...
lsrealm
This script lists the contents of the specified realm files. All realm files are loaded before the output is displayed. If any realms have duplicated names...
lsroll
This script lists the contents of the specified rollrec files. All rollrec files are loaded before the output is displayed. If any rollrecs have duplicated...
maketestzone
The generaterecords script generates a zone file, given a domain name, which is then signed and modified to invalidate portions of the data in particular ways...
mapper
This application creates a graphical map of one or more zone files. The output gives a graphical representation of a DNS zone or zones. The output is written in...
realmchk
realmchk checks the validity of a set of DNSSEC-Tools realms file. The results can be given in a summary or verbose form, or without any results printed at all...
realmctl
The realmctl command sends commands to dtrealms, the DNSSEC-Tools realms daemon. In most cases, dtrealms will send a response to realmctl. realmctl will print a...
realminit
realminit creates new realm entries for a realms file. dtrealms manages multiple distinct DNSSEC-Tools rollover environments running simultaneously. Each...
realmset
realmset modifies fields in the realm file specified by realm-file. Multiple options may be combined in a single realmset execution. realmset operates quietly...
rollchk
This script checks the rollrec file specified by rollrec-file for problems and inconsistencies.
rollctl
The rollctl command sends commands to the DNSSEC-Tools rollover daemon, rollerd. Only one option may be specified on a command line. In most cases, rollerd will...
rollerd
The rollerd daemon manages key rollover for zones. rollerd is just a scheduler for zone rollover; it uses zonesigner to perform the actual key generation, zone...
rollinit
rollinit creates new rollrec entries for a rollrec file. This rollrec file will be used by rollerd to manage key rollover for the named zones. The newly...
rolllog
The rolllog program writes log messages to the DNSSEC rollover log file. rolllog does not actually write the messages itself; rather, it sends them to the...
rollrec-editor
rollrec-editor provides the capability for easy GUI-based management of rollrec files. A rollrec file contains one or more rollrec records. These records are...
rollset
rollset modifies fields in the rollrec file specified by rollrec-file. Multiple options may be combined in a single rollset execution. rollset operates quietly...
signset-editor
signset-editor provides the capability for easy management of signing sets in a GUI. A signing set contains zero or more names of key keyrecs. These sets are...
tachk
tachk checks the validity of the trust anchors in the specified named.conf file. The output given depends on the options selected. Note: This script may be...
timetrans
timetrans converts time from one type of unit to another. If any of the units options are specified, then timetrans will convert those time units into the...
trustman
trustman manages keys used by DNSSEC as trust anchors in compliance with RFC5011. It may be used as a daemon for ongoing key verification or manually for...
zonesigner
This script combines into a single command many actions that are required to sign a DNS zone. It generates the required KSK and ZSK keys, adds the key data to a...