GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages


Manual Reference Pages  -  PDNSSEC (1)

NAME

pdnssec - PowerDNSSEC command and control

CONTENTS

Synopsis
Description
Options
Commands
Author
See Also

SYNOPSIS

pdnssec [options] command

DESCRIPTION

pdnssec is a powerful command that is the operator-friendly gateway into PowerDNSSEC configuration. Behind the scenes, pdnssec manipulates a PowerDNS backend database, which also means that for many databases, pdnssec can be run remotely, and can configure key material on different servers.

OPTIONS

A summary of options is included below.
-h [ --help ]
  Show summary of options.
-v [ --verbose ]
  Be more verbose.
--force force an action
--config-name arg
  Virtual configuration name
--config-dir arg (\=/etc/powerdns)
  Location of pdns.conf
--commands arg
  Commands given as an argument

COMMANDS

activate-zone-key ZONE KEY-ID
  Activate a key with id KEY-ID within a zone called ZONE.
add-zone-key ZONE [zsk|ksk] [bits] [rsasha1|rsasha256|rsasha512|gost|ecdsa256|ecdsa384]
  Create a new key for zone ZONE, and make it a KSK or a ZSK, with the specified algorithm.
check-zone ZONE
  Check a zone for correctness
deactivate-zone-key ZONE KEY-ID
  Deactivate a key with id KEY-ID within a zone called ZONE.
disable-dnssec ZONE
  Deactivate all keys and unset PRESIGNED in ZONE
export-zone-dnskey ZONE KEY-ID
  Export to standard output DNSKEY and DS of key with key id KEY-ID within zone called ZONE.
export-zone-key ZONE KEY-ID
  Export to standard output full (private) key with key id KEY-ID within zone called ZONE. The format used is compatible with BIND and NSD/LDNS.
hash-zone-record ZONE RNAME
  This convenience command hashes the name ’recordname’ according to the NSEC3 settings of ZONE. Refuses to hash for zones with no NSEC3 settings.
import-zone-key ZONE FILE [ksk|zsk]
  Import from ’filename’ a full (private) key for zone called ZONE. The format used is compatible with BIND and NSD/LDNS. KSK or ZSK specifies the flags this key should have on import.
rectify-zone ZONE
  Calculates the ’ordername’ and ’auth’ fields for a zone called ZONE so they comply with DNSSEC settings. Can be used to fix up migrated data. Can always safely be run, it does no harm.
remove-zone-key ZONE KEY-ID
  Remove a key with id KEY-ID from a zone called ZONE.
secure-zone ZONE
  Configures a zone called ZONE with reasonable DNSSEC settings. You should manually run ’pdnssec rectify-zone’ afterwards.
set-nsec3 ZONE ’params’ [narrow]
  Sets NSEC3 parameters for this zone. A sample commandline is: "pdnssec set-nsec3 powerdnssec.org ’1 1 1 ab’ narrow". The NSEC3 parameters must be quoted on the command line.
WARNING:
If running in RSASHA1 mode (algorithm 5 or 7), switching from NSEC to NSEC3 will require a DS update at the parent zone!
set-presigned ZONE
  Switches zone to presigned operation, utilizing in-zone RRSIGs.
show-zone ZONE
  Shows all DNSSEC related settings of a zone called ZONE.
unset-nsec3 ZONE
  Converts a zone to NSEC operations.
WARNING:
If running in RSASHA1 mode (algorithm 5 or 7), switching from NSEC to NSEC3 will require a DS update at the parent zone!
unset-presigned ZONE
  Disables presigned operation for ZONE.

AUTHOR

This manual page was written by Matthijs Möhlmann <matthijs@cacholong.nl> for the Debian Project (but may be used by others)

SEE ALSO

pdns_server(8), pdns_control(8)
Search for    or go to Top of page |  Section 1 |  Main Index


PowerDNS PDNSSEC (8) November 2011

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.