|-V view, --view=view|
|Try to read the default configuration out of a file named dnssec-<view>.conf . Instead of specifying the -V or --view option every time, it is also possible to create a hard or softlink to the executable file to give it an additional name like zkt-ls-<view> .|
|-c file, --config=file|
|Read default values from the specified config file. Otherwise the default config file is read or build in defaults will be used.|
|-O optstr, --config-option=optstr|
|Set any config file option via the commandline. Several config file options could be specified at the argument string but have to be delimited by semicolon (or newline).|
|-l list, --label=list|
|Print out information solely about domains given in the comma or space separated list. Take care of, that every domain name has a trailing dot.|
|Skip directory arguments. This will be useful in combination with wildcard arguments to prevent dnsssec-zkt to list all keys found in subdirectories. For example "zkt-ls -d *" will print out a list of all keys only found in the current directory. Maybe it is easier to use "zkt-ls ." instead (without -r set). The option works similar to the -d option of ls(1) .|
|Print out the domain name left justified.|
|Select and print key signing keys only (default depends on command mode).|
|Select and print zone signing keys only (default depends on command mode).|
Recursive mode (default is off).
Also settable in the dnssec.conf file (Parameter: Recursive).
|Print pathname in listing mode. In -C mode, dont create the new key in the same directory as (already existing) keys with the same label.|
Print age of key in weeks, days, hours, minutes and seconds (default is off).
Also settable in the dnssec.conf file (Parameter: PrintAge).
|Print the key lifetime.|
|Print the key expiration time.|
Print the key generation time (default is on).
Also settable in the dnssec.conf file (Parameter: PrintTime).
No header or trusted-key resp. managed-key section header and trailer in -T or -M mode.
-H, --help Print out the online help. -T, --list-trustedkeys List all key signing keys as a named.conf trusted-key section. Use -h to supress the section header/trailer. -K, --list-dnskeys List the public part of all the keys in DNSKEY resource record format. Use -h to suppress comment lines.
zkt-ls -r . Print out a list of all zone keys found below the current directory. zkt-ls -Z -c Print out the compiled in default parameters. zkt-ls -T ./zonedir/example.net Print out a trusted-key section containing the key signing keys of "example.net". zkt-ls --view intern Print out a list of all zone keys found below the directory where all the zones of view intern live. There should be a seperate dnssec config file dnssec-intern.conf with a directory option to take affect of this. zkt-ls-intern Same as above. The binary file zkt-ls has another link, named zkt-ls-intern made, and zkt-ls examines argv to find a view whose zones it proceeds to process.
ZKT_CONFFILE Specifies the name of the default global configuration files.
/etc/namedb/dnssec.conf Built-in default global configuration file. The name of the default global config file is settable via the environment variable ZKT_CONFFILE. /etc/namedb/dnssec-<view>.conf View specific global configuration file. ./dnssec.conf Local configuration file (only used in -C mode).
Some of the general options will not be meaningful in all of the command modes.
The option -l and the ksk rollover options insist on domain names ending with a dot.
Copyright (c) 2005 - 2010 by Holger Zuleger. Licensed under the BSD Licences. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
dnssec-keygen(8), dnssec-signzone(8), rndc(8), named.conf(5), zkt-conf(8), zkt-keyman(8), zkt-signer(8)
RFC4641 "DNSSEC Operational Practices" by Miek Gieben and Olaf Kolkman,
DNSSEC HOWTO Tutorial by Olaf Kolkman, RIPE NCC
|ZKT 1.0||ZKT-LS (8)||February 25, 2010|