summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--examples/ldns-keyfetcher.121
-rw-r--r--examples/ldns-keyfetcher.c6
-rw-r--r--examples/ldns-keygen.120
-rw-r--r--examples/ldns-signzone.128
4 files changed, 61 insertions, 14 deletions
diff --git a/examples/ldns-keyfetcher.1 b/examples/ldns-keyfetcher.1
index 9708261c..753d4989 100644
--- a/examples/ldns-keyfetcher.1
+++ b/examples/ldns-keyfetcher.1
@@ -3,6 +3,9 @@
ldns-keyfetcher \- retrieve the DNSSEC DNSKEYs for a zone
.SH SYNOPSIS
.B ldns-keyfetcher
+[
+.IR OPTIONS
+]
.IR DOMAIN
.SH DESCRIPTION
@@ -15,6 +18,19 @@ the key resource record set is printed.
.SH OPTIONS
+\fB-4\f \fI\fR
+Only use IPv4
+
+\fB-6\f \fI\fR
+Only use IPv6
+
+\fB-h\f \fI\fR
+Show a help text and exit
+
+\fB-i\fR
+Insecurer mode; there will only be one query for the DNSKEYS. There will not
+be crosschecking of all authoritative nameservers.
+
\fB-v\f \fIverbosity\fR
Set the verbosity level. The following levels are available:
@@ -31,6 +47,11 @@ Use file as the root hints file, should contain A records in presentation
format. The default is /etc/named.root. You can get this file from
http://www.internic.net/zones/named.root.
+\fB-s\f \fI\fR
+Don't print the keys to stdout, but store them in files.
+
+The filenames will be of the format K<file>.+<alg>.+<keytag>.key
+
.SH AUTHOR
Written by Jelte Jansen for NLnet Labs.
diff --git a/examples/ldns-keyfetcher.c b/examples/ldns-keyfetcher.c
index 94f02166..2fb8ed30 100644
--- a/examples/ldns-keyfetcher.c
+++ b/examples/ldns-keyfetcher.c
@@ -24,10 +24,10 @@ usage(FILE *fp, char *prog) {
fprintf(fp, "-4\t\tUse IPv4 only\n");
fprintf(fp, "-6\t\tUse IPv6 only\n");
fprintf(fp, "-h\t\tShow this help\n");
+ fprintf(fp, "-i\t\tInsecurer mode; don't do checks, just query for the keys\n");
fprintf(fp, "-r <file>\tUse file to read root hints from\n");
fprintf(fp, "-s\t\tDon't print the keys but store them in files\n\t\tcalled K<file>.+<alg>.+<keytag>.key\n");
fprintf(fp, "-v <int>\tVerbosity level (0-5, not verbose-very verbose)\n");
- fprintf(fp, "-i\tInsecurer mode; don't do checks, just query for the keys\n");
}
ldns_rr_list *
@@ -597,6 +597,8 @@ main(int argc, char *argv[])
} else if (strncmp("-h", argv[i], 3) == 0) {
usage(stdout, argv[0]);
exit(EXIT_SUCCESS);
+ } else if (strncmp("-i", argv[i], 2) == 0) {
+ insecure = true;
} else if (strncmp("-r", argv[i], 2) == 0) {
if (strlen(argv[i]) > 2) {
root_file = argv[i]+2;
@@ -619,8 +621,6 @@ main(int argc, char *argv[])
verbosity = atoi(argv[i+1]);
i++;
}
- } else if (strncmp("-i", argv[i], 2) == 0) {
- insecure = true;
} else {
/* create a rdf from the command line arg */
if (domain) {
diff --git a/examples/ldns-keygen.1 b/examples/ldns-keygen.1
index 343f5900..080361a5 100644
--- a/examples/ldns-keygen.1
+++ b/examples/ldns-keygen.1
@@ -1,6 +1,6 @@
.TH ldns-keygen 1 "30 May 2005"
.SH NAME
-ldns-keygen \- generate a keypair and print out the public part as a DNSKEY RR
+ldns-keygen \- generate a DNSSEC key pair
.SH SYNOPSIS
.B ldns-keygen
[
@@ -9,36 +9,40 @@ ldns-keygen \- generate a keypair and print out the public part as a DNSKEY RR
.IR DOMAIN
.SH DESCRIPTION
-\fBldns-keygen\fR is used to generate a private/public keypair. When run it
+\fBldns-keygen\fR is used to generate a private/public keypair. When run, it
will create 3 files; a .key file with the public DNSKEY, a .private
file with the private keydata and a .ds with the DS record of the
DNSKEY record.
-It prints out the basename for all these files: (K<name>+<alg>+<id>
+It prints out the basename for these files: K<name>+<alg>+<id>
.SH OPTIONS
.TP
-\fBR\fR
+\fB-R\fR
Generate a RSA key.
.TP
-\fBD\fR
+\fB-D\fR
Generate a DSA key.
.TP
-\fBk\fR
+\fB-k\fR
When given generate a key signing key. This just sets the flag field to
257 instead of 256.
.TP
-\fBb \fIbits\fR
+\fB-b \fIbits\fR
Use this many bits for the key length.
.TP
-\fbr \fdevice\fR
+\fb-r \fIdevice\fR
Make ldns-keygen use this file for its random data. This will default
to /dev/random.
+.TP
+\fb-v\fR
+Show the version and exit
+
.SH AUTHOR
Written by the ldns team as an example for ldns usage.
diff --git a/examples/ldns-signzone.1 b/examples/ldns-signzone.1
index 67cfeb62..1671b860 100644
--- a/examples/ldns-signzone.1
+++ b/examples/ldns-signzone.1
@@ -4,7 +4,7 @@ ldns-signzone \- sign a zonefile with DNSSEC data
.SH SYNOPSIS
.B ldns-signzone
[
-.IR OPTION
+.IR OPTIONS
]
.IR ZONEFILE
.IR
@@ -31,18 +31,40 @@ Set expiration date of the signatures to this date, the format can be
YYYYMMDD[hhmmss], or a timestamp.
.TP
+\fB-f\f \fIfile\fR
+Use this file to store the signed zone in (default <originalfile>.signed)
+
+.TP
\fB-i\f \fIdate\fR
Set inception date of the signatures to this date, the format can be
YYYYMMDD[hhmmss], or a timestamp.
.TP
-\fB-f\f \fIfile\fR
-Use this file to store the signed zone in (default <originalfile>.signed)
+\fB-l\fR
+Leave old DNSSEC RRSIGS and NSEC records intact (by default, they are removed from the zone)
.TP
\fB-o\f \fIorigin\fR
Use this as the origin of the zone, if it cannot be read from the zonefile
+.TP
+\fB-v\fR
+Print the version and exit
+
+.TP
+\fB-E\f \fIname\fR
+Use the EVP cryptographic engine with the given name for signing. This can have some extra options; see ENGINE OPTIONS for more information.
+
+
+.TP
+\fB-k\f \fIid,int\fR
+Use the key with the given id as the signing key for algorithm int as a Zone signing key.
+
+.TP
+\fB-K\f \fIid,int\fR
+Use the key with the given id as the signing key for algorithm int as a Key signing key.
+
+
.SH AUTHOR
Written by the ldns team as an example for ldns usage.