zkt-conf(8)zkt-conf(8)NAMEzkt-conf — Secure DNS zone key config tool
SYNOPSYSzkt-conf [-V name] [-w] -d [-O optstr]
zkt-conf [-V name] [-w] [-s] [-c file] [-O optstr]
zkt-conf [-V name] [-w] -l [-a] [-c file] [-O optstr]
zkt-conf [-c file] [-w] zonefile
DESCRIPTION
The zkt-conf command helps to create and show a config file for use by
the Zone Key Tool commands, which are currently zkt-ls(8) , zkt-
keyman(8) , and zkt-signer(8).
In general, the ZKT commands uses up to three consequitive sources for
config parameter settings:
a) The build-in default parameters
b) The side wide config file or the file specified with option
-c overloads the built-in vars. The file is
/etc/namedb/dnssec.conf or the one set by the environment
variable ZKT_CONFFILE.
c) The local config file dnssec.conf in the current zone
directory also overloads the parameter read so far.
Because of the overload feature, none of the config files has to have a
complete parameter set. Typically the local config file will have only
those parameters which are different from the global or built-in ones.
The default operation of zkt-conf(8) is to print the site wide config
file (same as option -s). Option -d will print out the built-in
defaults while -l print those local parameters which are different to
the global ones. In the last case -a gives the fully (--all) parameter
list.
In all forms of the command, the parameters are changeable via option
-O (--config-option).
With option -w (--write) the confg parameters are written back to the
config file. This is useful in case of an ZKT upgrade or if one or
more parameters are changed by option -O.
Option -t checks some of the parameter for reasonable values.
Which config file is shown (or modified or checked) is determined by an
option. -d means the built-in defaults, option -l is for the local
config file and -s specifies the site wide config file. Option -s is
the default.
In the last form of the command, the maximum TTL value of all the
resource records of zonefile is calculated and print on stdout.
Additional, the zonefile is checked if the key database (dnskey.db) is
included in the zone file. If option -w is set, than the INCLUDE
directive will be added to the zone file if necessary, and the maximum
ttl value is written to a local config file.
COMMAND OPTIONS-h, --help
Print out the online help.
-d, --built-in-defaults
List all the built-in default parameter.
-s, --sitecfg
List all site wide config parameter (this is the default).
-l, --localcfg
List local config parameter which are different to the site wide
config parameter. With otion -a (--all) all config parameters
will be shown.
OPTIONS-V view, --view=view
Try to read the default configuration out of a file named
dnssec-<view>.conf . Instead of specifying the -V or --view
option every time, it is also possible to create a hard or
softlink to the executable file and name it like zkt-conf-<view>
.
-c file, --config=file
Read all parameter from the specified config file. Otherwise
the default config file is read or build in defaults will be
used.
-O optstr, --config-option=optstr
Set any config file parameter via the commandline. Several
config file options could be specified at the argument string
but have to be delimited by semicolon (or newline).
-a, --all
In case of showing the local config file parameter (-l) this
prints all parameter, not just the ones different to the site
wide or built-in defaults.
SAMPLE USAGEzkt-conf-d
Print the built-in default config pars.
zkt-conf-d -w
Write all the built-in defaults into the site wide config file.
zkt-conf-s -O "SerialFormat: Incremental; Zonedir: /etc/namedb/zones"
-w
Change two parameters in the site wide dnssec.conf file.
zkt-conf-w zone.db
Add $INCLUDE dnskey.db to the zone file and set the maximum ttl
paramter in the local config file to the maximum ttl fond in any
RR of zone.db.
ENVIRONMENT VARIABLES
ZKT_CONFFILE
Specifies the name of the default global configuration files.
FILES
/etc/namedb/dnssec.conf
Default global configuration file. The name of the default
global config file is settable via the environment variable
ZKT_CONFFILE.
/etc/namedb/dnssec-<view>.conf
View specific global configuration file.
./dnssec.conf
Local configuration file (additionally used in -l mode).
AUTHORS
Holger Zuleger
COPYRIGHT
Copyright (c) 2005 - 2010 by Holger Zuleger. Licensed under the BSD
Licences. There is NO warranty; not even for MERCHANTABILITY or FITNESS
FOR A PARTICULAR PURPOSE.
SEE ALSOdnssec-keygen(8), dnssec-signzone(8), rndc(8), named.conf(5), zkt-
signer(8), zkt-ls(8), zkt-keyman(8),
RFC4641 "DNSSEC Operational Practices" by Miek Gieben and Olaf Kolkman,
DNSSEC HOWTO Tutorial by Olaf Kolkman, RIPE NCC
(http://www.nlnetlabs.nl/dnssec_howto/)
ZKT 1.0 February 22, 2010 zkt-conf(8)
