Provided by: dnssec-tools_1.11-1_all
cleankrf - Clean a DNSSEC-Tools keyrec files of old data
cleankrf [options] <keyrec-files>
cleankrf cleans old data out of a set of DNSSEC-Tools keyrec files. The old data are obsolete signing sets, orphaned keys, and obsolete keys. Obsolete signing sets are set keyrecs unreferenced by a zone keyrec. Revoked signing sets are considered obsolete by cleankrf. Orphaned keys are KSK and ZSK key keyrecs unreferenced by a set keyrec. Obsolete keys are key keyrecs with a keyrec_type of kskobs or zskobs. cleankrf's exit code is the count of orphaned and obsolete keyrecs found.
-count Display a final count of old keyrecs found in the keyrec files. This option allows the count to be displayed even if the -quiet option is given. -list The key keyrecs are checked for old keyrecs, but they are not removed from the keyrec file. The names of the old keyrecs are displayed. -rm Delete the key files, both .key and .private, from orphaned and expired keyrecs. -quiet Display no output. -verbose Display output about referenced keys and unreferenced keys. -Version Displays the version information for cleankrf and the DNSSEC-Tools package. -help Display a usage message.
Copyright 2004-2011 SPARTA, Inc. All rights reserved. See the COPYING file included with the DNSSEC-Tools package for details.
Wayne Morrison, email@example.com
fixkrf(8), lskrf(8), zonesigner(8) Net::DNS::SEC::Tools::keyrec.pm(3) file-keyrec.pm(5)