Provided by: pdns-server_3.0-1.1ubuntu1_amd64 bug

NAME

       pdnssec - PowerDNSSEC command and control

SYNOPSIS

       pdnssec [options] command

DESCRIPTION

       pdnssec  is  a  powerful  command  that  is the operator-friendly gateway into PowerDNSSEC
       configuration. Behind the scenes, pdnssec manipulates a PowerDNS backend  database,  which
       also  means  that  for  many databases, pdnssec can be run remotely, and can configure key
       material on different servers.

OPTIONS

       A summary of options is included below.

       -h [ --help ]
              Show summary of options.

       -v [ --verbose ]
              Be more verbose.

       --force
              force an action

       --config-name arg
              Virtual configuration name

       --config-dir arg (=/etc/powerdns)
              Location of pdns.conf

       --commands arg
              Commands given as an argument

COMMANDS

       activate-zone-key ZONE KEY-ID
              Activate a key with id KEY-ID within a zone called ZONE.

       add-zone-key ZONE [zsk|ksk] [bits] [rsasha1|rsasha256|rsasha512|gost|ecdsa256|ecdsa384]
              Create a new key for zone ZONE, and make it a KSK or  a  ZSK,  with  the  specified
              algorithm.

       check-zone ZONE
              Check a zone for correctness

       deactivate-zone-key ZONE KEY-ID
              Deactivate a key with id KEY-ID within a zone called ZONE.

       disable-dnssec ZONE
              Deactivate all keys and unset PRESIGNED in ZONE

       export-zone-dnskey ZONE KEY-ID
              Export  to  standard  output  DNSKEY  and  DS of key with key id KEY-ID within zone
              called ZONE.

       export-zone-key ZONE KEY-ID
              Export to standard output full (private) key with key id KEY-ID within zone  called
              ZONE. The format used is compatible with BIND and NSD/LDNS.

       hash-zone-record ZONE RNAME
              This  convenience  command  hashes  the  name  'recordname'  according to the NSEC3
              settings of ZONE. Refuses to hash for zones with no NSEC3 settings.

       import-zone-key ZONE FILE [ksk|zsk]
              Import from 'filename' a full (private) key for zone called ZONE. The  format  used
              is  compatible  with  BIND  and  NSD/LDNS.  KSK or ZSK specifies the flags this key
              should have on import.

       rectify-zone ZONE
              Calculates the 'ordername' and 'auth' fields for a zone called ZONE so they  comply
              with  DNSSEC  settings.  Can  be used to fix up migrated data. Can always safely be
              run, it does no harm.

       remove-zone-key ZONE KEY-ID
              Remove a key with id KEY-ID from a zone called ZONE.

       secure-zone ZONE
              Configures a zone called ZONE with reasonable DNSSEC settings. You should  manually
              run 'pdnssec rectify-zone' afterwards.

       set-nsec3 ZONE 'params' [narrow]
              Sets  NSEC3  parameters  for this zone. A sample commandline is: "pdnssec set-nsec3
              powerdnssec.org '1 1 1 ab' narrow". The NSEC3 parameters  must  be  quoted  on  the
              command line.
              WARNING:
              If  running  in  RSASHA1 mode (algorithm 5 or 7), switching from NSEC to NSEC3 will
              require a DS update at the parent zone!

       set-presigned ZONE
              Switches zone to presigned operation, utilizing in-zone RRSIGs.

       show-zone ZONE
              Shows all DNSSEC related settings of a zone called ZONE.

       unset-nsec3 ZONE
              Converts a zone to NSEC operations.
              WARNING:
              If running in RSASHA1 mode (algorithm 5 or 7), switching from NSEC  to  NSEC3  will
              require a DS update at the parent zone!

       unset-presigned ZONE
              Disables presigned operation for ZONE.

AUTHOR

       This  manual  page was written by Matthijs Möhlmann <matthijs@cacholong.nl> for the Debian
       Project (but may be used by others)

SEE ALSO

       pdns_server(8),pdns_control(8)