Provided by: dnssec-tools_2.0-1_all
keyarch - DNSSEC-Tools daemon to archive old KSK and ZSK keys
keyarch [options] <keyrec_file | rollrec_file>
The keyarch program archives old KSK and ZSK keys. Keys are considered old if they are revoked or obsolete. Keys marked as either kskrev or zskrev are revoked; keys marked as either kskobs or zskobs are obsolete. Archived keys are prefixed with the seconds-since- epoch as a means of distinguishing a zone's keys that have the same five digit number. If the required file argument is a keyrec file, then expired keys listed in that file are archived. If the file argument is a rollrec file, the keyrec files of the zones in that file are checked for expired keys. If the -zone option is given, then only revoked and obsolete keys belonging to the specified zone will be archived. The archive directory is either zone-specific (listed in the zone's keyrec record in the zone's keyrec file) or the default archive directory given in the DNSSEC-Tools configuration file. The count of archived keys is given as the program's exit code. Error exit codes are negative.
The following options are recognized: -zone zone_file Name of the zone whose KSKs will be archived. If this is not given, then all the zones defined in the rollrec file will be checked. -kskonly Only archive KSK keys. -zskonly Only archive ZSK keys. -dtconfig config_file Name of an alternate DNSSEC-Tools configuration file to be processed. If specified, this configuration file is used in place of the normal DNSSEC-Tools configuration file not in addition to it. Also, it will be handled prior to keyrec files, rollrec files, and command-line options. -quiet No output will be given. -verbose Verbose output will be given. -help Display a usage message. -Version Displays the version information for keyarch and the DNSSEC-Tools package.
On success, keyarch's exit code is the number of keys archived. keyarch has a 0 exit code if the help message is given. keyarch has a negative exit code if an error is encountered.
Copyright 2007-2013 SPARTA, Inc. All rights reserved. See the COPYING file included with the DNSSEC-Tools package for details.
Wayne Morrison, email@example.com
rollerd(8), zonesigner(8) Net::DNS::SEC::Tools::conf.pm(3), Net::DNS::SEC::Tools::dnssectools.pm(3), Net::DNS::SEC::Tools::defaults.pm(3), Net::DNS::SEC::Tools::keyrec.pm(3), Net::DNS::SEC::Tools::rollrec.pm(3) keyrec(5), rollrec(5)