Provided by: dnssec-tools_2.0-1_all 
NAME
cleankrf - Clean a DNSSEC-Tools keyrec files of old data
SYNOPSIS
cleankrf [options] <keyrec-files>
DESCRIPTION
cleankrf cleans old data out of a set of DNSSEC-Tools keyrec files. The old data are obsolete signing
sets, orphaned keys, and obsolete keys.
Obsolete signing sets are set keyrecs unreferenced by a zone keyrec. Revoked signing sets are considered
obsolete by cleankrf.
Orphaned keys are KSK and ZSK key keyrecs unreferenced by a set keyrec.
Obsolete keys are key keyrecs with a keyrec_type of kskobs or zskobs.
cleankrf's exit code is the count of orphaned and obsolete keyrecs found.
OPTIONS
-count
Display a final count of old keyrecs found in the keyrec files. This option allows the count to be
displayed even if the -quiet option is given.
-list
The key keyrecs are checked for old keyrecs, but they are not removed from the keyrec file. The
names of the old keyrecs are displayed.
-rm Delete the key files, both .key and .private, from orphaned and expired keyrecs.
-quiet
Display no output.
-verbose
Display output about referenced keys and unreferenced keys.
-Version
Displays the version information for cleankrf and the DNSSEC-Tools package.
-help
Display a usage message.
COPYRIGHT
Copyright 2004-2013 SPARTA, Inc. All rights reserved. See the COPYING file included with the DNSSEC-
Tools package for details.
AUTHOR
Wayne Morrison, tewok@tislabs.com
SEE ALSO
fixkrf(8), lskrf(8), zonesigner(8)
Net::DNS::SEC::Tools::keyrec.pm(3)
file-keyrec.pm(5)
perl v5.14.2 2013-02-15 CLEANKRF(1p)