trusty (8) pdnssec.8.gz

NAME

       pdnssec - PowerDNSSEC command and control

SYNOPSIS

       pdnssec [options] command

DESCRIPTION

       pdnssec  is  a  powerful  command  that  is the operator-friendly gateway into PowerDNSSEC configuration.
       Behind the scenes, pdnssec manipulates a PowerDNS backend  database,  which  also  means  that  for  many
       databases, pdnssec can be run remotely, and can configure key material on different servers.

OPTIONS

       A summary of options is included below.

       -h [ --help ]
              Show summary of options.

       -v [ --verbose ]
              Be more verbose.

       --force
              force an action

       --config-name arg
              Virtual configuration name

       --config-dir arg (=/etc/powerdns)
              Location of pdns.conf

       --commands arg
              Commands given as an argument

COMMANDS

       activate-zone-key ZONE KEY-ID
              Activate a key with id KEY-ID within a zone called ZONE.

       add-zone-key ZONE [zsk|ksk] [bits] [rsasha1|rsasha256|rsasha512|gost|ecdsa256|ecdsa384]
              Create a new key for zone ZONE, and make it a KSK or a ZSK, with the specified algorithm.

       check-zone ZONE
              Check a zone for correctness

       deactivate-zone-key ZONE KEY-ID
              Deactivate a key with id KEY-ID within a zone called ZONE.

       disable-dnssec ZONE
              Deactivate all keys and unset PRESIGNED in ZONE

       export-zone-dnskey ZONE KEY-ID
              Export to standard output DNSKEY and DS of key with key id KEY-ID within zone called ZONE.

       export-zone-key ZONE KEY-ID
              Export  to  standard  output  full  (private)  key with key id KEY-ID within zone called ZONE. The
              format used is compatible with BIND and NSD/LDNS.

       hash-zone-record ZONE RNAME
              This convenience command hashes the name 'recordname' according to the  NSEC3  settings  of  ZONE.
              Refuses to hash for zones with no NSEC3 settings.

       import-zone-key ZONE FILE [ksk|zsk]
              Import  from  'filename'  a full (private) key for zone called ZONE. The format used is compatible
              with BIND and NSD/LDNS. KSK or ZSK specifies the flags this key should have on import.

       rectify-zone ZONE
              Calculates the 'ordername' and 'auth' fields for a zone called ZONE so  they  comply  with  DNSSEC
              settings. Can be used to fix up migrated data. Can always safely be run, it does no harm.

       remove-zone-key ZONE KEY-ID
              Remove a key with id KEY-ID from a zone called ZONE.

       secure-zone ZONE
              Configures  a  zone  called ZONE with reasonable DNSSEC settings. You should manually run 'pdnssec
              rectify-zone' afterwards.

       set-nsec3 ZONE 'params' [narrow]
              Sets NSEC3 parameters for this zone. A sample commandline is: "pdnssec  set-nsec3  powerdnssec.org
              '1 1 1 ab' narrow". The NSEC3 parameters must be quoted on the command line.
              WARNING:
              If  running  in  RSASHA1  mode  (algorithm 5 or 7), switching from NSEC to NSEC3 will require a DS
              update at the parent zone!

       set-presigned ZONE
              Switches zone to presigned operation, utilizing in-zone RRSIGs.

       show-zone ZONE
              Shows all DNSSEC related settings of a zone called ZONE.

       unset-nsec3 ZONE
              Converts a zone to NSEC operations.
              WARNING:
              If running in RSASHA1 mode (algorithm 5 or 7), switching from NSEC to  NSEC3  will  require  a  DS
              update at the parent zone!

       unset-presigned ZONE
              Disables presigned operation for ZONE.

AUTHOR

       This manual page was written by Matthijs Möhlmann <matthijs@cacholong.nl> for the Debian Project (but may
       be used by others)

SEE ALSO

       pdns_server(8),pdns_control(8)