xenial (1) getds.1p.gz

Provided by: dnssec-tools_2.2-2_all bug

NAME

       getds - Create a DS record from DNSKEYing information

SYNOPSIS

         getds <domain>

DESCRIPTION

       getds will create a DS record from DNSKEYs for the specified DNS domain.  It does this by converting
       DNSKEYs to DS records using the specified hashing algorithm.  The results can then be passed to upstream
       DNSSEC-supporting parents or to DLV registries.

       getds will also pull the parent's published DS records and compare them against the existing keys.  It
       will then list any DS records not published in the parent, as well as any DS records that are published
       in the parent but which don't match an existing key.

OPTIONS

       getds takes the following options:

       -a ALGORITHMS
       --hash-algorithm algorithm ALGORITHMS
           This option specifies the hash algorithm to use when converting DNSKEYs to DS records.  It may be a
           comma-separated list if multiple algorithms are desired.  The algorithms to choose from may be either
           SHA256 or SHA1.

           The default is SHA256,SHA1

       -f KEYFILE
       --read-key-file KEYFILE
           This option specifies a file with a DNSKEY stored in it (such as created by bind's dnssec-keygen
           program).  This is helpful for comparing a known good key file against something that is actually
           published.

       -z
       --print-zsks
           This option causes getds to print ZSK DS records, as well as KSK records.

       -p
       --dont-check-parent
           Instructs getds to not check the records in the parent for their published DS records.

       -q
       --quiet
           Produces quiet output with no explanatory headers.  In other words, it only prints the DS records
           generated from the DNSKEYs.

           Note: Running with -q implies -p.

SECURITY CONSIDERATIONS

       By default, getds pulls data from the live DNS.  If your DNS resolver isn't configured so that this is
       pulled securely, then the results can't be trusted.

       Copyright 2008-2014 SPARTA, Inc.  All rights reserved.  See the COPYING file included with the DNSSEC-
       Tools package for details.

AUTHOR

       Wes Hardaker, hardaker AT AT AT users.sourceforge.net