xenial (1) ldns-verify-zone.1.gz

Provided by: ldnsutils_1.6.17-8ubuntu0.1_amd64 bug

NAME
       ldns-verify-zone - read a DNSSEC signed zone and verify it.


SYNOPSIS
       ldns-verify-zone ZONEFILE


DESCRIPTION
       ldns-verify-zone reads a DNS zone file and verifies it.

       RRSIG resource records are checked against the DNSKEY set at the zone apex.

       Each name is checked for an NSEC(3), if appropriate.


OPTIONS
       -h     Show usage and exit

       -a     Apex only, check only the zone apex

       -e period
              Signatures may not expire within this period.  Default no period is used.

       -i period
              Signatures must have been valid at least this long.  Default signatures should just be valid now.

       -k file
              A file that contains a trusted DNSKEY or DS rr.  This option may be given more than once.

              Alternatively,  if  -k is not specified, and a default trust anchor (/etc/unbound/root.key) exists
              and contains a valid DNSKEY or DS record, it will be used as the trust anchor.

       -p [0-100]
              Only check this percentage of the zone.  Which names to check is determined randomly.  Defaults to
              100.

       -S     Chase  signature(s)  to  a known key.  The network may be accessed to validate the zone's DNSKEYs.
              (implies -k)

       -t YYYYMMDDhhmmss | [+|-]offset
              Set the validation time either by an absolute time value or as  an  offset  in  seconds  from  the
              current time.

       -v     Show the version and exit

       -V number
              Set the verbosity level (default 3):

               0: Be silent
               1: Print result, and any errors
               2: Same as 1 for now
               3: Print result, any errors, and the names that are
                  being checked
               4: Same as 3 for now
               5: Print the zone after it has been read, the result,
                  any errors, and the names that are being checked

       periods are given in ISO 8601 duration format:
              P[n]Y[n]M[n]DT[n]H[n]M[n]S

       If no file is given standard input is read.


FILES
       /etc/unbound/root.key
              The file from which trusted keys are loaded for signature chasing, when no -k option is given.


SEE ALSO
       unbound-anchor(8)


AUTHOR
       Written by the ldns team as an example for ldns usage.


REPORTING BUGS
       Report bugs to <ldns-team@nlnetlabs.nl>.


       Copyright  (C) 2008 NLnet Labs. This is free software. There is NO warranty; not even for MERCHANTABILITY
       or FITNESS FOR A PARTICULAR PURPOSE.

                                                   27 May 2008                                ldns-verifyzone(1)