xenial (1) lsdnssec.1p.gz

Provided by: dnssec-tools_2.2-2_all bug

NAME
       lsdnssec - List DNSSEC components of zones from files or directories


SYNOPSIS
         lsdnssec [-d 1-9] [OPTIONS] [FILES OR DIRECTORIES...]


DESCRIPTION
       The lsdnssec program summarizes information about DNSSEC-related files.  These files may be specified on
       the command line or found in directories that were given on the command line.  The -d flag controls the
       amount of detail in the lsdnssec output.

       lsdnssec displays the following information about each zone for which it collects information:

       keys
           Key information is shown about the keys currently in use.  A bar graph is included that shows the age
           of the key with respect to the configured expected key lifetime.

           This information is collected from any .krf files lsdnssec finds.

       rolling status
           If any zone keys are being rolled via rollerd, then the status of the rolling state is shown.  The
           time needed to reach the next state is also displayed.

           This information is collected from any .rollrec or .rrf files found by lsdnssec.


OPTIONS
       -z ZONENAME1[,ZONENAME2]
       --zone=ZONENAME1[,ZONENAME2]
           Only prints information about the named zone(s).

       -p NUMBER
       --phase=NUMBER
           Only prints information about zones currently being rolled by rollerd and where either a zsk or a ksk
           rollover is taking place and is in phase NUMBER.

           If the phase NUMBER is specified as 0, then any zone in any rolling phase will be printed (but not
           zones that aren't being rolled at all).

           This flag is especially useful to find all of your zones that are currently in KSK rolling phase 6,
           which requires operator intervention to propagate the new DS records into the parent zone.

       -r
       --roll-status
           Show only rolling information from the rollrec files.  By default both roll-state and key information
           is shown.

       -k
       --key-data
           Show only keying information from the krf files.  By default both roll-state and key information is
           shown.

       -K
       --key-gen-time
           Normally rollerd calculates the age of a key based on the last time a key was rolled.  However, it's
           also possible to calculate the age of a key based on the difference between the time of execution and
           when the key was created (which was typically before the rolling began).  The -K flag switches to
           this second mode of key age calculation (which will not match how rollerd actually performs).

       -M
       --monitor
           The -M flag gives an abbreviated version of lsdnssec output that is intended for use by monitoring
           systems.  It displays the zone name, the rollover phase, and the time remaining in that phase.  This
           option implicitly sets the -r flag on and sets the detail level to 1.

       -d 1-9
       --detail 1-9
           Controls the amount of information shown in the output.  A level of 9 shows everything; a level of 1
           shows a minimal amount.  The default level is 5.

       --debug
           Turns on extra debugging information.


       Copyright 2009-2014 SPARTA, Inc.  All rights reserved.  See the COPYING file included with the DNSSEC-
       Tools package for details.


AUTHOR
       Wes Hardaker <hardaker AT AT AT users.sourceforge.net>


SEE ALSO
       lskrf(1)

       zonesigner(8), rollerd(8)