NAME

       lsdnssec - List DNSSEC components of zones from files or directories

SYNOPSIS

         lsdnssec [-d 1-9] [OPTIONS] [FILES OR DIRECTORIES...]

DESCRIPTION

       The lsdnssec program summarizes information about DNSSEC-related files.  These files may
       be specified on the command line or found in directories that were given on the command
       line.  The -d flag controls the amount of detail in the lsdnssec output.

       lsdnssec displays the following information about each zone for which it collects
       information:

       keys
           Key information is shown about the keys currently in use.  A bar graph is included
           that shows the age of the key with respect to the configured expected key lifetime.

           This information is collected from any .krf files lsdnssec finds.

       rolling status
           If any zone keys are being rolled via rollerd, then the status of the rolling state is
           shown.  The time needed to reach the next state is also displayed.

           This information is collected from any .rollrec or .rrf files found by lsdnssec.

OPTIONS

       -z ZONENAME1[,ZONENAME2]
       --zone=ZONENAME1[,ZONENAME2]
           Only prints information about the named zone(s).

       -p NUMBER
       --phase=NUMBER
           Only prints information about zones currently being rolled by rollerd and where either
           a zsk or a ksk rollover is taking place and is in phase NUMBER.

           If the phase NUMBER is specified as 0, then any zone in any rolling phase will be
           printed (but not zones that aren't being rolled at all).

           This flag is especially useful to find all of your zones that are currently in KSK
           rolling phase 6, which requires operator intervention to propagate the new DS records
           into the parent zone.

       -r
       --roll-status
           Show only rolling information from the rollrec files.  By default both roll-state and
           key information is shown.

       -k
       --key-data
           Show only keying information from the krf files.  By default both roll-state and key
           information is shown.

       -K
       --key-gen-time
           Normally rollerd calculates the age of a key based on the last time a key was rolled.
           However, it's also possible to calculate the age of a key based on the difference
           between the time of execution and when the key was created (which was typically before
           the rolling began).  The -K flag switches to this second mode of key age calculation
           (which will not match how rollerd actually performs).

       -M
       --monitor
           The -M flag gives an abbreviated version of lsdnssec output that is intended for use
           by monitoring systems.  It displays the zone name, the rollover phase, and the time
           remaining in that phase.  This option implicitly sets the -r flag on and sets the
           detail level to 1.

       -d 1-9
       --detail 1-9
           Controls the amount of information shown in the output.  A level of 9 shows
           everything; a level of 1 shows a minimal amount.  The default level is 5.

       --debug
           Turns on extra debugging information.

COPYRIGHT

       Copyright 2009-2014 SPARTA, Inc.  All rights reserved.  See the COPYING file included with
       the DNSSEC-Tools package for details.

AUTHOR

       Wes Hardaker <hardaker AT AT AT users.sourceforge.net>

SEE ALSO

       lskrf(1)

       zonesigner(8), rollerd(8)