ISC BIND version 9.2.2rc1

1 files changed, 112 insertions, 0 deletions

diff --git a/usr.sbin/bind/bin/dnssec/dnssec-makekeyset.8 b/usr.sbin/bind/bin/dnssec/dnssec-makekeyset.8
new file mode 100644
index 00000000000..85639c10da5
--- /dev/null
+++ b/usr.sbin/bind/bin/dnssec/dnssec-makekeyset.8
@@ -0,0 +1,112 @@
+.\"
+.\" Copyright (C) 2000, 2001  Internet Software Consortium.
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
+.\" DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
+.\" INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
+.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
+.\" FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
+.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
+.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.TH "DNSSEC-MAKEKEYSET" "8" "June 30, 2000" "BIND9" ""
+.SH NAME
+dnssec-makekeyset \- DNSSEC zone signing tool
+.SH SYNOPSIS
+.sp
+\fBdnssec-makekeyset\fR [ \fB-a\fR ]  [ \fB-s \fIstart-time\fB\fR ]  [ \fB-e \fIend-time\fB\fR ]  [ \fB-h\fR ]  [ \fB-p\fR ]  [ \fB-r \fIrandomdev\fB\fR ]  [ \fB-t\fIttl\fB\fR ]  [ \fB-v \fIlevel\fB\fR ]  \fBkey\fR\fI...\fR
+.SH "DESCRIPTION"
+.PP
+\fBdnssec-makekeyset\fR generates a key set from one
+or more keys created by \fBdnssec-keygen\fR. It creates
+a file containing a KEY record for each key, and self-signs the key
+set with each zone key. The output file is of the form
+\fIkeyset-nnnn.\fR, where \fInnnn\fR
+is the zone name.
+.SH "OPTIONS"
+.TP
+\fB-a\fR
+Verify all generated signatures.
+.TP
+\fB-s \fIstart-time\fB\fR
+Specify the date and time when the generated SIG records
+become valid. This can be either an absolute or relative
+time. An absolute start time is indicated by a number
+in YYYYMMDDHHMMSS notation; 20000530144500 denotes
+14:45:00 UTC on May 30th, 2000. A relative start time is
+indicated by +N, which is N seconds from the current time.
+If no \fBstart-time\fR is specified, the current
+time is used.
+.TP
+\fB-e \fIend-time\fB\fR
+Specify the date and time when the generated SIG records
+expire. As with \fBstart-time\fR, an absolute
+time is indicated in YYYYMMDDHHMMSS notation. A time relative
+to the start time is indicated with +N, which is N seconds from
+the start time. A time realtive to the current time is
+indicated with now+N. If no \fBend-time\fR is
+specified, 30 days from the start time is used as a default.
+.TP
+\fB-h\fR
+Prints a short summary of the options and arguments to
+\fBdnssec-makekeyset\fR.
+.TP
+\fB-p\fR
+Use pseudo-random data when signing the zone. This is faster,
+but less secure, than using real random data. This option
+may be useful when signing large zones or when the entropy
+source is limited.
+.TP
+\fB-r \fIrandomdev\fB\fR
+Specifies the source of randomness. If the operating
+system does not provide a \fI/dev/random\fR
+or equivalent device, the default source of randomness
+is keyboard input. \fIrandomdev\fR specifies
+the name of a character device or file containing random
+data to be used instead of the default. The special value
+\fIkeyboard\fR indicates that keyboard
+input should be used.
+.TP
+\fB-t \fIttl\fB\fR
+Specify the TTL (time to live) of the KEY and SIG records.
+The default is 3600 seconds.
+.TP
+\fB-v \fIlevel\fB\fR
+Sets the debugging level.
+.TP
+\fBkey\fR
+The list of keys to be included in the keyset file. These keys
+are expressed in the form \fIKnnnn.+aaa+iiiii\fR
+as generated by \fBdnssec-keygen\fR.
+.SH "EXAMPLE"
+.PP
+The following command generates a keyset containing the DSA key for
+\fBexample.com\fR generated in the
+\fBdnssec-keygen\fR man page.
+.PP
+\fBdnssec-makekeyset -t 86400 -s 20000701120000 -e +2592000 Kexample.com.+003+26160\fR
+.PP
+In this example, \fBdnssec-makekeyset\fR creates
+the file \fIkeyset-example.com.\fR. This file
+contains the specified key and a self-generated signature.
+.PP
+The DNS administrator for \fBexample.com\fR could
+send \fIkeyset-example.com.\fR to the DNS
+administrator for \fB.com\fR for signing, if the
+\&.com zone is DNSSEC-aware and the administrators of the two zones
+have some mechanism for authenticating each other and exchanging
+the keys and signatures securely.
+.SH "SEE ALSO"
+.PP
+\fBdnssec-keygen\fR(8),
+\fBdnssec-signkey\fR(8),
+\fIBIND 9 Administrator Reference Manual\fR,
+\fIRFC 2535\fR.
+.SH "AUTHOR"
+.PP
+Internet Software Consortium