FreeBSD Manual Pages
zkt-ls(8) zkt-ls(8) NAME zkt-ls -- list dnskeys SYNOPSYS zkt-ls -H zkt-ls [-V|--view view] [-c file] [-l list] [-adefhkLprtz] [{keyfile|dir} ...] zkt-ls -T [-V|--view view] [-c file] [-l list] [-dhrz] [{keyfile|dir} ...] zkt-ls --list-trustedkeys [-V|--view view] [-c file] [-l list] [-dhrz] [{keyfile|dir} ...] zkt-ls -M [-V|--view view] [-c file] [-l list] [-dhrz] [{keyfile|dir} ...] zkt-ls --list-managedkeys [-V|--view view] [-c file] [-l list] [-dhrz] [{keyfile|dir} ...] zkt-ls -K [-V|--view view] [-c file] [-l list] [-dhkrz] [{keyfile|dir} ...] zkt-ls --list-dnskeys [-V|--view view] [-c file] [-l list] [-dhkrz] [{keyfile|dir} ...] DESCRIPTION The zkt-ls command list all dnssec zone keys found in the given or predefined default directory. It is also possible to specify keyfiles (K*.key) as arguments. With option -r subdirectories will be searched recursively and all dnssec keys found are listed, sorted by domain name, key type and generation time. In that mode the use of option -p may be helpful to find the location of the keyfile in the directory tree. Other forms of the command, print out keys in a format suitable for a trusted- or managed-key section (-Tor-M) or as a DNSKEY (-K) resource record. GENERAL OPTIONS -V view, --view=view Try to read the default configuration out of a file named dnssec-<view>.conf . Instead of specifying the -V or --view option every time, it is also possible to create a hard or softlink to the executable file to give it an additional name like zkt-ls-<view> . -c file, --config=file Read default values from the specified config file. Otherwise the default config file is read or build in defaults will be used. -O optstr, --config-option=optstr Set any config file option via the commandline. Several config file options could be specified at the argument string but have to be delimited by semicolon (or newline). -l list, --label=list Print out information solely about domains given in the comma or space separated list. Take care of, that every domain name has a trailing dot. -d, --directory Skip directory arguments. This will be useful in combination with wildcard arguments to prevent dnsssec-zkt to list all keys found in subdirectories. For example "zkt-ls -d *" will print out a list of all keys only found in the current directory. Maybe it is easier to use "zkt-ls ." instead (without -r set). The option works similar to the -d option of ls(1). -L, --left-justify Print out the domain name left justified. -k, --ksk Select and print key signing keys only (default depends on command mode). -z, --zsk Select and print zone signing keys only (default depends on command mode). -r, --recursive Recursive mode (default is off). Also settable in the dnssec.conf file (Parameter: Recursive). -p, --path Print pathname in listing mode. In -C mode, don't create the new key in the same directory as (already existing) keys with the same label. -a, --age Print age of key in weeks, days, hours, minutes and seconds (default is off). Also settable in the dnssec.conf file (Parameter: PrintAge). -f, --lifetime Print the key lifetime. -e, --exptime Print the key expiration time. -t, --time Print the key generation time (default is on). Also settable in the dnssec.conf file (Parameter: PrintTime). -h No header or trusted-key resp. managed-key section header and trailer in -T or -M mode. COMMAND OPTIONS -H, --help Print out the online help. -T, --list-trustedkeys List all key signing keys as a named.conf trusted-key section. Use -h to supress the section header/trailer. -K, --list-dnskeys List the public part of all the keys in DNSKEY resource record format. Use -h to suppress comment lines. SAMPLE USAGE zkt-ls -r . Print out a list of all zone keys found below the current directory. zkt-ls -Z -c "" Print out the compiled in default parameters. zkt-ls -T ./zonedir/example.net Print out a trusted-key section containing the key signing keys of "example.net". zkt-ls --view intern Print out a list of all zone keys found below the directory where all the zones of view intern live. There should be a seperate dnssec config file dnssec-intern.conf with a directory option to take affect of this. zkt-ls-intern Same as above. The binary file zkt-ls has another link, named zkt-ls-intern made, and zkt-ls examines argv[0] to find a view whose zones it proceeds to process. ENVIRONMENT VARIABLES ZKT_CONFFILE Specifies the name of the default global configuration files. FILES /etc/namedb/dnssec.conf Built-in default global configuration file. The name of the default global config file is settable via the environment variable ZKT_CONFFILE. /etc/namedb/dnssec-<view>.conf View specific global configuration file. ./dnssec.conf Local configuration file (only used in -C mode). BUGS Some of the general options will not be meaningful in all of the command modes. The option -l and the ksk rollover options insist on domain names ending with a dot. AUTHORS Holger Zuleger COPYRIGHT Copyright (c) 2005 - 2010 by Holger Zuleger. Licensed under the BSD Licences. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. SEE ALSO dnssec-keygen(8), dnssec-signzone(8), rndc(8), named.conf(5), zkt- conf(8), zkt-keyman(8), zkt-signer(8) RFC4641 "DNSSEC Operational Practices" by Miek Gieben and Olaf Kolkman, DNSSEC HOWTO Tutorial by Olaf Kolkman, RIPE NCC (http://www.nlnetlabs.nl/dnssec_howto/) ZKT 1.0 February 25, 2010 zkt-ls(8)
NAME | SYNOPSYS | DESCRIPTION | GENERAL OPTIONS | COMMAND OPTIONS | SAMPLE USAGE | ENVIRONMENT VARIABLES | FILES | BUGS | AUTHORS | COPYRIGHT | SEE ALSO
Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=zkt-ls&sektion=8&manpath=FreeBSD+Ports+15.0.quarterly>