.\" -*- mode: troff; coding: utf-8 -*- .\" Automatically generated by Pod::Man 5.01 (Pod::Simple 3.43) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ . ds C` "" . ds C' "" 'br\} .el\{\ . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" ======================================================================== .\" .IX Title "CLEANKRF 1" .TH CLEANKRF 1 2023-07-29 "perl v5.38.0" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH NAME cleankrf \- Clean a DNSSEC\-Tools keyrec files of old data .SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& cleankrf [options] .Ve .SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBcleankrf\fR cleans old data out of a set of DNSSEC-Tools \fIkeyrec\fR files. The old data are obsolete signing sets, orphaned keys, and obsolete keys. .PP Obsolete signing sets are set \fIkeyrec\fRs unreferenced by a zone \fIkeyrec\fR. Revoked signing sets are considered obsolete by \fBcleankrf\fR. .PP Orphaned keys are KSK and ZSK key \fIkeyrec\fRs unreferenced by a set \fIkeyrec\fR. .PP Obsolete keys are key \fIkeyrec\fRs with a \fIkeyrec_type\fR of \fBkskobs\fR or \&\fBzskobs\fR. .PP \&\fBcleankrf\fR's exit code is the count of orphaned and obsolete \fIkeyrec\fRs found. .SH OPTIONS .IX Header "OPTIONS" .IP \fB\-count\fR 4 .IX Item "-count" Display a final count of old \fIkeyrec\fRs found in the \fIkeyrec\fR files. This option allows the count to be displayed even if the \fB\-quiet\fR option is given. .IP \fB\-list\fR 4 .IX Item "-list" The key \fIkeyrec\fRs are checked for old \fIkeyrec\fRs, but they are not removed from the \fIkeyrec\fR file. The names of the old \fIkeyrec\fRs are displayed. .IP \fB\-rm\fR 4 .IX Item "-rm" Delete the key files, both \fB.key\fR and \fB.private\fR, from orphaned and expired \fIkeyrec\fRs. .IP \fB\-quiet\fR 4 .IX Item "-quiet" Display no output. .IP \fB\-verbose\fR 4 .IX Item "-verbose" Display output about referenced keys and unreferenced keys. .IP \fB\-Version\fR 4 .IX Item "-Version" Displays the version information for \fBcleankrf\fR and the DNSSEC-Tools package. .IP \fB\-help\fR 4 .IX Item "-help" Display a usage message. .SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2004\-2014 SPARTA, Inc. All rights reserved. See the COPYING file included with the DNSSEC-Tools package for details. .SH AUTHOR .IX Header "AUTHOR" Wayne Morrison, tewok@tislabs.com .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBfixkrf\|(8)\fR, \&\fBlskrf\|(8)\fR, \&\fBzonesigner\|(8)\fR .PP \&\fBNet::DNS::SEC::Tools::keyrec.pm\|(3)\fR .PP \&\fBfile\-keyrec.pm\|(5)\fR