CLEANKRF(1)           User Contributed Perl Documentation          CLEANKRF(1)


NAME
       cleankrf - Clean a DNSSEC-Tools keyrec files of old data

SYNOPSIS
         cleankrf [options] <keyrec-files>

DESCRIPTION
       cleankrf cleans old data out of a set of DNSSEC-Tools keyrec files.
       The old data are obsolete signing sets, orphaned keys, and obsolete
       keys.

       Obsolete signing sets are set keyrecs unreferenced by a zone keyrec.
       Revoked signing sets are considered obsolete by cleankrf.

       Orphaned keys are KSK and ZSK key keyrecs unreferenced by a set keyrec.

       Obsolete keys are key keyrecs with a keyrec_type of kskobs or zskobs.

       cleankrf's exit code is the count of orphaned and obsolete keyrecs
       found.

OPTIONS
       -count
           Display a final count of old keyrecs found in the keyrec files.
           This option allows the count to be displayed even if the -quiet
           option is given.

       -list
           The key keyrecs are checked for old keyrecs, but they are not
           removed from the keyrec file.  The names of the old keyrecs are
           displayed.

       -rm Delete the key files, both .key and .private, from orphaned and
           expired keyrecs.

       -quiet
           Display no output.

       -verbose
           Display output about referenced keys and unreferenced keys.

       -Version
           Displays the version information for cleankrf and the DNSSEC-Tools
           package.

       -help
           Display a usage message.

COPYRIGHT
       Copyright 2004-2014 SPARTA, Inc.  All rights reserved.  See the COPYING
       file included with the DNSSEC-Tools package for details.

AUTHOR
       Wayne Morrison, tewok@tislabs.com

SEE ALSO
       fixkrf(8), lskrf(8), zonesigner(8)

       Net::DNS::SEC::Tools::keyrec.pm(3)

       file-keyrec.pm(5)

perl v5.38.0                      2023-07-29                       CLEANKRF(1)