.\" -*- mode: troff; coding: utf-8 -*- .\" Automatically generated by Pod::Man 5.01 (Pod::Simple 3.43) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ . ds C` "" . ds C' "" 'br\} .el\{\ . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" ======================================================================== .\" .IX Title "KEYARCH 1" .TH KEYARCH 1 2023-07-29 "perl v5.38.0" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH NAME keyarch \- DNSSEC\-Tools daemon to archive old KSK and ZSK keys .SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& keyarch [options] .Ve .SH DESCRIPTION .IX Header "DESCRIPTION" The \fBkeyarch\fR program archives old KSK and ZSK keys. Keys are considered old if they are revoked or obsolete. Keys marked as either \fIkskrev\fR or \fIzskrev\fR are revoked; keys marked as either \fIkskobs\fR or \fIzskobs\fR are obsolete. Archived keys are prefixed with the seconds-since-epoch as a means of distinguishing a zone's keys that have the same five digit number. .PP If the required file argument is a \fIkeyrec\fR file, then expired keys listed in that file are archived. If the file argument is a \fIrollrec\fR file, the \&\fIkeyrec\fR files of the zones in that file are checked for expired keys. .PP If the \fB\-zone\fR option is given, then only revoked and obsolete keys belonging to the specified zone will be archived. .PP The archive directory is either zone-specific (listed in the zone's \fIkeyrec\fR record in the zone's \fIkeyrec\fR file) or the default archive directory given in the DNSSEC-Tools configuration file. .PP The count of archived keys is given as the program's exit code. Error exit codes are negative. .SH OPTIONS .IX Header "OPTIONS" The following options are recognized: .IP "\fB\-zone zone_file\fR" 4 .IX Item "-zone zone_file" Name of the zone whose KSKs will be archived. If this is not given, then all the zones defined in the \fIrollrec\fR file will be checked. .IP \fB\-kskonly\fR 4 .IX Item "-kskonly" Only archive KSK keys. .IP \fB\-zskonly\fR 4 .IX Item "-zskonly" Only archive ZSK keys. .IP "\fB\-dtconfig config_file\fR" 4 .IX Item "-dtconfig config_file" Name of an alternate DNSSEC-Tools configuration file to be processed. If specified, this configuration file is used \fIin place\fR of the normal DNSSEC-Tools configuration file \fBnot\fR in addition to it. Also, it will be handled prior to \fIkeyrec\fR files, \fIrollrec\fR files, and command-line options. .IP \fB\-quiet\fR 4 .IX Item "-quiet" No output will be given. .IP \fB\-verbose\fR 4 .IX Item "-verbose" Verbose output will be given. .IP \fB\-help\fR 4 .IX Item "-help" Display a usage message. .IP \fB\-Version\fR 4 .IX Item "-Version" Displays the version information for \fBkeyarch\fR and the DNSSEC-Tools package. .SH "EXIT VALUES" .IX Header "EXIT VALUES" On success, \fBkeyarch\fR's exit code is the number of keys archived. .PP \&\fBkeyarch\fR has a 0 exit code if the help message is given. .PP \&\fBkeyarch\fR has a negative exit code if an error is encountered. .SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2007\-2014 SPARTA, Inc. All rights reserved. See the COPYING file included with the DNSSEC-Tools package for details. .SH AUTHOR .IX Header "AUTHOR" Wayne Morrison, tewok@tislabs.com .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBrollerd\|(8)\fR, \&\fBzonesigner\|(8)\fR .PP \&\fBNet::DNS::SEC::Tools::conf.pm\|(3)\fR, \&\fBNet::DNS::SEC::Tools::dnssectools.pm\|(3)\fR, \&\fBNet::DNS::SEC::Tools::defaults.pm\|(3)\fR, \&\fBNet::DNS::SEC::Tools::keyrec.pm\|(3)\fR, \&\fBNet::DNS::SEC::Tools::rollrec.pm\|(3)\fR .PP \&\fBkeyrec\|(5)\fR, \&\fBrollrec\|(5)\fR