.\" -*- mode: troff; coding: utf-8 -*- .\" Automatically generated by Pod::Man 5.01 (Pod::Simple 3.43) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ . ds C` "" . ds C' "" 'br\} .el\{\ . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" ======================================================================== .\" .IX Title "LSDNSSEC 1" .TH LSDNSSEC 1 2023-07-29 "perl v5.38.0" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH NAME lsdnssec \- List DNSSEC components of zones from files or directories .SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& lsdnssec [\-d 1\-9] [OPTIONS] [FILES OR DIRECTORIES...] .Ve .SH DESCRIPTION .IX Header "DESCRIPTION" The \fBlsdnssec\fR program summarizes information about DNSSEC-related files. These files may be specified on the command line or found in directories that were given on the command line. The \fB\-d\fR flag controls the amount of detail in the \fBlsdnssec\fR output. .PP \&\fBlsdnssec\fR displays the following information about each zone for which it collects information: .IP keys 4 .IX Item "keys" Key information is shown about the keys currently in use. A bar graph is included that shows the age of the key with respect to the configured expected key lifetime. .Sp This information is collected from any \fB.krf\fR files \fBlsdnssec\fR finds. .IP "rolling status" 4 .IX Item "rolling status" If any zone keys are being rolled via \fBrollerd\fR, then the status of the rolling state is shown. The time needed to reach the next state is also displayed. .Sp This information is collected from any \fB.rollrec\fR or \fB.rrf\fR files found by \&\fBlsdnssec\fR. .SH OPTIONS .IX Header "OPTIONS" .IP "\fB\-z ZONENAME1[,ZONENAME2]\fR" 4 .IX Item "-z ZONENAME1[,ZONENAME2]" .PD 0 .IP \fB\-\-zone=ZONENAME1[,ZONENAME2]\fR 4 .IX Item "--zone=ZONENAME1[,ZONENAME2]" .PD Only prints information about the named zone(s). .IP "\fB\-p NUMBER\fR" 4 .IX Item "-p NUMBER" .PD 0 .IP \fB\-\-phase=NUMBER\fR 4 .IX Item "--phase=NUMBER" .PD Only prints information about zones currently being rolled by \fBrollerd\fR and where either a zsk or a ksk rollover is taking place and is in phase NUMBER. .Sp If the phase NUMBER is specified as 0, then any zone in any rolling phase will be printed (but not zones that aren't being rolled at all). .Sp This flag is especially useful to find all of your zones that are currently in KSK rolling phase 6, which requires operator intervention to propagate the new DS records into the parent zone. .IP \fB\-r\fR 4 .IX Item "-r" .PD 0 .IP \fB\-\-roll\-status\fR 4 .IX Item "--roll-status" .PD Show only rolling information from the rollrec files. By default both roll-state and key information is shown. .IP \fB\-k\fR 4 .IX Item "-k" .PD 0 .IP \fB\-\-key\-data\fR 4 .IX Item "--key-data" .PD Show only keying information from the krf files. By default both roll-state and key information is shown. .IP \fB\-K\fR 4 .IX Item "-K" .PD 0 .IP \fB\-\-key\-gen\-time\fR 4 .IX Item "--key-gen-time" .PD Normally \fBrollerd\fR calculates the age of a key based on the last time a key was rolled. However, it's also possible to calculate the age of a key based on the difference between the time of execution and when the key was created (which was typically before the rolling began). The \fI\-K\fR flag switches to this second mode of key age calculation (which will not match how \fBrollerd\fR actually performs). .IP \fB\-M\fR 4 .IX Item "-M" .PD 0 .IP \fB\-\-monitor\fR 4 .IX Item "--monitor" .PD The \fI\-M\fR flag gives an abbreviated version of \fBlsdnssec\fR output that is intended for use by monitoring systems. It displays the zone name, the rollover phase, and the time remaining in that phase. This option implicitly sets the \fI\-r\fR flag on and sets the detail level to 1. .IP "\fB\-d 1\-9\fR" 4 .IX Item "-d 1-9" .PD 0 .IP "\fB\-\-detail 1\-9\fR" 4 .IX Item "--detail 1-9" .PD Controls the amount of information shown in the output. A level of 9 shows everything; a level of 1 shows a minimal amount. The default level is 5. .IP \fB\-\-debug\fR 4 .IX Item "--debug" Turns on extra debugging information. .SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2009\-2014 SPARTA, Inc. All rights reserved. See the COPYING file included with the DNSSEC-Tools package for details. .SH AUTHOR .IX Header "AUTHOR" Wes Hardaker .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBlskrf\|(1)\fR .PP \&\fBzonesigner\|(8)\fR, \&\fBrollerd\|(8)\fR