zkt-ls(8)zkt-ls(8)NAMEzkt-ls — list dnskeys
SYNOPSYSzkt-ls-H
zkt-ls [-V|--view view] [-c file] [-l list] [-adefhkLprtz]
[{keyfile|dir} ...]
zkt-ls-T [-V|--view view] [-c file] [-l list] [-dhrz] [{keyfile|dir}
...]
zkt-ls--list-trustedkeys [-V|--view view] [-c file] [-l list] [-dhrz]
[{keyfile|dir} ...]
zkt-ls-M [-V|--view view] [-c file] [-l list] [-dhrz] [{keyfile|dir}
...]
zkt-ls--list-managedkeys [-V|--view view] [-c file] [-l list] [-dhrz]
[{keyfile|dir} ...]
zkt-ls-K [-V|--view view] [-c file] [-l list] [-dhkrz] [{keyfile|dir}
...]
zkt-ls--list-dnskeys [-V|--view view] [-c file] [-l list] [-dhkrz]
[{keyfile|dir} ...]
DESCRIPTION
The zkt-ls command list all dnssec zone keys found in the given or
predefined default directory. It is also possible to specify keyfiles
(K*.key) as arguments. With option -r subdirectories will be searched
recursively and all dnssec keys found are listed, sorted by domain
name, key type and generation time. In that mode the use of option -p
may be helpful to find the location of the keyfile in the directory
tree.
Other forms of the command, print out keys in a format suitable for a
trusted- or managed-key section (-Tor-M) or as a DNSKEY (-K) resource
record.
GENERAL OPTIONS-V view, --view=view
Try to read the default configuration out of a file named
dnssec-<view>.conf . Instead of specifying the -V or --view
option every time, it is also possible to create a hard or
softlink to the executable file to give it an additional name
like zkt-ls-<view> .
-c file, --config=file
Read default values from the specified config file. Otherwise
the default config file is read or build in defaults will be
used.
-O optstr, --config-option=optstr
Set any config file option via the commandline. Several config
file options could be specified at the argument string but have
to be delimited by semicolon (or newline).
-l list, --label=list
Print out information solely about domains given in the comma or
space separated list. Take care of, that every domain name has
a trailing dot.
-d, --directory
Skip directory arguments. This will be useful in combination
with wildcard arguments to prevent dnsssec-zkt to list all keys
found in subdirectories. For example "zkt-ls -d *" will print
out a list of all keys only found in the current directory.
Maybe it is easier to use "zkt-ls ." instead (without -r set).
The option works similar to the -d option of ls(1).
-L, --left-justify
Print out the domain name left justified.
-k, --ksk
Select and print key signing keys only (default depends on
command mode).
-z, --zsk
Select and print zone signing keys only (default depends on
command mode).
-r, --recursive
Recursive mode (default is off).
Also settable in the dnssec.conf file (Parameter: Recursive).
-p, --path
Print pathname in listing mode. In -C mode, don't create the
new key in the same directory as (already existing) keys with
the same label.
-a, --age
Print age of key in weeks, days, hours, minutes and seconds
(default is off).
Also settable in the dnssec.conf file (Parameter: PrintAge).
-f, --lifetime
Print the key lifetime.
-e, --exptime
Print the key expiration time.
-t, --time
Print the key generation time (default is on).
Also settable in the dnssec.conf file (Parameter: PrintTime).
-h No header or trusted-key resp. managed-key section header and
trailer in -T or -M mode.
COMMAND OPTIONS-H, --help
Print out the online help.
-T, --list-trustedkeys
List all key signing keys as a named.conf trusted-key section.
Use -h to supress the section header/trailer.
-K, --list-dnskeys
List the public part of all the keys in DNSKEY resource record
format. Use -h to suppress comment lines.
SAMPLE USAGEzkt-ls-r .
Print out a list of all zone keys found below the current
directory.
zkt-ls-Z -c ""
Print out the compiled in default parameters.
zkt-ls-T ./zonedir/example.net
Print out a trusted-key section containing the key signing keys
of "example.net".
zkt-ls--view intern
Print out a list of all zone keys found below the directory
where all the zones of view intern live. There should be a
seperate dnssec config file dnssec-intern.conf with a directory
option to take affect of this.
zkt-ls-intern
Same as above. The binary file zkt-ls has another link, named
zkt-ls-intern made, and zkt-ls examines argv[0] to find a view
whose zones it proceeds to process.
ENVIRONMENT VARIABLES
ZKT_CONFFILE
Specifies the name of the default global configuration files.
FILES
/etc/namedb/dnssec.conf
Built-in default global configuration file. The name of the
default global config file is settable via the environment
variable ZKT_CONFFILE.
/etc/namedb/dnssec-<view>.conf
View specific global configuration file.
./dnssec.conf
Local configuration file (only used in -C mode).
BUGS
Some of the general options will not be meaningful in all of the
command modes.
The option -l and the ksk rollover options insist on domain names
ending with a dot.
AUTHORS
Holger Zuleger
COPYRIGHT
Copyright (c) 2005 - 2010 by Holger Zuleger. Licensed under the BSD
Licences. There is NO warranty; not even for MERCHANTABILITY or FITNESS
FOR A PARTICULAR PURPOSE.
SEE ALSOdnssec-keygen(8), dnssec-signzone(8), rndc(8), named.conf(5), zkt-
conf(8), zkt-keyman(8), zkt-signer(8)
RFC4641 "DNSSEC Operational Practices" by Miek Gieben and Olaf Kolkman,
DNSSEC HOWTO Tutorial by Olaf Kolkman, RIPE NCC
(http://www.nlnetlabs.nl/dnssec_howto/)
ZKT 1.0 February 25, 2010 zkt-ls(8)