.TH zkt-conf 8 "February 22, 2010" "ZKT 1.0" "" \" turn off hyphenation .\" if n .nh .nh .SH NAME zkt-conf \(em Secure DNS zone key config tool .SH SYNOPSYS .na .B zkt-conf .RB [ \-V .IR "name" ] .RB [ \-w ] .B \-d .RB [ \-O .IR "optstr" ] .br .B zkt-conf .RB [ \-V .IR "name" ] .RB [ \-w ] .RB [ \-s ] .RB [ \-c .IR "file" ] .RB [ \-O .IR "optstr" ] .br .B zkt-conf .RB [ \-V .IR "name" ] .RB [ \-w ] .B \-l .RB [ \-a ] .RB [ \-c .IR "file" ] .RB [ \-O .IR "optstr" ] .B zkt-conf .RB [ \-c .IR "file" ] .RB [ \-w ] .I "zonefile" .br .ad .SH DESCRIPTION The .I zkt-conf command helps to create and show a config file for use by the Zone Key Tool commands, which are currently .I zkt-ls(8) , .I zkt-keyman(8) , and .IR zkt-signer(8) . .PP In general, the ZKT commands uses up to three consequitive sources for config parameter settings: .IP a) The build-in default parameters .IP b) The side wide config file or the file specified with option -c overloads the built-in vars. The file is .I /var/named/dnssec.conf or the one set by the environment variable ZKT_CONFFILE. .IP c) The local config file .I dnssec.conf in the current zone directory also overloads the parameter read so far. .PP Because of the overload feature, none of the config files has to have a complete parameter set. Typically the local config file will have only those parameters which are different from the global or built-in ones. .PP The default operation of .I zkt-conf(8) is to print the site wide config file (same as option .BR \-s ). Option .B \-d will print out the built-in defaults while .B \-l print those local parameters which are different to the global ones. In the last case .B \-a gives the fully .RB ( \-\-all ) parameter list. .PP In all forms of the command, the parameters are changeable via option .B \-O .RB ( \-\-config-option ). .PP With option .B \-w .RB ( \-\-write ) the confg parameters are written back to the config file. This is useful in case of an ZKT upgrade or if one or more parameters are changed by option .BR \-O . .PP Option .B \-t checks some of the parameter for reasonable values. .PP .PP Which config file is shown (or modified or checked) is determined by an option. .B \-d means the built-in defaults, option .B \-l is for the local config file and .B \-s specifies the site wide config file. Option .B \-s is the default. .PP In the last form of the command, the maximum TTL value of all the resource records of .I zonefile is calculated and print on stdout. Additional, the zonefile is checked if the key database .RI ( dnskey.db ) is included in the zone file. If option .B \-w is set, than the INCLUDE directive will be added to the zone file if necessary, and the maximum ttl value is written to a local config file. .SH COMMAND OPTIONS .TP .BR \-h ", " \-\-help Print out the online help. .TP .BR \-d ", " \-\-built-in-defaults List all the built-in default parameter. .TP .BR \-s ", " \-\-sitecfg List all site wide config parameter (this is the default). .TP .BR \-l ", " \-\-localcfg List local config parameter which are different to the site wide config parameter. With otion .B \-a .RB ( \-\-all ) all config parameters will be shown. .SH OPTIONS .TP .BI \-V " view" ", \-\-view=" view Try to read the default configuration out of a file named .I dnssec-<view>.conf . Instead of specifying the .B \-V or .B \-\-view option every time, it is also possible to create a hard or softlink to the executable file and name it like .I zkt-conf-<view> . .TP .BI \-c " file" ", \-\-config=" file Read all parameter from the specified config file. Otherwise the default config file is read or build in defaults will be used. .TP .BI \-O " optstr" ", \-\-config-option=" optstr Set any config file parameter via the commandline. Several config file options could be specified at the argument string but have to be delimited by semicolon (or newline). .TP .BR \-a ", " \-\-all In case of showing the local config file parameter .RB ( \-l ) this prints all parameter, not just the ones different to the site wide or built-in defaults. .SH SAMPLE USAGE .TP .fam C .B "zkt-conf \-d .fam T Print the built-in default config pars. .TP .fam C .B "zkt-conf \-d \-w .fam T Write all the built-in defaults into the site wide config file. .TP .fam C .B "zkt-conf \-s \-O ""SerialFormat: Incremental; Zonedir: /var/named/zones"" \-w" .fam T Change two parameters in the site wide .I dnssec.conf file. .TP .fam C .B "zkt-conf \-w zone.db .fam T Add .B "$INCLUDE dnskey.db" to the zone file and set the maximum ttl paramter in the local config file to the maximum ttl fond in any RR of .IR zone.db . .SH ENVIRONMENT VARIABLES .TP ZKT_CONFFILE Specifies the name of the default global configuration files. .SH FILES .TP .I /var/named/dnssec.conf Default global configuration file. The name of the default global config file is settable via the environment variable ZKT_CONFFILE. .TP .I /var/named/dnssec-<view>.conf View specific global configuration file. .TP .I ./dnssec.conf Local configuration file (additionally used in .B \-l mode). .SH AUTHORS Holger Zuleger .SH COPYRIGHT Copyright (c) 2005 \- 2010 by Holger Zuleger. Licensed under the BSD Licences. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. .\"-------------------------------------------------- .SH SEE ALSO dnssec-keygen(8), dnssec-signzone(8), rndc(8), named.conf(5), zkt-signer(8), zkt-ls(8), zkt-keyman(8), .br RFC4641 "DNSSEC Operational Practices" by Miek Gieben and Olaf Kolkman, .br DNSSEC HOWTO Tutorial by Olaf Kolkman, RIPE NCC .br (http://www.nlnetlabs.nl/dnssec_howto/)