'\" te
.\" Copyright (C) 2010 Internet Systems Consortium, Inc. ("ISC")
.\" Permission to use, copy, modify, and/or distribute this software for any purpose  with or without fee is hereby granted, provided that the above copyright notice  and this permission notice appear in all copies.  THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS
.\"  ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF  MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL,  DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING  FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
.\"  OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE  USE OR PERFORMANCE OF THIS SOFTWARE.
.\" Portions Copyright (c) 2010, 2013, Oracle and/or its affiliates. All
.\"  rights reserved.
.TH dnssec-dsfromkey 1M "28 Nov 2013" "SunOS 5.11" "System Administration Commands"
.SH NAME
dnssec-dsfromkey \- DNSSEC DS RR generation tool
.SH SYNOPSIS
.LP
.nf
\fBdnssec-dsfromkey\fR [\fB-v\fR \fIlevel\fR] [\fB-1\fR] [\fB-2\fR] [\fB-a\fR \fIalg\fR] \fIkeyfile\fR
.fi

.LP
.nf
\fBdnssec-dsfromkey\fR \fB-s\fR [\fB-v\fR \fIlevel\fR] [\fB-1\fR] [\fB-2\fR] [\fB-a\fR \fIalg\fR] [\fB-c\fR \fIclass\fR]

     [\fB-d\fR \fIdir\fR] \fIkeyfile\fR
.fi

.SH DESCRIPTION
.sp
.LP
\fBdnssec-dsfromkey\fR
.SH OPTIONS
.sp
.LP
The following options are supported:
.sp
.ne 2
.mk
.na
\fB\fB-1\fR\fR
.ad
.sp .6
.RS 4n
Use \fBSHA-1\fR as the digest algorithm. The default is to use both \fBSHA-1\fR and \fBSHA-256\fR.
.RE

.sp
.ne 2
.mk
.na
\fB\fB-2\fR\fR
.ad
.sp .6
.RS 4n
Use SHA-256 as the digest algorithm.
.RE

.sp
.ne 2
.mk
.na
\fB\fB-a\fR \fIalgorithm\fR\fR
.ad
.sp .6
.RS 4n
Select the digest algorithm. The value of \fIalgorithm\fR must be one of \fBSHA-1\fR (\fBSHA1\fR) or \fBSHA-256\fR (\fBSHA256\fR). These values are case-insensitive.
.RE

.sp
.ne 2
.mk
.na
\fB\fB-v\fR \fIlevel\fR\fR
.ad
.sp .6
.RS 4n
Sets the debugging level.
.RE

.sp
.ne 2
.mk
.na
\fB\fB-s\fR\fR
.ad
.sp .6
.RS 4n
Keyset mode: in place of the keyfile name, the argument is the DNS domain name of a keyset file. The \fB-c\fR and \fB-d\fR options have meaning only in this mode.
.RE

.sp
.ne 2
.mk
.na
\fB\fB-c\fR \fIclass\fR\fR
.ad
.sp .6
.RS 4n
Specifies the DNS class (default is \fBIN\fR); useful only  in the keyset mode.
.RE

.sp
.ne 2
.mk
.na
\fB\fB-d\fR \fIdirectory\fR\fR
.ad
.sp .6
.RS 4n
Look for keyset files in directory as the directory; ignored when not in the keyset mode.
.RE

.SH EXAMPLES
.sp
.LP
To build the SHA-256 DS RR from the \fBKexample.com.+003+26160\fR keyfile name, use a command such as the following:
.sp
.in +2
.nf
# \fBdnssec-dsfromkey -2 Kexample.com.+003+26160\fR
.fi
.in -2
.sp

.sp
.LP
This command would produce output similar to the following:
.sp
.in +2
.nf
example.com. IN DS 26160 5 2

3A1EADA7A74B8D0BA86726B0C227AA85AB8BBD2B2004F41A868A54F0

C5EA0B94
.fi
.in -2
.sp

.SH FILES
.sp
.LP
The keyfile can be designated by the key identification \fBK\fR\fInnnn\fR.+\fIaaa\fR+\fIiiiii\fR, or the full file name \fBK\fInnnn\fR.+\fIaaa\fR+\fIiiiii\fR.key\fR, as generated by \fBdnssec-keygen\fR(1M).
.sp
.LP
The keyset file name is built from the directory, the string \fBkeyset-\fR and the \fIdnsname\fR.
.SH ATTRIBUTES
.sp
.LP
See \fBattributes\fR(5) for descriptions of the following attributes:
.sp

.sp
.TS
tab() box;
cw(2.75i) |cw(2.75i) 
lw(2.75i) |lw(2.75i) 
.
ATTRIBUTE TYPEATTRIBUTE VALUE
_
Availabilityservice/network/dns/bind
_
Interface StabilityVolatile
.TE

.SH SEE ALSO
.sp
.LP
\fBdnssec-keygen\fR(1M), \fBdnssec-signzone\fR(1M), \fBattributes\fR(5)
.sp
.LP
\fIRFC 3658\fR, \fIRFC 4509\fR
.sp
.LP
See the BIND 9 \fIAdministrator's Reference Manual\fR. As of the date of publication of this man page, this document is available at https://kb.isc.org/article/AA-01031\&.
.SH CAUTION
.sp
.LP
A keyfile error can produce a "file not found" message, even if the file exists.