Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • The <input type> and <output type> fields specify what kind of adaptor should be configured for the zone. Valid values are 'File' (default) and 'DNS' for both input and output:
    • When using a 'File' adaptor the <input> field specifies the location of the unsigned zone and the <output> field specifies the location of the signed zone
    • When using a 'DNS' adaptor the <input> and <output> fields specify the location of the xml file that describes the adapter to be used e.g. {prefix}/etc/opendnssec/addns.xml
  • Defaults are provided for all options but zone name:
    • --policy will use the 'default' policy
    • --signerconf will default to use the {prefix}/var/opendnssec/signerconf/<zone>.xml file
    • --input will default to {prefix}/var/opendnssec/unsigned/<zone> for a 'File' adaptor or (available from 1.4.3) {prefix}/var/opendnssec/addns.xml for a 'DNS' adaptor
    • --in-type will default to 'File'
    • --output will default to {prefix}/var/opendnssec/signed/<zone> for a 'File' adaptor or or (available from 1.4.3) {prefix}/var/opendnssec/addns.xml for a 'DNS' adaptor
    • --out-type will default to 'File'
       
  • The "no-xml" flag is useful when adding a number of zones; it prevents zonelist.xml from being written to thus speeding up the process. If the "no-xml" flag is used then after all the zones have been added then the zonelist file will need to be updated via the command:

...

Code Block
--cka_id <CKA_ID>                 aka -k
--repository <repository>         aka -r
--zone <zone>                     aka -z
--bits <size>                     aka -b
--algorithm <algorithm>           aka -g
--keystate <state>                aka -e
--keytype <type>                  aka -t
--time <time>                     aka -w
[--check-repository]              aka -C
[--retire <retire>]               aka -y
  • (Available from 1.4.3) If the --check-repository flag is used then the import will fail if no key with the matching cka_id is available in the repository.

 

Command: key rollover

Code Block
ods-ksmutil key rollover

...