-
Notifications
You must be signed in to change notification settings - Fork 0
/
ods-auditor.1.in
96 lines (88 loc) · 2.47 KB
/
ods-auditor.1.in
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
.TH "ods-auditor" "1" "February 2010" "OpenDNSSEC" "OpenDNSSEC ods-auditor"
.\" $Id$
.SH "NAME"
.LP
.B ods\-auditor
\- OpenDNSSEC Auditor
.SH "SYNOPSIS"
.LP
.B ods\-auditor
.RB [ \-c
.IR path ]
.RB [ \-k
.IR path ]
.RB [ \-s
.IR path ]
.RB [ \-u
.IR path ]
.B \-z
.I name
.RB [ \-f | \-p ]
.br
.B ods\-auditor
.RB [ \-h ]
.br
.B ods\-auditor
.RB [ \-v ]
.SH "DESCRIPTION"
.LP
ods\-auditor is a module which provides auditing capabilities to OpenDNSSEC.
Once an unsigned zone has been signed, this module can be used to check
that the signing process has run successfully. It checks that no data
has been lost (or non\-DNSSEC data added), and that all the DNSSEC
records are correct. It uses the OpenDNSSEC standard logging (defined
in @OPENDNSSEC_CONFIG_FILE@).
The Auditor takes the signed and unsigned zones and compares them. It
first parses both files, and creates transient files which are then
sorted into canonical order. These files are then processed by the
Auditor. If processing an NSEC3\-signed file, the Auditor will create
additional temporary files, which are processed after the main
auditing run.
.SH "OPTIONS"
.LP
.TP
\fB\-c\fR, \fB\-\-conf\fR \fIpath\fR
Path to an OpenDNSSEC configuration file
(defaults to @OPENDNSSEC_CONFIG_FILE@)
.TP
\fB\-k\fR, \fB\-\-kasp\fR \fIpath\fR
Path to KASP policy file
(defaults to the path given in the configuration file)
.TP
\fB\-z\fR, \fB\-\-zone\fR \fIname\fR
Only audit the specified zone
(defaults to audit all zones)
.TP
\fB\-s\fR, \fB\-\-signed\fR \fIpath\fR
If a single zone is specified, then this option may override
the default location of the signed zone file with another. This is for use by
the signer.
(defaults to the path given in the zone list)
.TP
\fB\-u\fR, \fB\-\-unsigned\fR \fIpath\fR
If a single zone is specified, then this option may override
the default location of the unsigned zone file with another. This is for use by
the signer.
(defaults to the path given in the zone list)
.TP
\fB\-f\fR, \fB\-\-full\fR
Perform a full audit
.TP
\fB\-p\fR, \fB\-\-partial\fR
Perform a partial audit
.TP
\fB\-v\fR, \fB\-\-version\fR
Display version information
.TP
\fB\-h\fR, \fB\-?\fR, \fB\-\-help\fR
Show the help screen
.SH "SEE ALSO"
.LP
ods\-control(8), ods\-enforcerd(8), ods\-hsmspeed(1),
ods\-hsmutil(1), ods\-kaspcheck(1), ods\-ksmutil(1), ods\-signer(8),
ods\-signerd(8), ods\-timing(5), opendnssec(7),
.B http://www.opendnssec.org/
.SH "AUTHORS"
.LP
.B ods\-auditor
was written by Alex Dalitz and Nominet as part of the OpenDNSSEC project.