DD-CONVERT(8) System Manager's Manual DD-CONVERT(8)

NAME

dd-convertthe DelphinusDNS Convert Utility

SYNOPSIS

dd-convert [-a algorithm] [-B bits] [-e seconds] [-h] [-i inputfile] [-I iterations] [-k KSKfile] [-K] [-n zonename] [-o outputfile] [-s salt] [-t ttl] [-v] [-z ZSKfile] [-Z]

DESCRIPTION

dd-convert is a utility which signs a delphinusdnsd zone file to output into a delphinusdnsd readable DNSSEC zonefile. This utility is based on the ruby program dd-convert.rb which was part of delphinusdns 1.0 release. From delphinusdns 1.1 onwards this is the utility expected to be used for zone signing, unless the ruby utility proves better.
The options are as follows:
-a algorithm
specifies the algorithm to use represented as an integer. There currently is only 3 algorithms possible and they are of RSA types. There is RSASHA1-NSEC3-SHA1 which has algorithm 7, there is RSASHA256 which has algorithm 8 (the default), and there is RSASHA512 which has algorithm 10.
-B bits Specifies the number of bits used with the algorithm. The default value is 2048.
-e seconds Specifies how many seconds into the future the expiry time of the signed zone will be. By default this is 5184000 seconds. To re-sign a zone with a different signtime than what the current available time (now) is, you'll have to recompile the binary with PROVIDED_SIGNTIME set to 1.
-h Provides a usage output.
-i inputfile Specifies an inputfile, used in conjunction with the -n option which specifies the name of the zone.
-I iterations This is the number of iterations used with the NSEC3 resource record hash that dd-convert
produces.
-k KSKfile When re-signing a zone with a provided KSK keyfile use this option to specify the KSK file. Roll-overs are not yet supported.
-K Sign a zone with a newly created KSK keyfile. It is assumed that LibreSSL will create random defaults that are cryptographically strong.
-n zonename This option in conjunction with the Fl i option must be provided. Otherwise dd-convert will not know what to sign.
-o outputfile When this option is not specified dd-convert will output to standard output. A - provided to this option will also output to standard output otherwise it will be output to the specified file.
-s salt is the salt for the NSEC3 hash. This is a security option that applies the same as anything that requires salt. The input is in hexadecimal.
-t ttl is the time to live for created DNSKEY resource records. Default is 3600.
-v prints the version of dd-convert and exits.
-z ZSKfile When re-signing a zone with a provided ZSK keyfile use this option to specify the KSK file. Roll-overs are not yet supported.
-Z Sign a zone with a newly created ZSK keyfile. It is assumed that LibreSSL will create random defaults that are cryptographically strong.

FILES

./tmp.XXXXXXXXXX a temporary database path (gets cleaned up after successful exit).

SEE ALSO

delphinusdnsd(8), delphinusdns.conf(5),

AUTHORS

This software was written by Peter J. Philipp ⟨manpage@centroid.eu⟩
 
January 2, 2017 OpenBSD 6.0