rollchk(1) - Linux man page
Name
rollchk - Check a DNSSEC-Tools rollrec file for problems and inconsistencies.
Synopsis
rollchk [-roll | -skip] [-count] [-quiet] [-verbose] [-help] rollrec-file
Description
This script checks the rollrec file specified by rollrec-file for problems and inconsistencies.
Types Of Checks
There are three types of checks performed by rollchk: file checks, "raw" file checks, and rollrec checks. The checks are performed in that order, and if any of the group checks fail then rollchk exits.
File Checks
- These checks determine basic information about the rollrec file itself. Recognized problems are:
- • non-existent rollrec file
- The specified rollrec file does not exist.
- • non-regular rollrec file
- The specified rollrec file is not a regular file.
- • non-existent rollrec file
Raw File Checks
- These checks are performed directly on the file contents, rather than by using the rollrec.pm interfaces. Recognized problems are:
- • duplicated rollrec names
- A rollrec name is not unique.
- • duplicated rollrec names
Rollrec Checks
- These checks are performed after referencing the file contents with the the rollrec.pm interfaces. Recognized problems are:
- • no zones defined
- No zones are defined in the specified rollrec file.
- • invalid KSK rollover phase
- A zone has an invalid KSK rollover phase. These phases may be 0, 1, 2, 3, 4, 5, 6, or 7; any other value is invalid.
- • mismatch in KSK timestamp data
- A zone's KSK roll-seconds timestamp does not translate into the date stored in its roll-date string.
- • invalid ZSK rollover phase
- A zone has an invalid ZSK rollover phase. These phases may be 0, 1, 2, 3, or 4; any other value is invalid.
- • mismatch in ZSK timestamp data
- A zone's ZSK roll-seconds timestamp does not translate into the date stored in its roll-date string.
- • contemporaneous KSK and ZSK rollovers
- A zone has a KSK rollover occurring at the same time as a ZSK rollover. A zone may only have one rollover phase be non-zero at a time.
- • in rollover without a phasestart
- A zone is currently in rollover, but its rollrec record does not have a phasestart field.
- • empty administrator
- A zone has an empty administrator field. This field must contain a non-empty data value. The value itself is not parsed for accuracy.
- • non-existent directory
- Several checks are made for a zone's directory. If the zone has a directory specified, the directory must exist and it must be an actual directory.
- • invalid display flag
- A zone has an invalid display flag. This flag may be 0 or 1; any other value is invalid.
- • non-positive maxttl
- The maximum TTL value must be greater than zero.
- • zone file checks
- Several checks are made for a zone's zone file. The zone file must exist, it must be a regular file, and it must not be of zero length.
If the file is not an absolute path and the file's rollrec has a directory entry, then the directory is prepended to the filename prior to performing any checks.
- • keyrec file checks
- Several checks are made for a zone's keyrec file. The keyrec file must exist, it must be a regular file, and it must not be of zero length.
If the file is not an absolute path and the file's rollrec has a directory entry, then the directory is prepended to the filename prior to performing any checks.
- • zonename checks
- Several checks are made for zonename. The zonename must maatch the SOA name in the zone file, and the zonename's keyrec record in its keyrec file must be a zone record.
- • empty zsargs
- A zone has an empty zonesigner-arguments field. If this field exists, it must contain a non-empty data value. The value itself is not parsed for accuracy.
- • no zones defined
Options
-roll
- Only display rollrecs that are active ("roll") records. This option is mutually exclusive of the -skip option.
- -skip
- Only display rollrecs that are inactive ("skip") records. This option is mutually exclusive of the -roll option.
- -count
- Display a final count of errors.
- -quiet
- Do not display messages. This option supersedes the setting of the -verbose option.
- -verbose
- Display many messages. This option is subordinate to the -quiet option.
- -Version
- Displays the version information for rollchk and the DNSSEC-Tools package.
- -help
- Display a usage message.
Copyright
Copyright 2006-2012 SPARTA , Inc. All rights reserved. See the COPYING file included with the DNSSEC-Tools package for details.
Author
Wayne Morrison, tewok@tislabs.com
See Also
lsroll(8), rollerd(8), rollinit(8)
Net::DNS::SEC::Tools::rollrec.pm(3)
file-rollrec(5), keyrec(8)