File: rollrec.pod

package info (click to toggle)
dnssec-tools 1.13-1
  • links: PTS, VCS
  • area: main
  • in suites: wheezy
  • size: 16,064 kB
  • sloc: perl: 44,399; ansic: 31,547; cpp: 21,306; sh: 15,813; xml: 2,113; makefile: 1,390; pascal: 836; python: 290; csh: 11
file content (215 lines) | stat: -rw-r--r-- 6,596 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
 
#
# Copyright 2006-2012 SPARTA, Inc.  All rights reserved.  See the COPYING
# file distributed with this software for details
#
# DNSSEC Tools
#
#	Rollrec file format.
#

1;

#############################################################################

=pod

=head1 NAME

B<rollrec> - Rollover-related zone data used by DNSSEC-Tools programs.

=head1 DESCRIPTION

I<rollrec> files contain data used by the DNSSEC-Tools to manage key rollover.
A I<rollrec> file is organized in sets of I<rollrec> records.  Each I<rollrec>
record describes the rollover state of a single zone and must be either of
I<roll> type or I<skip> type.  Roll I<rollrec>s record information about
currently rolling zones.  Skip I<rollrec>s record information about zones that
are not being rolled.  A I<rollrec> consists of a set of keyword/value
entries.

The DNSSEC-Tools B<rollrec.pm> module manipulates the contents of a I<rollrec>
file.  Module interfaces exist for looking up I<rollrec> records, creating
new records, and modifying existing records.

Comment lines and blank lines are ignored by the DNSSEC-Tools programs.
Comment lines start with either a '#' character or a ';' character.

A I<rollrec>'s name may consist of alphabetic characters, numbers, and several
special characters.  The special characters are the minus sign, the plus sign,
the underscore, the comma, the period, the colon, the forward-slash, the
space, and the tab.  This name is an identifier.  It is commonly set to be the
same as the name of the zone which the I<rollrec> record describes, but this
is not necessary.  If the name is not given, then B<rollerd> will create a new
I<zonename> field using the name of the I<rollrec> record.

The values in a I<rollrec>'s entries may consist of alphabetic characters,
numbers, and several special characters.  The special characters are the minus
sign, the plus sign, the underscore, the comma, the period, the colon, the
forward-slash, the space, and the tab.

=head1 FIELDS

The fields in a I<rollrec> record are:

 * administrator

This is the email address for the zone's administrative user.  If it is not
set, the default from the DNSSEC-Tools configuration file will be used.

 * curerrors

The count of consecutive errors for the zone.  This count is set to zero upon
successful completion of a KSK or ZSK rollover.

 * directory

This field contains the name of the directory in which B<rollerd> will
execute for the I<rollrec>'s zone.  If it is not specified, then the
normal B<rollerd> execution directory will be used.

 * display

This boolean field indicates whether or not the zone should be displayed by
the B<blinkenlights> program.

 * keyrec

The zone's I<keyrec> file.

 * kskphase

The zone's current KSK rollover phase.  A value of zero indicates that the
zone is not in rollover, but is in normal operation.  A numeric value of 1-7
indicates that the zone is in that phase of KSK rollover.

 * ksk_rolldate

The time at which the zone's last KSK rollover completed.  This is only used
to provide a human-readable format of the timestamp.  It is derived from the
I<ksk_rollsecs> field.

 * ksk_rollsecs

The time at which the zone's last KSK rollover completed.  This value is used
to derive the I<ksk_rolldate> field.

 * loglevel

The B<rollerd> logging level for this zone.

 * maxerrors

The maximum number of consecutive errors for the zone.  After this count has
been exceeded, the zone will be changed to be a I<skip> zone.  If a zone
doesn't have this field set, the I<zone_errors> configuration value will be
used instead.

 * maxttl

The maximum time-to-live for the zone.  This is measured in seconds.

 * phasestart

The time-stamp of the beginning of the zone's current phase.

 * zonefile

The zone's zone file.

 * zonegroup

The zone's zonegroup.  This is used to associate related zones for group
I<rollctl> commands.  This field is optional.

 * zonename

The zone's name.  If this is not given, then B<rollerd> will create a new
I<zonename> field using the name of the I<rollrec> record.

 * zsargs

The user-specified arguments for B<zonesigner>.  This field is set by the
B<rollctl -zsargs> command to allow modification of a zone's rollover options
without having to restart B<rollerd>.

 * zskphase

The zone's current ZSK rollover phase.  A value of zero indicates that the zone
is not in rollover, but is in normal operation.  A value of 1, 2, 3, 4
indicates that the zone is in that phase of ZSK rollover.

 * zsk_rolldate

The time at which the zone's last ZSK rollover completed.  This is only used
to provide a human-readable format of the timestamp.  It is derived from the
I<zsk_rollsecs> field.

 * zsk_rollsecs

The time at which the zone's last ZSK rollover completed.  This value is used
to derive the I<zsk_rolldate> field.

=head1 EXAMPLES

The following is an example of a roll I<rollrec>:

    roll "example"
            zonename        "example.com"
            zonefile        "example.signed"
            keyrec          "example.krf"
            zonegroup       "example zones"
            kskphase        "1"
            zskphase        "0"
            administrator   "bob@bobbox.example.com"
            loglevel        "info"
            maxttl          "60"
            display         "1"
	    zsargs          "-zsklength 2048"
            ksk_rollsecs    "1172614842"
            ksk_rolldate    "Tue Feb 27 22:20:42 2007"
            zsk_rollsecs    "1172615087"
            zsk_rolldate    "Tue Feb 27 22:24:47 2007"
            phasestart      "Mon Feb 20 12:34:56 2007"

The following is an example of a skip I<rollrec>:

    skip "test.com"
            zonename        "test.com"
            zonefile        "test.com.signed"
            keyrec          "test.com.krf"
            kskphase        "0"
            zskphase        "2"
            administrator   "tess@test.com"
            loglevel        "info"
            maxttl          "60"
            display         "1"
            ksk_rollsecs    "1172614800"
            ksk_rolldate    "Tue Feb 27 22:20:00 2007"
            zsk_rollsecs    "1172615070"
            zsk_rolldate    "Tue Feb 27 22:24:30 2007"
            phasestart      "Mon Feb 20 12:34:56 2007"

=head1 COPYRIGHT

Copyright 2006-2012 SPARTA, Inc.  All rights reserved.
See the COPYING file included with the DNSSEC-Tools package for details.

=head1 AUTHOR

Wayne Morrison, tewok@tislabs.com

=head1 SEE ALSO

B<lsroll(1)>

B<blinkenlights(8)>,
B<rollctl(8)>,
B<rollerd(8)>,
B<zonesigner(8)>

B<Net::DNS::SEC::Tools::keyrec(3)>,
B<Net::DNS::SEC::Tools::rollrec(3)>

B<keyrec(5)>

=cut