.\" In parts copyright (template) by: .\" .\" $OpenBSD: vmctl.8,v 1.39 2018/02/24 13:14:09 jmc Exp $ .\" .\" Copyright (c) 2018-2021 Peter J. Philipp .\" Copyright (c) 2015 Mike Larkin .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above .\" copyright notice and this permission notice appear in all copies. .\" .\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES .\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF .\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR .\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" .Dd $Mdocdate: January 6 2021 $ .Dt DDDCTL 8 .Os .Sh NAME .Nm dddctl .Nd control and manage delphinusdnsd .Sh SYNOPSIS .Nm .Ar command .Op Ar arg ... .Sh DESCRIPTION The .Nm utility is used to control, manage and sign delphinusdnsd (zone files) .Pp The commands are as follows: .Bl -tag -width Ds .It Cm bindfile Ar zonename zonefile Convert a .Xr delphinusdns.conf 5 zonefile to BIND format with the specified zonename domain name. .It Xo Cm configtest .Op Fl cn .Op Ar configfile .Xc Test the entire config, alternatively you can test a .Xr delphinusdns.conf 5 config file by specifying such a file. In case of configured rzones, when there is no .repl file in /var/delphinusdnsd/replicant/ it will pull the replicant file via a socket, unless the .Op Fl n flag has been specified. .It Cm help Ar [command] provides an in-binary help. Alternatively you can specify a subcommand to provide help for. Ie. .Nm help sign. .It Xo Cm query .Op Fl DITZ .Op Fl @ Ar server .Op Fl P Ar port .Op Fl p Ar file .Op Fl Q Ar server .Op Fl y Ar keyname:password .Xc performs rudamentary query operations on a DNS server. .Bl -tag -width "-I iterations" .It Fl D use the DO bit, to get DNSSEC answers. .It Fl I indent output. .It Fl T use TCP instead of UDP. .It Fl Z output in delphinusdnsd zonefile format. .It Fl @ Ar server queries the specified server (in IPv4 IP). .It Fl P Ar port query on the specified port. .It Fl p Ar file output/pipe to the specified file. .It Fl Q Ar server queries the specified server (is synonymous with -@). .It Fl y Ar keyname:password Use a TSIG keyname and password. The keyname is plaintext in a DNS name format , the password is in BASE64. This differs from dig in that the leading HMAC type is omitted because it's always type 'hmac-sha256'. .El .It Xo Cm sign .Op Fl KXZ .Op Fl a Ar algorithm .Op Fl B Ar bits .Op Fl e Ar seconds .Op Fl I Ar iterations .Op Fl i Ar inputfile .Op Fl k Ar KSK .Op Fl m Ar mask .Op Fl n Ar zonename .Op Fl o Ar output .Op Fl R Ar keyword .Op Fl S Ar pid .Op Fl s Ar salt .Op Fl t Ar ttl .Op Fl x Ar serial .Op Fl z Ar ZSK .Xc performs signing operations on a zonefile for DNSSEC operations. .Bl -tag -width "-I iterations" .It Fl K create a new KSK key. .It Fl X update serial to YYYYMMDD01. .It Fl Z create a new ZSK key. .It Fl a Ar algorithm use algorithm (integer). .It Fl B Ar bits use number of bits (integer). .It Fl e Ar seconds expiry in seconds. .It Fl I Ar iterations use (integer) NSEC3 iterations. .It Fl i Ar inputfile use the inputfile of unsigned zone. .It Fl k Ar KSK use provided KSK key-signing keyname. .It Fl m Ar mask run the following masked functions (used for debug). .It Fl n Ar zonename run for zonename zone. .It Fl o Ar output output to file, may be '-' for stdout. .It Fl R Ar keyword chooses a roll-over method. Current keywords are 'prep' and 'double' for Pre Publication Rollover Method or Double-Signature Rollover method respectively. Default is 'prep'. .It Fl S Ar pid sign with this pid ('KSK' or 'ZSK' if used in conjunction with [-ZK]). .It Fl s Ar salt salt for NSEC3 (in hexadecimal). .It Fl t Ar ttl time-to-live for DNSKEY's. .It Fl x Ar serial update serial in SOA to serial. .It Fl z Ar ZSK use provided ZSK zone-signing keyname. .El .It Cm sshfp Ar hostname [-k keyfile] [-t ttl] produces an SSHFP output on stdout in .Xr delphinusdnsd 8 format. .It Cm start Ar [-f configfile] [-I identstring] [-s path] starts .Xr delphinusdnsd 8 with an optional configfile and control socket path. .It Cm stop Ar [-I identstring] [-s path] stops delphinusdnsd with optional control socket path. .It Cm restart Ar [-I identstring] [-s path] restarts delphinusdnsd with optional control socket path. .Sh EXAMPLES To create a ZSK and a KSK key the first time one may do: .Pp dddctl sign -Z -K -n delphinusdns.org .Pp To sign a delphinusdns zone the first time one may do: .Pp dddctl sign -Z -K -a 13 -B 2048 -n delphinusdns.org -i delphinusdns.org.zone -o delphinusdns.org.zone.signed .Pp Please see the https://delphinusdns.org website for more examples. .Sh SEE ALSO .Xr delphinusdnsd 8 .Xr delphinusdns.conf 5 .Sh FILES .Bl -tag -width /var/delphinusdnsd/etc/delphinusdns.conf -compact .It Pa /var/delphinusdnsd/etc/delphinusdns.conf default configfile .It Pa /var/delphinusdnsd/replicant/ replicant zone files pulled via AXFR .It Pa /var/run/delphinusdnsd.sock default .Nm control socket .El .Sh BUGS On Linux, with a replicant zone set up in the configfile, a .Nm configtest will error out (at least on the Raspberry Pi), the first time. Subsequent configtests should state OK, so check for this. I haven't found the bug for this yet. Another bug is that dddctl query will not sanitize input from the net. This could be used to change characteristics of the terminal with means of escape codes. .Sh AUTHORS .An -nosplit .An Peter J. Philipp Aq Mt petphi@delphinusdns.org