DragonFly On-Line Manual Pages

Search: Section:  

ods-auditor(1)              OpenDNSSEC ods-auditor              ods-auditor(1)


NAME

       ods-auditor - OpenDNSSEC Auditor


SYNOPSIS

       ods-auditor [-c path] [-k path] [-s path] [-u path] -z name [-f|-p]
       ods-auditor [-h]
       ods-auditor [-v]


DESCRIPTION

       ods-auditor is a module which provides auditing capabilities to
       OpenDNSSEC.

       Once an unsigned zone has been signed, this module can be used to check
       that the signing process has run successfully. It checks that no data
       has been lost (or non-DNSSEC data added), and that all the DNSSEC
       records are correct. It uses the OpenDNSSEC standard logging (defined
       in /usr/local/etc/opendnssec/conf.xml).

       The Auditor takes the signed and unsigned zones and compares them. It
       first parses both files, and creates transient files which are then
       sorted into canonical order. These files are then processed by the
       Auditor. If processing an NSEC3-signed file, the Auditor will create
       additional temporary files, which are processed after the main auditing
       run.


OPTIONS

       -c, --conf path
              Path to an OpenDNSSEC configuration file

              (defaults to /usr/local/etc/opendnssec/conf.xml)

       -k, --kasp path
              Path to KASP policy file

              (defaults to the path given in the configuration file)

       -z, --zone name
              Only audit the specified zone

              (defaults to audit all zones)

       -s, --signed path
              If a single zone is specified, then this option may override the
              default location of the signed zone file with another. This is
              for use by the signer.

              (defaults to the path given in the zone list)

       -u, --unsigned path
              If a single zone is specified, then this option may override the
              default location of the unsigned zone file with another. This is
              for use by the signer.

              (defaults to the path given in the zone list)

       -f, --full
              Perform a full audit

       -p, --partial
              Perform a partial audit

       -v, --version
              Display version information

       -h, -?, --help
              Show the help screen


SEE ALSO

       ods-control(8), ods-enforcerd(8), ods-hsmspeed(1), ods-hsmutil(1),
       ods-kaspcheck(1), ods-ksmutil(1), ods-signer(8), ods-signerd(8),
       ods-timing(5), opendnssec(7), http://www.opendnssec.org/


AUTHORS

       ods-auditor was written by Alex Dalitz and Nominet as part of the
       OpenDNSSEC project.

OpenDNSSEC                       February 2010                  ods-auditor(1)

Search: Section: