zkt-conf [ -V|--view "name" ] [ -w|--write ] [ -s ] [ -c|--config "file" ] [ -O|--option "optstr" ]
zkt-conf [ -V|--view "name" ] [ -w|--write ] -l|--local [ -c|--config "file" ] [ -O|--option "optstr" ] zkt-conf [ -c "file" ] [ -w|--write ] "zonefile"
In general, the ZKT commands uses three sources for the config parameters:
3 a) The build-in default parameters
3 b) The side wide config file or the file specified with option -c will overload the built-in vars. The site wide config file is the file /var/named/dnssec.conf or the one set by the environment variable ZKT_CONF.
3 c) The local config file dnssec.conf in the current zone directory will also overload the parameters read so far.
Because of this overloading feature, none of the config files has to have a complete parameter set. Typically the local config file will have only those parameters which are different from the global or built-in ones.
The default operation of zkt-conf(8) is to print the site wide config file (same as option -s ). Option -d will print out the built-in defaults while -l just print the local config parameters which are different to the global ones. In the last case -a gives the complete ( --all ) parameter list.
In all forms of the command, the parameters are changeable via option -O ( --config-option ).
With option -w ( --write ) the parameters will be written back to the config file. This is useful in case of an ZKT upgrade or if one or more parameters are changed by option -O .
Option -t checks some of the parameter for reasonable values.
If the option -t is given, all config parameters are checked against reasonable values.
Which config file is shown (or modified or checked) is determined by option -d which means the built-in defaults, option -l which means the local config file or -s which specifies the site wide config file. Option -s is the default.
-V " view" ", --view=" view Try to read the default configuration out of a file named dnssec-<view>.conf . Instead of specifying the -V or --view option every time, it is also possible to create a hard or softlink to the executable file to give it an additional name like zkt-conf-<view> .
-c " file" ", --config=" file Read all parameter from the specified config file. Otherwise the default config file is read or build in defaults will be used.
-O " optstr" ", --config-option=" optstr Set any config file parameter via the commandline. Several config file options could be specified at the argument string but have to be delimited by semicolon (or newline).
-a ", " --all In case of showing the local config file parameter ( -l ) print all parameter, not just the ones different o the site wide or built-in defaults.
-h ", " --help Print out the online help.
-d ", " --built-in-defaults List all the built-in default paremeter.
-s ", " --sidecfg List all side wide config parameters (this is the default).
-l ", " --localconf List all local config parameters which are different to the site-wide config parameters. With otion -a ( --all ) all config parameters will be shown.
.fam C "zkt-conf -d .fam T Print the built-in default config pars.
.fam C "zkt-conf -d -w .fam T Write all the built-in defaults into the site wide config file.
.fam C "zkt-conf -s ---option "SerialFormat: unixtime; Zonedir: /var/named/zones" "-w .fam T Change two parameters in the site wide dnssec.conf file.
ZKT_CONFFILE Specifies the name of the default global configuration files.
/var/named/dnssec.conf Default global configuration file. The name of the default global config file is settable via the environment variable ZKT_CONFFILE.
/var/named/dnssec-<view>.conf View specific global configuration file.
./dnssec.conf Local configuration file (additionallx used in -l mode).
Some of the general options will not be meaningful in all of the command modes.
RFC4641 "DNSSEC Operational Practices" by Miek Gieben and Olaf Kolkman,
DNSSEC HOWTO Tutorial by Olaf Kolkman, RIPE NCC
(http://www.nlnetlabs.nl/dnssec_howto/)