cascade keyset
Synopsis
cascade [GLOBAL OPTIONS] keyset <ZONE> ksk|zsk|csk|algorithm [OPTIONS] <COMMAND>
cascade [GLOBAL OPTIONS] keyset <ZONE> remove-key [OPTIONS] <KEY>
cascade [GLOBAL OPTIONS] keyset <ZONE> get [RR]
Description
Execute manual key roll or key removal commands.
Global Options
See Cascade CLI for information about global options supported by every CLI command.
Commands
- ksk
Command for KSK rolls.
- zsk
Command for ZSK rolls.
- csk
Command for CSK rolls.
- algorithm
Command for algorithm rolls.
- remove-key
Remove a key from the key set.
- get
Get the key or keys for a zone as DS, DNSKEY, or CDS RRsets.
Key roll commands for ksk|zsk|csk|algorithm
- start-roll
Start a key roll.
- propagation1-complete <TTL>
Inform keyset that the changed RRsets and signatures have propagated.
TTL is the maximum TTL of the zone.
- cache-expired1
Inform keyset that enough time has passed that caches should have expired.
- propagation2-complete <TTL>
Inform keyset that the changed RRsets and signatures have propagated.
TTL is the maximum TTL of the zone.
- cache-expired2
Inform keyset that enough time has passed that caches should have expired.
- roll-done
Report that the final changes have propagated and the roll is done
Arguments for keyset remove-key
- <KEY>
The key to remove. This is the key’s URI as reported by
cascade zone status.
Options for keyset remove-key
- --force
Force a key to be removed even if the key is not stale.
- --continue
Continue when removing the underlying keys fails.
Arguments for keyset get
- [RR]
The RRset to print.
ds,dnskey, orcds.The CDS RRset includes the CDNSKEY RRset and signatures.
Note
The DS and CDS RRset is only available during the appropriate step of a key roll. So, if the output is empty, check the zone’s key roll status to see if it may still be waiting for propagation of e.g. the new DNSKEY. If you need the DS RRset even if cascade is still waiting for propagation, you can use
cascade keyset <zone> get dnskey | dnst key2ds -n /dev/stdin.
See Also
- https://cascade.docs.nlnetlabs.nl
Cascade online documentation
- cascade(1)
- cascaded(1)
- cascade-dnst-keyset(1)
Further documentation of the key roll commands (and more)