ods-auditor(1) auditor component of OpenDNSSEC


ods-auditor [options]


ods-auditor is a module which provides auditing capabilities to OpenDNSSEC.

Once an unsigned zone has been signed, this module is used to check that the signing process has run successfully. It checks that no data has been lost (or non-DNSSEC data added), and that all the DNSSEC records are correct. It used the OpenDNSSEC standard logging (defined in /etc/opendnssec/conf.xml).

The Auditor takes the signed and unsigned zones and compares them. It first parses both files, and creates transient files which are then sorted into canonical order. These files are then processed by the Auditor. If processing an NSEC3-signed file, the Auditor will create additional temporary files, which are processed after the main auditing run.

Specific options:

-c, --conf [PATH_TO_CONF_FILE]
Path to OpenDNSSEC configuration file

(defaults to /etc/opendnssec/conf.xml)

-k, --kasp [PATH_TO_KASP_FILE]
Path to KASP policy file

(defaults to the path given in the configuration file)

-z, --zone [ZONE_NAME]
Single zone to audit

(defaults to audit all zones)

-s,--signed [PATH_TO_SIGNED_FILE]
If a single zone is specified, then this option may override the specified signed file with another. This is for use by the signer.

(defaults to the path given in the zone list)

-v, --version
Display version information

Common options:

-h, -?, --help
Show this message