Man page - cascade-zone(1)

Packages contains this manual

Package:  cascade
apt-get install cascade

Manuals in package:
• cascade-policy(1)
• cascade-template(1)
• cascaded-policy.toml(5)
• cascade-health(1)
• cascaded-config.toml(5)
• cascade-keyset(1)
• cascade-zone(1)
• cascaded(1)
• cascade-config(1)
• cascade(1)
• cascade-status(1)
• cascade-hsm(1)
Documentations in package:
• cascade

Manual

CASCADE-ZONE

NAME
SYNOPSIS
DESCRIPTION
OPTIONS
COMMANDS
OPTIONS FOR ZONE ADD
OPTIONS FOR ZONE APPROVE
OPTIONS FOR ZONE REJECT
OPTIONS FOR ZONE STATUS
SEE ALSO
AUTHOR
COPYRIGHT

---

NAME

cascade-zone - Manage zones

SYNOPSIS

cascade zone [OPTIONS] <COMMAND>

cascade zone [OPTIONS] add [OPTIONS] --source <SOURCE> --policy <POLICY> <NAME>

cascade zone [OPTIONS] remove <NAME>

cascade zone [OPTIONS] list

cascade zone [OPTIONS] reload <NAME>

cascade zone [OPTIONS] approve <--unsigned|--signed> <NAME> <SERIAL>

cascade zone [OPTIONS] reject <--unsigned|--signed> <NAME> <SERIAL>

cascade zone [OPTIONS] status [--detailed] <NAME>

cascade zone [OPTIONS] history <NAME>

DESCRIPTION

Manage Cascade's zones.

OPTIONS

-h, --help

Print the help text (short summary with -h , long help with --help ).

COMMANDS

	add		Register a new zone.
	remove		Remove a zone.
	list		List registered zones.
	reload		Reload a zone.

approve

Approve a zone being reviewed.

	reject		Reject a zone being reviewed.
	status		Get the status of a single zone.

history

Get the history of a single zone.

OPTIONS FOR ZONE ADD

--source <SOURCE>

The zone source can be an IP address (with or without port, defaults to port 53) or a file path.

--policy <POLICY>

Policy to use for this zone.

Note: At present to use a HSM with a zone the HSM must exist and be configured in the policy used by the zone when the zone is added. It is not possible to change it later in this alpha version of Cascade.

--import-public-key <IMPORT_PUBLIC_KEY>

Import a public key to be included in the DNSKEY RRset.

This needs to be a file path accessible by the Cascade daemon.

--import-ksk-file <IMPORT_KSK_FILE>

Import a key pair as a KSK.

The file path needs to be the public key file of the KSK. The private key file name is derived from the public key file.

--import-zsk-file <IMPORT_ZSK_FILE>

Import a key pair as a ZSK.

The file path needs to be the public key file of the ZSK. The private key file name is derived from the public key file.

--import-csk-file <IMPORT_CSK_FILE>

Import a key pair as a CSK.

The file path needs to be the public key file of the CSK. The private key file name is derived from the public key file.

--import-ksk-kmip <server> <public_id> <private_id> <algorithm> <flags>

Import a KSK from an HSM.

--import-zsk-kmip <server> <public_id> <private_id> <algorithm> <flags>

Import a ZSK from an HSM.

--import-csk-kmip <server> <public_id> <private_id> <algorithm> <flags>

Import a CSK from an HSM.

-h, --help

Print the help text (short summary with -h , long help with --help ).

OPTIONS FOR ZONE APPROVE

<--unsigned|--signed>

Whether the zone to approve is at the unsigned or signed review stage.

<NAME>

The name of the zone to approve.

<SERIAL>

The serial number of the zone to approve.

OPTIONS FOR ZONE REJECT

<--unsigned|--signed>

Whether the zone to reject is at the unsigned or signed review stage.

<NAME>

The name of the zone to reject.

<SERIAL>

The serial number of the zone to reject.

OPTIONS FOR ZONE STATUS

--detailed

Print detailed information about the zone, including a zone's DNSSEC key identifiers in use, as well as the new DNSKEY records during key rolls.

SEE ALSO

https://cascade.docs.nlnetlabs.nl

Cascade online documentation

cascade (1)

Cascade CLI

cascaded (1)

Cascade Daemon

cascaded-config.toml (5)

Configuration File Format

cascaded-policy.toml (5)

Policy File Format

AUTHOR

NLnet Labs <cascade@nlnetlabs.nl>

COPYRIGHT

2025–2025, NLnet Labs

---