Man page - cascade-zone(1)
Packages contas this manual
Manual
| CASCADE-ZONE(1) | Cascade | CASCADE-ZONE(1) |
NAME
cascade-zone - Manage zones
SYNOPSIS
cascade zone [OPTIONS] <COMMAND>
cascade zone [OPTIONS] add [OPTIONS] --source <SOURCE> --policy <POLICY> <NAME>
cascade zone [OPTIONS] remove <NAME>
cascade zone [OPTIONS] list
cascade zone [OPTIONS] reload <NAME>
cascade zone [OPTIONS] approve <--unsigned|--signed> <NAME> <SERIAL>
cascade zone [OPTIONS] reject <--unsigned|--signed> <NAME> <SERIAL>
cascade zone [OPTIONS] status [--detailed] <NAME>
cascade zone [OPTIONS] history <NAME>
DESCRIPTION
Manage Cascade's zones.
OPTIONS
- -h, --help
- Print the help text (short summary with -h, long help with --help).
COMMANDS
- add
- Register a new zone.
- remove
- Remove a zone.
- list
- List registered zones.
- reload
- Reload a zone.
- approve
- Approve a zone being reviewed.
- reject
- Reject a zone being reviewed.
- status
- Get the status of a single zone.
- history
- Get the history of a single zone.
OPTIONS FOR ZONE ADD
- --source <SOURCE>
- The zone source can be an IP address (with or without port, defaults to port 53) or a file path.
- --policy <POLICY>
- Policy to use for this zone.
Note: At present to use a HSM with a zone the HSM must exist and be configured in the policy used by the zone when the zone is added. It is not possible to change it later in this alpha version of Cascade.
- --import-public-key <IMPORT_PUBLIC_KEY>
- Import a public key to be included in the DNSKEY RRset.
This needs to be a file path accessible by the Cascade daemon.
- --import-ksk-file <IMPORT_KSK_FILE>
- Import a key pair as a KSK.
The file path needs to be the public key file of the KSK. The private key file name is derived from the public key file.
- --import-zsk-file <IMPORT_ZSK_FILE>
- Import a key pair as a ZSK.
The file path needs to be the public key file of the ZSK. The private key file name is derived from the public key file.
- --import-csk-file <IMPORT_CSK_FILE>
- Import a key pair as a CSK.
The file path needs to be the public key file of the CSK. The private key file name is derived from the public key file.
- --import-ksk-kmip <server> <public_id> <private_id> <algorithm> <flags>
- Import a KSK from an HSM.
- --import-zsk-kmip <server> <public_id> <private_id> <algorithm> <flags>
- Import a ZSK from an HSM.
- --import-csk-kmip <server> <public_id> <private_id> <algorithm> <flags>
- Import a CSK from an HSM.
- -h, --help
- Print the help text (short summary with -h, long help with --help).
OPTIONS FOR ZONE APPROVE
- <--unsigned|--signed>
- Whether the zone to approve is at the unsigned or signed review stage.
- <NAME>
- The name of the zone to approve.
- <SERIAL>
- The serial number of the zone to approve.
OPTIONS FOR ZONE REJECT
- <--unsigned|--signed>
- Whether the zone to reject is at the unsigned or signed review stage.
- <NAME>
- The name of the zone to reject.
- <SERIAL>
- The serial number of the zone to reject.
OPTIONS FOR ZONE STATUS
- --detailed
- Print detailed information about the zone, including a zone's DNSSEC key identifiers in use, as well as the new DNSKEY records during key rolls.
SEE ALSO
- https://cascade.docs.nlnetlabs.nl
- Cascade online documentation
- cascade(1)
- Cascade CLI
- cascaded(1)
- Cascade Daemon
- cascaded-config.toml(5)
- Configuration File Format
- cascaded-policy.toml(5)
- Policy File Format
AUTHOR
NLnet Labs <cascade@nlnetlabs.nl>
COPYRIGHT
2025–2025, NLnet Labs
| November 21, 2025 | 0.1.0-alpha5 |