vantaged(8)			   Vantages			   vantaged(8)

NAME

       vantaged - A daemon that will work to verify DNSSEC keys.

SYNOPSIS

       vantaged  [-c  cfgfile]	[-r  runs]  [-p pidfile] [-o logfile] [-g] [-u
       user] [-l] [-h]

DESCRIPTION

       vantaged Vantages is a general framework for doing distributed monitor-
       ing  and  actuation.   The  framework  centers  around  a single daemon
       (called vantaged) that is designed to be run on an operational  system.
       Vantages stores all of its data in a SQLite database and runs an embed-
       ded web-server for administration and peering.  Though  Vantages  is  a
       generic framework, its current applications focus on operational issues
       surrounding DNSSEC.  In this context, the daemon hosts several  differ-
       ent  operations	and  can  be configured to help maintain DNSSEC opera-
       tions.  The following is a short description  of  the  applications  in
       Vantages, and section 5 (Running Vantages) of the README discusses them
       in more detail.

       The first application is called ``D-Sync'' and it monitors  the	secure
       delegation state between a child zone's DNSKEY(s) and the parent zone's
       DS record(s) for that child.  D-Sync uses a state-engine to track  con-
       sistency during DNSKEY rollovers and DS record updates and alerts oper-
       ators to various events.

       The second Vantages application is called  the  ``DNSKEY  learning  and
       verification''  system.	 This application tracks the DNSKEYs for a set
       of DNSSEC zones that an operator may specify.  The  current  collection
       procedures can be over DNS or by scraping DNSKEYs off of web pages with
       custom Perl scripts.  Each DNSKEY source (HTTP or DNS) is specified  by
       a URL and is periodically polled (once a day by default).  After learn-
       ing the keys for zones, this application uses a list of user-configured
       ``friends''  (other  vantage  daemons) to verify the consistency of the
       values seen.  The validity of the keys is determined based  on  consis-
       tency  rules  discussed	below.	Keys  that  are ``confirmed'' are then
       entered into a BIND-style trusted keys file that can be	directly  used
       by  unbound or BIND resolvers.  This application can also be configured
       to use libpcap to automatically learn the DNS zones to monitor.

OPTIONS

       The options are:

       -c <configure file>
	      This file overrides the default  location  of  the  config  file
	      (/etc/vantaged.conf)

       -r <runs>
	      The number of loops before the daemons will exit.

       -p <log file>
	      a file to contain the PID of the daemon process.

       -o <log file>
	      a file to contain the output of the daemon process

       -g     Run the daemon in the foreground.

       -u <user>
	      Drop permissions to this user after init.

       -l     The  output  message  logging  level.   DEBUG | INFO | WARNING |
	      ERROR | CRITICAL

       -h     Display a helpful reminder of this information.

SEE ALSO

       vantaged.conf, dnsfunnel, dnskey-grab.

AUTHORS

       vantaged was developed by Eric Osterweil and has benefited greatly from
       the assistance of Ben Tuchscher, Brendan Sheridan, and Dave Oko

CONTACT

       tools@netsec.colostate.edu



UCLA/CSU NetSec 		 Jul 20, 2009			   vantaged(8)