Name
dnssec-makekeyset
Synopsis
dnssec-makekeyset [options] key-identifiers
System administration command. Generate a domain keyset from one or more DNS Security keys generated by dnssec-keygen. Keysets can be sent to parent zone administrators to be signed with the zone key. The keyset is written to a file with the name keyset-domainname. For more information on Secure DNS, see DNS and BIND (O’Reilly), or read RFC 2535.
Options
- -a
Verify all generated signatures.
- -e end-time
Specify the date and time the records will expire. The end-time may be specified in yyyymmddhhmmss notation, or as + N seconds from the start-time. The default is 30 days from start-time.
- -h
Print help message, then exit.
- -p
Use pseudo-random data to sign the zone key.
- -r device
Specify the device to use as a source of randomness when creating keys. This can be a device file, a file containing random data, or the string keyboard to specify keyboard input. By default, /dev/random will be used when available, and keyboard input will be used when it is not.
- -s start-time
Specify the date and time the records become valid. The end-time may be specified in yyyymmddhhmmss notation, or as + N seconds from the current time. The default is the current time.
- -t ttl
Specify the TTL (time to live) in seconds for the KEY and SIG records. Default is 3600 seconds.
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access