System administration command. Sign a secure DNS keyset with the key signatures specified in the list of key-identifiers. A zone administrator would use this command to sign a child zone’s keyset with the parent zone’s keys. For more information on Secure DNS, see DNS and BIND (O’Reilly), or read RFC 2535.
Verify generated signatures.
Specify the DNS class of the keyset.
Specify the date and time the records will expire. The end-time may be specified in yyyymmddhhmmss notation, or as + N seconds from the start-time. The default is 30 days from start-time.
Print help message, then exit.
Use pseudo-random data to sign the zone key.
Specify the device to use as a source of randomness when creating keys. This can be a device file, a file containing random data, or the string keyboard to specify keyboard input. By default, /dev/random will be used when available, and keyboard input will be used when it is not.
Specify the date and time the records become valid. The end-time may be specified in yyyymmddhhmmss notation, or given as + N seconds from the current time. The default is the current time.