Name
dnssec-signzone
Synopsis
dnssec-signzone [options
]zonefile
[key-identifiers
]
System administration command. Sign a secure DNS zonefile with the signatures in the specified list of key-identifiers. If signed keysets associated with the zone are found in the current directory, include their signatures in the signed zone file. The dnssec-signzone command writes the signed zone information to a file named db- domainname.signed. This file should be referenced in a zone statement in a named.conf file. For more information on Secure DNS, see DNS and BIND (O’Reilly), or read RFC 2535.
Options
- -a
Verify generated signatures.
- -c class
Specify the DNS class of the keyset.
- -d directory
Search directory for signed key files.
- -e end-time
Specify the date and time the records will expire. The end-time may be specified in yyyymmddhhmmss notation, or given as + N seconds from the start-time. The default is 30 days from start-time.
- -h
Print help message, then exit.
- -i days
When signing a previously signed zone, replace any records due to expire within the specified number of days. The default is one quarter of the number of days between the signature’s start-time and end-time.
- -n threads
Specify the number of threads to use when signing the zone file. The default is one for each detected CPU.
- -o origin
Specify the zone origin. The name of the zone file is the default origin.
- -p
Use pseudo-random data to sign the zone key.
- -r device
Specify the device to use as a source of randomness when creating ...
Get Linux in a Nutshell, Fourth Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.