Jump to first page
 -111
Toolbag: dnssec-signzone
nUsage:
n
n     dnssec-signzone [options] -k [keysignkeys] zonefile [keys]
n
n
nIf the name of your zonefile is not the name of the zone then use the Ðo <origin> option
nYou might need the Ô-r /dev/urandomÕ option on your OS
nChoose which key to use as zone signing and which key to use as key signing key.
uThere is no distinction in filename or RR content to distinguish between the two types of keys yet
nYour keyset is extracted as a bonusÉ ready to go to parent
Options: (default value in parenthesis)
        -c class (IN)
        -d directory
                directory to find signedkey files (.)
        -s YYYYMMDDHHMMSS|+offset:
                SIG start time - absolute|offset (now)
        -e YYYYMMDDHHMMSS|+offset|"now"+offset]:
                SIG end time  - absolute|from start|from now (now + 30 days)
        -i interval:
                cycle interval - resign if < interval from end ( (end-start)/4 )
        -v debuglevel (0)
        -o origin:
                zone origin (name of zonefile)
        -f outfile:
                file the signed zone is written in (zonefile + .signed)
        -r randomdev:
                a file containing random data
        -a:     verify generated signatures
        -p:     use pseudorandom data (faster but less secure)
        -t:     print statistics
        -n ncpus (number of cpus present)

Signing Keys: (default: all zone keys that have private keys)
        keyfile (Kname+alg+tag)



See draft-ietf-dnsext-keyrr-key-signing-flag-00.txt for the details on how to distinguish between the two types of keys.