|
|
|
Options: (default
value in parenthesis)
|
|
-c class (IN)
|
|
-d directory
|
|
directory to find signedkey files (.)
|
|
-s YYYYMMDDHHMMSS|+offset:
|
|
SIG start time - absolute|offset (now)
|
|
-e YYYYMMDDHHMMSS|+offset|"now"+offset]:
|
|
SIG end time -
absolute|from start|from now (now + 30 days)
|
|
-i interval:
|
|
cycle interval - resign if < interval from end ( (end-start)/4 )
|
|
-v debuglevel (0)
|
|
-o origin:
|
|
zone origin (name of zonefile)
|
|
-f outfile:
|
|
file the signed zone is written in (zonefile + .signed)
|
|
-r randomdev:
|
|
a file containing random data
|
|
-a:
verify generated signatures
|
|
-p: use
pseudorandom data (faster but less secure)
|
|
-t:
print statistics
|
|
-n ncpus (number of cpus present)
|
|
|
|
Signing Keys:
(default: all zone keys that have private keys)
|
|
keyfile (Kname+alg+tag)
|
|
|
|
|
|
|
|
See
draft-ietf-dnsext-keyrr-key-signing-flag-00.txt for the details on how to
distinguish between the two types of keys.
|
|
|
|
|
|
|