Name
dnssec-makekeyset
Synopsis
dnssec-makekeyset [options] key-identifiers
System administration command. Generate a domain keyset from one or more DNS Security keys generated by dnssec-keygen. Keysets can be sent to parent zone administrators to be signed with the zone key. The keyset is written to a file with the name keyset-domainname. For more information on Secure DNS, see DNS and BIND (O’Reilly), or read RFC 2535.
Options
- -a
Verify all generated signatures.
- -e end-time
Specify the date and time the records will expire. The end-time may be specified in yyyymmddhhmmss notation, or as + N seconds from the start-time. The default is 30 days from start-time.
- -h
Print help message, then exit.
- -p
Use pseudo-random data to sign the zone key.
- -r device
Specify the device to use as a source of randomness when creating keys. This can be a device file, a file containing random data, or the string keyboard to specify keyboard input. By default, /dev/random will be used when available, and keyboard input will be used when it is not.
- -s start-time
Specify the date and time the records become valid. The end-time may be specified in yyyymmddhhmmss notation, or as + N seconds from the current time. The default is the current time.
- -t ttl
Specify the TTL (time to live) in seconds for the KEY and SIG records. Default is 3600 seconds.
Get Linux in a Nutshell, Fourth Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
