Name
dnssec-signkey
Synopsis
dnssec-signkey [options] keyset
key-identifiers
System administration command. Sign a secure DNS keyset with the key signatures specified in the list of key-identifiers. A zone administrator would use this command to sign a child zone’s keyset with the parent zone’s keys. For more information on Secure DNS, see DNS and BIND (O’Reilly), or read RFC 2535.
Options
- -a
Verify generated signatures.
- -c class
Specify the DNS class of the keyset.
- -e end-time
Specify the date and time the records will expire. The end-time may be specified in yyyymmddhhmmss notation, or as + N seconds from the start-time. The default is 30 days from start-time.
- -h
Print help message, then exit.
- -p
Use pseudo-random data to sign the zone key.
- -r device
Specify the device to use as a source of randomness when creating keys. This can be a device file, a file containing random data, or the string keyboard to specify keyboard input. By default, /dev/random will be used when available, and keyboard input will be used when it is not.
- -s start-time
Specify the date and time the records become valid. The end-time may be specified in yyyymmddhhmmss notation, or given as + N seconds from the current time. The default is the current time.
Get Linux in a Nutshell, Fourth Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
