Internet Services Delta Manual for HP-UX 11i Version 1.6
Table 9 New Command Line Options
UsageOptionsBinaries/Tools
Set the source IP address of the
query to address. This must be a
valid address on one of the host's
network interfaces.
-bdig
Sign the DNS queries sent by dig
and their responses using
transaction signatures (TSIG).
-kdig
Specify the TSIG key on the
command line.
-ydig
Verify all generated signatures.-adnssec-makekeyset &
dnssec-signkey
Specify the DNS class of the key
sets. Currently only IN class is
supported.
-c classdnssec-signkey
Specify the date and time when the
generated SIG records become
invalid. If no end-time is specified,
30 days from the start time will be
used as a default.
-e end-timednssec-signkey
Specify the data and time when the
generated SIG records become
valid. This can be either an
absolute or relative time. If no
start-time is specified, the current
time will be used.
-s start-timednssec-signkey
Look for signedkey files in
directory as the directory.
-d directorydnssec-signzone
Print a short summary of the options
and arguments to
dnssec-signzone.
-hdnssec-signzone
Specify the cycle interval as an
offset from the current time (in
seconds). If a SIG record expires
after the cycle interval, it is
retained. Else, it is considered to
be expiring soon and will be
replaced. The default cycle interval
is one quarter of the difference
between signature end and start
times. If neither end-time nor
start-time is specified,
dnssec-signzone generates
signatures that are valid for 30
days and with a cycle interval of
7.5 days. If any existing SIG
record expires in less than 7.5
days, they would be replaced.
-i intervaldnssec-signzone
Specify the number of threads to
use. By default, one thread is
started for each CPU.
-n ncpusdnssec-signzone
Specify the zone origin. If no zone
origin is specified, the name of the
zone file will be considered as the
origin.
-o origindnssec-signzone
Chapter Overview 41