Open System Services Shell and Utilities Reference Manual (G06.27+, H06.04+)
dnssec-signzone(8) OSS Shell and Utilities Reference Manual
NAME
dnssec-signzone - Runs the BIND 9 secure domain name server DNSSEC zone signing tool
SYNOPSIS
/etc/dns_secure/dnssec-signzone
[ -a ]
[ -c class ]
[ -d directory ]
[ -e end_time ]
[ -f output_file ]
[ -g ]
[ -h ]
[ -k key ]
[ -l domain ]
[ -i interval ]
[ -n nthreads ]
[ -o origin ]
[ -p ]
[ -r randomdev ]
[ -s start_time ]
[ -t ]
[ -v level ]
[ -z ]
zonefile
[key [...] ]
FLAGS
-a Verify all generated signatures.
-c class Specifies the DNS class of the zone.
-k key Treat the specified key as a key signing key, ignoring any key flags. This flag
may be specified multiple times.
-l domain Generate a DLV set in addition to the key (DNSKEY) and DS sets. The domain
name is appended to the name of the records.
-d directory Look for keyset files in directory as the current directory.
-e end_time Specify the date and time when the generated RRSIG records expire. As with
start_time, an absolute time is indicated in YYYYMMDDHHMMSS notation.
A time relative to the start time is indicated with +N, which is N seconds from
the start time. A time relative to the current time is indicated with now+N.Ifno
end_time is specified, 30 days from the start time is used as a default.
-g Generate DS records for child zones from keyset files. Existing DS records are
removed.
-s start_time Specify the date and time when the generated RRSIG records become valid.
This can be either an absolute or relative time. An absolute start time is indi-
cated by a number in YYYYMMDDHHMMSS notation; 20000530144500
denotes 14:45:00 UTC on May 30th, 2000. A relative start time is indicated by
+N, which is N seconds from the current time. If no start_time is specified, the
current time minus 1 hour (to allow for clock skew) is used.
12−16 Hewlett-Packard Company 527188-004