-
Notifications
You must be signed in to change notification settings - Fork 11
jdnssec signzone
David Blacka edited this page Jan 17, 2017
·
1 revision
This is the main zone signing tool. It will take an unsigned or previously-signed zone and sign it.
usage: jdnssec-signzone [..options..] zone_file [key_file ...]
-3,--use-nsec3 use NSEC3 instead of NSEC
-A,--alg-alias <alias:original:mnemonic> Define an alias for an
algorithm
-a,--verify verify generated signatures>
-d,--keyset-directory <dir> directory to find keyset files
(default '.').
-D,--key-directory <dir> directory to find key files
(default '.').
--ds-digest <id> Digest algorithm to use for
generated DSs
-e,--expire-time <time/offset> signature expiration time
(default is start-time + 30
days).
-F,--fully-sign-keyset sign the zone apex keyset with
all available keys.
-f <outfile> file the signed zone is written
to (default is
<origin>.signed).
-h,--help Print this message.
-I,--include-file <file> include names in this file in
the NSEC/NSEC3 chain.
--iterations <value> use this value for the
iterations in NSEC3.
-k,--ksk-file <KSK file> this key is a key signing key
(may repeat).
-m,--multiline Output DNS records using
'multiline' format
--nsec3paramttl <ttl> use this value for the
NSEC3PARAM RR ttl
-O,--use-opt-out generate a fully Opt-Out zone
(only valid with NSEC3).
-R,--random-salt <length> generate a random salt.
-s,--start-time <time/offset> signature starting time
(default is now - 1 hour)
-S,--salt <hex value> supply a salt value.
-v,--verbose <level> verbosity level -- 0 is
silence, 3 is info, 5 is debug
information, 6 is trace
information. default is level 2
(warning)
-V,--verbose-signing Display verbose signing
activity.