kzonesign – DNSSEC signing utility¶
Synopsis¶
kzonesign [config_option config_argument] [options] zone_name
Description¶
This utility reads the zone’s zone file, signs the zone according to given configuration, and writes the signed zone file back.
Config options¶
- -c, –config file
- Use a textual configuration file (default is
@config_dir@/knot.conf). - -C, –confdb directory
- Use a binary configuration database directory (default is
@storage_dir@/confdb). The default configuration database, if exists, has a preference to the default configuration file.
Options¶
- -o, –outdir dir_name
- Write the output zone file to the specified directory instead of the configured one.
- -r, –rollover
- Allow key roll-overs and NSEC3 re-salt. In order to finish possible KSK submission, set the KSK’s active timestamp to now (+0) using keymgr.
- -v, –verify
- Instead of (re-)signing the zone, just verify that the zone is correctly signed.
- -t, –time timestamp
- Sign/verify the zone (and roll the keys if necessary) as if it was at the time specified by timestamp.
- -h, –help
- Print the program help.
- -V, –version
- Print the program version.
Parameters¶
- zone_name
- A name of the zone to be signed.
Exit values¶
Exit status of 0 means successful operation. Any other exit status indicates an error.
See Also¶
knot.conf(5), keymgr(8).
