table of contents
| KZONESIGN(1) | Knot DNS | KZONESIGN(1) |
NAME¶
kzonesign - DNSSEC signing utility
SYNOPSIS¶
kzonesign [options] -c conf_file zone_name
DESCRIPTION¶
This utility reads the zone's zone file, signs the zone according to given configuration, and writes the signed zone file back.
Options¶
- -c, --config conf_file
- Knot DNS configuration file (same as for knotd).
- -o, --outdir dir_name
- Write the output zone file to the specified directory insted of the configured one.
- -r, --rollover
- Allow key roll-overs and NSEC3 re-salt. In order to finish possible KSK submission, set the KSK's active timestamp to now (+0) using keymgr.
- -t, --time timestamp
- Sign the zone (and roll the keys if necessary) as if it was at the time specified by timestamp.
- -h, --help
- Print the program help.
- -V, --version
- Print the program version.
Parameters¶
- zone_name
- A name of the zone to be signed.
EXIT VALUES¶
Exit status of 0 means successful operation. Any other exit status indicates an error.
SEE ALSO¶
knot.conf(5), keymgr(8).
AUTHOR¶
CZ.NIC Labs <https://www.knot-dns.cz>
COPYRIGHT¶
Copyright 2010–2021, CZ.NIC, z.s.p.o.
| 2021-08-10 | 3.1.1 |