Scroll to navigation

KZONESIGN(1) Knot DNS KZONESIGN(1)

NAME

kzonesign - DNSSEC signing utility

SYNOPSIS

kzonesign [options] -c conf_file zone_name

DESCRIPTION

This utility reads the zone's zone file, signs the zone according to given configuration, and writes the signed zone file back.

Options

Knot DNS configuration file (same as for knotd).
Write the output zone file to the specified directory insted of the configured one.
Allow key roll-overs and NSEC3 re-salt. In order to finish possible KSK submission, set the KSK's active timestamp to now (+0) using keymgr.
Sign the zone (and roll the keys if necessary) as if it was at the time specified by timestamp.
Print the program help.
Print the program version.

Parameters

A name of the zone to be signed.

EXIT VALUES

Exit status of 0 means successful operation. Any other exit status indicates an error.

SEE ALSO

knot.conf(5), keymgr(8).

AUTHOR

CZ.NIC Labs <https://www.knot-dns.cz>

COPYRIGHT

Copyright 2010–2021, CZ.NIC, z.s.p.o.

2021-08-10 3.1.1