.\" Man page generated from reStructuredText. . .TH "KZONESIGN" "1" "2022-04-28" "3.1.8" "Knot DNS" .SH NAME kzonesign \- DNSSEC signing utility . .nr rst2man-indent-level 0 . .de1 rstReportMargin \\$1 \\n[an-margin] level \\n[rst2man-indent-level] level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] - \\n[rst2man-indent0] \\n[rst2man-indent1] \\n[rst2man-indent2] .. .de1 INDENT .\" .rstReportMargin pre: . RS \\$1 . nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin] . nr rst2man-indent-level +1 .\" .rstReportMargin post: .. .de UNINDENT . RE .\" indent \\n[an-margin] .\" old: \\n[rst2man-indent\\n[rst2man-indent-level]] .nr rst2man-indent-level -1 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. .SH SYNOPSIS .sp \fBkzonesign\fP [\fIoptions\fP] \fB\-c\fP \fIconf_file\fP \fIzone_name\fP .SH DESCRIPTION .sp This utility reads the zone\(aqs zone file, signs the zone according to given configuration, and writes the signed zone file back. An alternative mode is DNSSEC validation of the given zone. The signing or validation can run in parallel if enabled in the configuration (see policy.signing\-threads and zone.adjust\-threads). .SS Options .INDENT 0.0 .TP \fB\-c\fP, \fB\-\-config\fP \fIconf_file\fP Knot DNS configuration file (same as for knotd). .TP \fB\-o\fP, \fB\-\-outdir\fP \fIdir_name\fP Write the output zone file to the specified directory instead of the configured one. .TP \fB\-r\fP, \fB\-\-rollover\fP Allow key roll\-overs and NSEC3 re\-salt. In order to finish possible KSK submission, set the KSK\(aqs \fBactive\fP timestamp to now (\fB+0\fP) using keymgr\&. .TP \fB\-v\fP, \fB\-\-verify\fP Instead of (re\-)signing the zone, just verify that the zone is correctly signed. .TP \fB\-t\fP, \fB\-\-time\fP \fItimestamp\fP Sign/verify the zone (and roll the keys if necessary) as if it was at the time specified by timestamp. .TP \fB\-h\fP, \fB\-\-help\fP Print the program help. .TP \fB\-V\fP, \fB\-\-version\fP Print the program version. .UNINDENT .SS Parameters .INDENT 0.0 .TP \fIzone_name\fP A name of the zone to be signed. .UNINDENT .SH EXIT VALUES .sp Exit status of 0 means successful operation. Any other exit status indicates an error. .SH SEE ALSO .sp \fBknot.conf(5)\fP, \fBkeymgr(8)\fP\&. .SH AUTHOR CZ.NIC Labs .SH COPYRIGHT Copyright 2010–2022, CZ.NIC, z.s.p.o. .\" Generated by docutils manpage writer. .