.TH opendkim-genzone 8 "The Trusted Domain Project" .SH NAME .B opendkim-genzone \- DKIM public key zone file generation tool .SH SYNOPSIS .B opendkim-genzone [\-C address] [\-d domain] [\-D] [\-M] [\-E secs] [\-F] [\-N ns[,...]] [\-o file] [\-r secs] [\-R secs] [\-s] [\-S] [\-t secs] [\-T secs] [\-u] [\-v] [\-x conffile] [dataset] .SH DESCRIPTION .B opendkim-genzone generates a file suitable for use with .I named(8) to publish a set of public keys. The .I dataset parameter should specify a set of data as described in the .I opendkim(8) man page. It can currently refer to flat files, Sleepycat databases, comma-separated lists, LDAP directories or SQL databases. The .I dataset may be omitted if a configuration file (via the .I \-x command line flag) is specified referring to a configuration file that sets a .I KeyTable parameter, in which case that value will be used. The database contents should be formatted as described for the .I KeyTable parameter, described in the .I opendkim.conf(5) man page. .SH OPTIONS .TP .I \-C contact Uses .I contact as the contact information to be used when an SOA record is generated (see .I \-S below). If not specified, the userid of the executing user and the local hostname will be used; if the executing user can't be determined, "hostmaster" will be used. .TP .I \-d domain Restricts output to those records for which the domain field is the specified .I domain. .TP .I \-D Adds a "._domainkey" suffix to selector names in the zone file. .TP .I \-M Restricts the keys for use in e-mail signing only. The default is to allow the keys to be used for any service. .TP .I \-E secs When generating an SOA record (see .I \-S below), use .I secs as the default record expiration time. The default is 604800. .TP .I \-F Adds a "._domainkey" suffix and the domainname to selector names in the zone file. .TP .I \-N nslist Specifies a comma-separated list of nameservers, which will be output in NS records before the TXT records. The first nameserver in this list will also be used in the SOA record (if .I \-S is also specified) as the authority hostname. .TP .I \-o file Sends output to the named .I file rather than standard output. .TP .I \-r secs When generating an SOA record (see .I \-S below), use .I secs as the zone refresh time. The default is 10800. .TP .I \-R secs When generating an SOA record (see .I \-S below), use .I secs as the zone retry time. The default is 1800. .TP .I \-s Extends the logic of "-d" to include subdomains. .TP .I \-S Asks for an SOA record to be generated at the top of the output. The content of this output can be controlled using the .I \-E, .I \-r, .I \-R, .I \-T options. The serial number will be generated based on the current time of day. .TP .I \-t ttl Puts a TTL (time-to-live) value of .I ttl on all records output. The units are in seconds. .TP .I \-T secs When generating an SOA record (see .I \-S below), use .I secs as the default record TTL time. The default is 86400. .TP .I \-u Produce output suitable for use as input to .B nsupdate(8). .TP .I \-v Increases the verbosity of debugging output written to standard error. .TP .I \-x conffile Names an .I opendkim.conf(5) file to be read for LDAP-specific parameters when an LDAP dataset is given on the command line. Not required for other dataset types. The default is .I /etc/opendkim.conf. .SH VERSION This man page covers the version of .I opendkim-genzone that shipped with version 2.11.0 of .I OpenDKIM. .SH COPYRIGHT Copyright (c) 2010, 2012, 2014, 2015, The Trusted Domain Project. All rights reserved. .SH SEE ALSO .I nsupdate(8), .I opendkim(8), .I opendkim.conf(5)