dnssec-signzone

DNSSEC zone-signing tool

Syntax:

dnssec-signzone [-a] [-c class] [-d directory] [-e end-time]
                [-f output-file] [-g] [-h] [-k key] [-l domain]
                [-i interval] [-I input-format] [-j jitter]
                [-N soa-serial-format] [-o origin]
                [-O output-format] [-p] [-r randomdev]
                [-s start-time] [-t] [-v level]
                [-z] {zonefile} [key...]

Runs on:

Neutrino

Options:

See http://netbsd.gw.com/cgi-bin/man-cgi?dnssec-signzone++NetBSD-5.0 in the NetBSD documentation.

Description:

The dnssec-signzone utility signs a zone. It generates NSEC and RRSIG records and produces a signed version of the zone. The security status of delegations from the signed zone (that is, whether the child zones are secure or not) is determined by the presence or absence of a keyset file for each child zone. For more information, see http://netbsd.gw.com/cgi-bin/man-cgi?dnssec-signzone++NetBSD-5.0 in the NetBSD documentation.

See also:

dnssec-dsfromkey, dnssec-keygen in the NetBSD documentation