| KZONESIGN(1) | Knot DNS | KZONESIGN(1) |
NAME
kzonesign - DNSSEC signing utility
SYNOPSIS
kzonesign [config_option] [options] zone_name
DESCRIPTION
This utility reads the zone's zone file, signs the zone according to given configuration, and writes the signed zone file back. An alternative mode is DNSSEC validation of the given zone. The signing or validation can run in parallel if enabled in the configuration (see policy.signing-threads and zone.adjust-threads).
Parameters
- zone_name
- A name of the zone to be signed.
Config options
- -c, --config file
- Use a textual configuration file (default is /usr/local/etc/knot/knot.conf).
- -C, --confdb directory
- Use a binary configuration database directory (default is /usr/local/var/lib/knot/confdb). The default configuration database, if exists, has a preference to the default configuration file.
Options
- -o, --outdir dir_name
- Write the output zone file to the specified directory instead of the configured one.
- -r, --rollover
- Allow key roll-overs and NSEC3 re-salt. In order to finish possible KSK submission, set the KSK's active timestamp to now (+0) using keymgr.
- -v, --verify
- Instead of (re-)signing the zone, just verify that the zone is correctly signed.
- -t, --time timestamp
- Sign/verify the zone (and roll the keys if necessary) as if it was at the time specified by timestamp.
- -h, --help
- Print the program help.
- -V, --version
- Print the program version. The option -VV makes the program print the compile time configuration summary.
EXIT VALUES
Exit status of 0 means successful operation. Any other exit status indicates an error.
SEE ALSO
AUTHOR
CZ.NIC Labs https://www.knot-dns.cz
COPYRIGHT
Copyright 2010–2024, CZ.NIC, z.s.p.o.
| 2024-09-02 | 3.4.0 |