GSP
Quick Navigator
Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
DS(1) FreeBSD General Commands Manual DS(1)

dsgenerate DNSSEC delegation signer record

ds [-d digest] [-t ttl] [-c class] domain keyfile

ds writes a DNSSEC DS record to standard output.

The record is generated for the child zone domain and public key given by keyfile. The child zone should have a corresponding self-signed DNSKEY record with the Secure Entry Point (SEP) flag set.

A DS record is delegates record signing for a sub-zone to a particular key, establishing a chain of trust from a parent zone to its child. It contains a signature algorithm identifier, the hash of the public key, and a “tag” used to identify the key. It indicates that the signature of the DNSKEY RRSet of the child zone may be verified with the described key.

DS records are usually configured through a web form provided by the domain registrar.

The digest algorithm to use. The following algorithms are supported:
  • SHA1 (1)
  • SHA256 (2, default)
  • SHA384 (4)
The signature algorithm to use with the key. This option can be used to disambiguate the hash used with RSA keys. Supported algorithms are the same as in dnskey(1).
The TTL value of the record. If not specified, the TTL is omitted.
The record class. Defaults to IN.

Generate a DS record for the example.com EC signing key, key.pem:

$ ds example.com. key.pem
example.com.    IN      DS      32716 13 2 ffd819c99ed62247e5fa61711a53fc0202a35970ca8ec78d874e2667556c594b

dnskey(1), nsec(1), rrsig(1), tlsa(1)

May 9, 2021 FreeBSD 14.3-RELEASE
Search for    or go to Top of page |  Section 1 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.