GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
KZONESIGN(1) Knot DNS KZONESIGN(1)

kzonesign - DNSSEC signing utility

kzonesign [options] -c conf_file zone_name

This utility reads the zone's zone file, signs the zone according to given configuration, and writes the signed zone file back. An alternative mode is DNSSEC validation of the given zone. The signing or validation can run in parallel if enabled in the configuration (see policy.signing-threads and zone.adjust-threads).

-c, --config conf_file
Knot DNS configuration file (same as for knotd).
-o, --outdir dir_name
Write the output zone file to the specified directory instead of the configured one.
-r, --rollover
Allow key roll-overs and NSEC3 re-salt. In order to finish possible KSK submission, set the KSK's active timestamp to now (+0) using keymgr.
-v, --verify
Instead of (re-)signing the zone, just verify that the zone is correctly signed.
-t, --time timestamp
Sign/verify the zone (and roll the keys if necessary) as if it was at the time specified by timestamp.
-h, --help
Print the program help.
-V, --version
Print the program version.

zone_name
A name of the zone to be signed.

Exit status of 0 means successful operation. Any other exit status indicates an error.

knot.conf(5), keymgr(8).

CZ.NIC Labs <https://www.knot-dns.cz>

Copyright 2010–2022, CZ.NIC, z.s.p.o.
2022-03-30 3.1.7

Search for    or go to Top of page |  Section 1 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.