GSP
Quick Navigator
Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
DNSKEY(1) FreeBSD General Commands Manual DNSKEY(1)

dnskeygenerate DNSSEC DNSKEY record

dnskey [-k] [-t ttl] [-c class] domain keyfile

dnskey writes a DNSSEC DNSKEY record to standard output.

The record is generated with the name domain and public key given by keyfile.

A DNSKEY record contains a public key that can be used to verify the signatures of the records in a zone. If the Secure Entry Point (SEP) flag is set, the key may be used to verify signatures of the DNSKEY RRset. Otherwise, it may only be used to verify the signatures of other record types.

Set the Secure Entry Point (SEP) flag.
The signature algorithm to use with the key. This option can be used to disambiguate the hash used with RSA keys. The following algorithms are supported:
  • RSASHA1
  • RSASHA256 (default for RSA keys)
  • RSASHA512
  • ECDSAP256SHA256
  • ECDSAP384SHA384
The TTL value of the record. If not specified, the TTL is omitted.
The record class. Defaults to IN.

Generate a DNSKEY record with the SEP flag set for the key in key.pem.

$ dnskey -k example.com. key.pem
example.com.    IN      DNSKEY  257 3 13 vj2jYoUXYP5L/Y3VKwy2tv1lTQKvieaDdg2DpZRItJ0TblzoKoJ+9WQgxi4/mq0JkFUFeltRmhPnhtXoCH7Tfw==

ds(1), nsec(1), rrsig(1), tlsa(1)

May 10, 2021 FreeBSD 14.3-RELEASE
Search for    or go to Top of page |  Section 1 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.