GSP
Quick Navigator
Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
RRSIG(1) FreeBSD General Commands Manual RRSIG(1)

rrsiggenerate RRSIG records for a zone

rrsig [-kz] [-s start] [-e end] keyfile [zonefile]

rrsig signs the records in a zone and writes DNSSEC RRSIG records to standard output.

The signatures are generated for the zone described in zonefile, which must be in the format described by RFC 1035.

An RRSIG record contains a signature for a set of DNS records (RRset), all with the same name and type. These records are returned along with the results of a query and the signatures can be verified with the public keys in the DNSKEY records for the domain.

Sign the DNSKEY records in the zone. The key in keyfile must have a DNSKEY record in the zone with the SEP flag set.
Sign the non-DNSKEY records in the zone. The key in keyfile must have a DNSKEY record in the zone.
The unix time at which the signature becomes valid.
The unix time after which the signature is no longer valid.

If neither -k or -z is specified, all records in the zone are signed.

Sign the records in the example.com zone with the key in key.pem

$ rrsig key.pem example.com.zone
example.com.    86400   IN      RRSIG   SOA 13 2 86400 20200616002419 20200517002419 32716 example.com. pT8tmBBTpTG139CBJbN1MbshvygYyaiNn713gmvMw2Y/C2dTwGSZwuriXOk7luLb+Ej9OHvcjgaNaVzWnu5IiQ==
example.com.    86400   IN      RRSIG   A 13 2 86400 20200616002419 20200517002419 32716 example.com. ziulNlLfYTwUO0VGiVW4TSR3Pfg8j/RhUhuWCbL2rn9PVBUIr3P0ql5JHkfskfCy9BNDIW7rSIWxwuLBULfudw==
example.com.    86400   IN      RRSIG   NS 13 2 86400 20200616002419 20200517002419 32716 example.com. 9FdDokZ6RWGcAZTgpB430T71t9NZWeCZLTqxkeDyi77vxDt5eRwCNdzdDIEYaChGIfX6NBcrFIZ9Arz7vEA+ww==
example.com.    1200    IN      RRSIG   NSEC 13 2 1200 20200616002419 20200517002419 32716 example.com. QeClnuEuVdq0Wppv+kH0DNR3huWFw7Rack0ZuFRqEpRLfVx/NTaaieHBax4SJTgecaF2MgpT+f/yJsRe/rsr3g==
example.com.    86400   IN      RRSIG   DNSKEY 13 2 86400 20200616002419 20200517002419 32716 example.com. ypFHj/ttCnJkzOsCSj+SM+pU7yj9jfT7IaHZpotrU1ITOQBj2x+5nhQSj7dAbi21N4Vjie1rS5vx7E6T2g0msg==
ns1.example.com.        86400   IN      RRSIG   A 13 3 86400 20200616002419 20200517002419 32716 example.com. /M9W4asOST8JuRfibKA0hf780GX3HglEsgB1PoNuV2PCK5sTXWKVexb7wfxAeBAK/gDsLy3HQIPH2im6iRuI9g==
ns1.example.com.        1200    IN      RRSIG   NSEC 13 3 1200 20200616002419 20200517002419 32716
example.com. Mph6z5j6ZePdrxoO/vBr1rwA76a/0lpkUEfsiNWOtELtoPCNRrhRDxvQWM/mPfRw+plfzFXqANymU5shvPwZZA==

dnskey(1), ds(1), rrsig(1), tlsa(1)

May 10, 2021 FreeBSD 14.3-RELEASE
Search for    or go to Top of page |  Section 1 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.