2023-12-01 10:13:04 -05:00
|
|
|
|
.. highlight:: none
|
2020-05-05 05:36:49 -04:00
|
|
|
|
|
2023-01-18 10:00:59 -05:00
|
|
|
|
``kzonesign`` – DNSSEC signing utility
|
|
|
|
|
|
======================================
|
2020-05-05 05:36:49 -04:00
|
|
|
|
|
|
|
|
|
|
Synopsis
|
|
|
|
|
|
--------
|
|
|
|
|
|
|
2023-10-09 08:37:02 -04:00
|
|
|
|
:program:`kzonesign` [*config_option*] [*options*] *zone_name*
|
2020-05-05 05:36:49 -04:00
|
|
|
|
|
|
|
|
|
|
Description
|
|
|
|
|
|
-----------
|
|
|
|
|
|
|
|
|
|
|
|
This utility reads the zone's zone file, signs the zone according to given
|
2022-02-02 11:05:49 -05:00
|
|
|
|
configuration, and writes the signed zone file back. An alternative mode
|
|
|
|
|
|
is DNSSEC validation of the given zone. The signing or validation
|
|
|
|
|
|
can run in parallel if enabled in the configuration (see policy.signing-threads
|
|
|
|
|
|
and zone.adjust-threads).
|
2020-05-05 05:36:49 -04:00
|
|
|
|
|
2023-10-09 08:37:02 -04:00
|
|
|
|
Parameters
|
|
|
|
|
|
..........
|
|
|
|
|
|
|
|
|
|
|
|
*zone_name*
|
|
|
|
|
|
A name of the zone to be signed.
|
|
|
|
|
|
|
2021-10-17 14:50:15 -04:00
|
|
|
|
Config options
|
|
|
|
|
|
..............
|
|
|
|
|
|
|
|
|
|
|
|
**-c**, **--config** *file*
|
|
|
|
|
|
Use a textual configuration file (default is :file:`@config_dir@/knot.conf`).
|
|
|
|
|
|
|
|
|
|
|
|
**-C**, **--confdb** *directory*
|
|
|
|
|
|
Use a binary configuration database directory (default is :file:`@storage_dir@/confdb`).
|
|
|
|
|
|
The default configuration database, if exists, has a preference to the default
|
|
|
|
|
|
configuration file.
|
|
|
|
|
|
|
2020-05-05 05:36:49 -04:00
|
|
|
|
Options
|
|
|
|
|
|
.......
|
|
|
|
|
|
|
2020-08-06 14:10:13 -04:00
|
|
|
|
**-o**, **--outdir** *dir_name*
|
2021-11-24 06:55:31 -05:00
|
|
|
|
Write the output zone file to the specified directory instead of the configured one.
|
2020-05-05 05:36:49 -04:00
|
|
|
|
|
2020-08-14 03:54:53 -04:00
|
|
|
|
**-r**, **--rollover**
|
2020-08-06 14:10:13 -04:00
|
|
|
|
Allow key roll-overs and NSEC3 re-salt. In order to finish possible KSK submission,
|
|
|
|
|
|
set the KSK's **active** timestamp to now (**+0**) using :doc:`keymgr<man_keymgr>`.
|
2020-05-05 05:36:49 -04:00
|
|
|
|
|
2020-10-12 14:06:27 -04:00
|
|
|
|
**-v**, **--verify**
|
|
|
|
|
|
Instead of (re-)signing the zone, just verify that the zone is correctly signed.
|
|
|
|
|
|
|
2020-08-14 03:54:53 -04:00
|
|
|
|
**-t**, **--time** *timestamp*
|
2020-10-12 14:06:27 -04:00
|
|
|
|
Sign/verify the zone (and roll the keys if necessary) as if it was at the time
|
2020-08-06 14:10:13 -04:00
|
|
|
|
specified by timestamp.
|
2020-05-05 05:51:02 -04:00
|
|
|
|
|
2020-05-05 05:36:49 -04:00
|
|
|
|
**-h**, **--help**
|
|
|
|
|
|
Print the program help.
|
|
|
|
|
|
|
|
|
|
|
|
**-V**, **--version**
|
2023-10-23 07:17:55 -04:00
|
|
|
|
Print the program version. The option **-VV** makes the program
|
|
|
|
|
|
print the compile time configuration summary.
|
2020-05-05 05:36:49 -04:00
|
|
|
|
|
|
|
|
|
|
Exit values
|
|
|
|
|
|
-----------
|
|
|
|
|
|
|
|
|
|
|
|
Exit status of 0 means successful operation. Any other exit status indicates
|
|
|
|
|
|
an error.
|
|
|
|
|
|
|
|
|
|
|
|
See Also
|
|
|
|
|
|
--------
|
|
|
|
|
|
|
2020-08-06 14:10:13 -04:00
|
|
|
|
:manpage:`knot.conf(5)`, :manpage:`keymgr(8)`.
|
