logo
Free, unlimited AI code reviews that run on commit
git-lrc git-lrc GitHub Install Now We'd appreciate a star git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt

kzonesign - DNSSEC signing utility

Author

       CZ.NIC Labs <https://www.knot-dns.cz>

Description

       This  utility reads the zone's zone file, signs the zone according to given configuration, and writes the
       signed zone file back. An alternative mode is DNSSEC  validation  of  the  given  zone.  The  signing  or
       validation  can  run  in  parallel  if  enabled  in  the  configuration  (see  policy.signing-threads and
       zone.adjust-threads).

   Parameterszone_name
              A name of the zone to be signed.

   Configoptions-c, --configfile
              Use a textual configuration file (default is /usr/local/etc/knot/knot.conf).

       -C, --confdbdirectory
              Use a binary configuration database directory (default  is  /usr/local/var/lib/knot/confdb).   The
              default configuration database, if exists, has a preference to the default configuration file.

   Options-o, --outdirdir_name
              Write the output zone file to the specified directory instead of the configured one.

       -r, --rollover
              Allow  key roll-overs and NSEC3 re-salt. In order to finish possible KSK submission, set the KSK's
              active timestamp to now (+0) using keymgr.

       -v, --verify
              Instead of (re-)signing the zone, just verify that the zone is correctly signed.

       -t, --timetimestamp
              Sign/verify the zone (and roll the keys if necessary) as if  it  was  at  the  time  specified  by
              timestamp.

       -h, --help
              Print the program help.

       -V, --version
              Print  the  program version. The option -VV makes the program print the compile time configuration
              summary.

Exit Values

       Exit status of 0 means successful operation. Any other exit status indicates an error.

Name

       kzonesign - DNSSEC signing utility

See Also

knot.conf(5), keymgr(8).

Synopsis

kzonesign [config_option] [options] zone_name

See Also