This utility reads the zone's zone file, signs the zone according to given configuration, and writes the
signed zone file back. An alternative mode is DNSSEC validation of the given zone. The signing or
validation can run in parallel if enabled in the configuration (see policy.signing-threads and
zone.adjust-threads).
Parameterszone_name
A name of the zone to be signed.
Configoptions-c, --configfile
Use a textual configuration file (default is /usr/local/etc/knot/knot.conf).
-C, --confdbdirectory
Use a binary configuration database directory (default is /usr/local/var/lib/knot/confdb). The
default configuration database, if exists, has a preference to the default configuration file.
Options-o, --outdirdir_name
Write the output zone file to the specified directory instead of the configured one.
-r, --rollover
Allow key roll-overs and NSEC3 re-salt. In order to finish possible KSK submission, set the KSK's
active timestamp to now (+0) using keymgr.
-v, --verify
Instead of (re-)signing the zone, just verify that the zone is correctly signed.
-t, --timetimestamp
Sign/verify the zone (and roll the keys if necessary) as if it was at the time specified by
timestamp.
-h, --help
Print the program help.
-V, --version
Print the program version. The option -VV makes the program print the compile time configuration
summary.