dnssec-makekeyset man page on Solaris

Man page or keyword search:  
man Server   20652 pages
apropos Keyword Search (all sections)
Output format
Solaris logo
[printable version]

dnssec-makekeyset(1M)	System Administration Commands	 dnssec-makekeyset(1M)

NAME
       dnssec-makekeyset - DNSSEC zone signing tool

SYNOPSIS
       dnssec-makekeyset  [-ahp]  [-s start-time] [-e end-time] [-r randomdev]
       [-t ttl] [-v level] key...

DESCRIPTION
       The dnssec-makekeyset utility generates a key set from one or more keys
       created by dnssec-keygen(1M). It creates a file containing a KEY record
       for each key, and self-signs the key set with each zone key. The output
       file is of the form keyset-nnnn., where nnnn is the zone name.

OPTIONS
       -a	       Verify all generated signatures.

       -e end-time     Specify	the  date  and	time  when  the	 generated SIG
		       records expire. As with start-time, an absolute time is
		       indicated  in  YYYYMMDDHHMMSS notation. A time relative
		       to the start time is indicated with +N, which is N sec‐
		       onds  from  the start time. A time relative to the cur‐
		       rent time is indicated with now+N. If  no  end-time  is
		       specified,  30  days  from  the start time is used as a
		       default.

       -h	       Print a short summary of the options and	 arguments  to
		       dnssec-makekeyset().

       -p	       Use  pseudo-random  data when signing the zone. This is
		       faster, but less secure, than using real	 random	 data.
		       This  option  may be useful when signing large zones or
		       when the entropy source is limited.

       -r randomdev    Specify the source of randomness. If the operating sys‐
		       tem  does  not  provide	a  /dev/random	or  equivalent
		       device, the default source of  randomness  is  keyboard
		       input.  The  randomdev argument specifies the name of a
		       character device or file containing random data	to  be
		       used instead of the default. The special value keyboard
		       indicates that keyboard input should be used.

       -s start-time   Specify the  date  and  time  when  the	generated  SIG
		       records become valid. This can be either an absolute or
		       relative time. An absolute start time is indicated by a
		       number	in   YYYYMMDDHHMMSS  notation;	20000530144500
		       denotes 14:45:00 UTC on	May  30th,  2000.  A  relative
		       start  time is indicated by +N, which is N seconds from
		       the current time. If no start-time  is  specified,  the
		       current time is used.

       -t ttl	       Specify	the  TTL  (time	 to  live)  of the KEY and SIG
		       records. The default is 3600 seconds.

       -v level	       Set the debugging level.

OPERANDS
       The following operands are supported:

       key	       The list of keys to be included	in  the	 keyset	 file.
		       These  keys  are expressed in the form Knnnn.+aaa+iiiii
		       as generated by dnssec-keygen.

EXAMPLES
       Example 1: Generates a keyset containing the DSA key for example.com.

       The following command generates a keyset containing  the	 DSA  key  for
       example.com generated in the dnssec-keygen(1M) manual page.

       dnssec-makekeyset -t 86400 -s 20000701120000 -e +2592000 \
       Kexample.com.+003+26160

       In  this	 example,  dnssec-makekeyset()	creates	 the file keyset-exam‐
       ple.com. This file contains the specified key and a self-generated sig‐
       nature.

       The DNS administrator for example.com could send keyset-example.com. to
       the DNS administrator for .com for signing, if the .com zone is DNSSEC-
       aware  and  the administrators of the two zones have some mechanism for
       authenticating each  other  and	exchanging  the	 keys  and  signatures
       securely.

ATTRIBUTES
       See attributes(5) for descriptions of the following attributes:

       ┌─────────────────────────────┬─────────────────────────────┐
       │      ATTRIBUTE TYPE	     │	    ATTRIBUTE VALUE	   │
       │Availability		     │SUNWbind9			   │
       │Interface Stability	     │External			   │
       └─────────────────────────────┴─────────────────────────────┘

SEE ALSO
       dnssec-keygen(1M), dnssec-signkey(1M), attributes(5)

       RFC 2535

       BIND 9 Administrator Reference Manual

NOTES
       Source for BIND9 is available in the SUNWbind9S package.

SunOS 5.10			  15 Dec 2004		 dnssec-makekeyset(1M)
[top]

List of man pages available for Solaris

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net