dnssec-signzone man page on IRIX

Man page or keyword search:  
man Server   31559 pages
apropos Keyword Search (all sections)
Output format
IRIX logo
[printable version]

DNSSEC-SIGNZONE(8)			       DNSSEC-SIGNZONE(8)

NAME
       dnssec-signzone - DNSSEC zone signing tool

SYNOPSIS
       dnssec-signzone	[ -a ]	[ -c class ]  [ -d directory ]	[
       -s start-time ]	[ -e end-time ]	 [ -f output-file ]  [ -h
       ]  [ -i interval ]  [ -n nthreads ]  [ -o origin ]  [ -p ]
       [ -r randomdev ]	 [ -t ]	 [ -v level ]  zonefile [  key...
       ]

DESCRIPTION
       dnssec-signzone	signs  a  zone.	 It generates NXT and SIG
       records and produces a signed  version  of  the	zone.  If
       there is a signedkey file from the zone's parent, the par-
       ent's signatures will be incorporated into  the	generated
       signed  zone file. The security status of delegations from
       the the signed zone (that is, whether the child zones  are
       secure or not) is determined by the presence or absence of
       a signedkey file for each child zone.

OPTIONS
       -a     Verify all generated signatures.

       -c class
	      Specifies the DNS class of the zone.

       -d directory
	      Look for signedkey files in directory as the direc-
	      tory

       -s start-time
	      Specify  the  date  and time when the generated SIG
	      records become valid. This can be either	an  abso-
	      lute  or	relative  time. An absolute start time is
	      indicated by a number in	YYYYMMDDHHMMSS	notation;
	      20000530144500  denotes  14:45:00	 UTC on May 30th,
	      2000. A relative start time  is  indicated  by  +N,
	      which  is	 N  seconds from the current time.  If no
	      start-time is specified, the current time is  used.

       -e end-time
	      Specify  the  date  and time when the generated SIG
	      records expire. As  with	start-time,  an	 absolute
	      time  is	indicated  in  YYYYMMDDHHMMSS notation. A
	      time relative to the start time is  indicated  with
	      +N,  which is N seconds from the start time. A time
	      relative to the  current	time  is  indicated  with
	      now+N.  If  no  end-time is specified, 30 days from
	      the start time is used as a default.

       -f output-file
	      The name of the output file containing  the  signed
	      zone. The default is to append .signed to the input
	      file.

       -h     Prints a short summary of the options and arguments
	      to dnssec-signzone.

       -i interval
	      When  a  previously signed zone is passed as input,
	      records may be resigned. The interval option speci-
	      fies  the	 cycle	interval  as  an  offset from the
	      current time (in seconds). If a SIG record  expires
	      after  the  cycle	 interval, it is retained. Other-
	      wise, it is considered to be expiring soon, and  it
	      will be replaced.

	      The  default  cycle  interval is one quarter of the
	      difference between  the  signature  end  and  start
	      times.  So  if  neither  end-time or start-time are
	      specified,  dnssec-signzone  generates   signatures
	      that  are	 valid for 30 days, with a cycle interval
	      of 7.5 days. Therefore, if any existing SIG records
	      are due to expire in less than 7.5 days, they would
	      be replaced.

       -n ncpus
	      Specifies the number of threads to use. By default,
	      one thread is started for each detected CPU.

       -o origin
	      The  zone origin. If not specified, the name of the
	      zone file is assumed to be the origin.

       -p     Use pseudo-random data when signing the zone.  This
	      is  faster, but less secure, than using real random
	      data. This option may be useful when signing  large
	      zones or when the entropy source is limited.

       -r randomdev
	      Specifies	 the source of randomness. If the operat-
	      ing system does not provide a /dev/random or equiv-
	      alent  device,  the default source of randomness is
	      keyboard input. randomdev specifies the name  of	a
	      character	 device or file containing random data to
	      be used instead of the default. The  special  value
	      keyboard	indicates  that	 keyboard input should be
	      used.

       -t     Print statistics at completion.

       -v level
	      Sets the debugging level.

       zonefile
	      The file containing the zone to  be  signed.   Sets
	      the debugging level.

       key    The  keys	 used  to  sign	 the zone. If no keys are
	      specified, the default all zone keys that have pri-
	      vate key files in the current directory.

EXAMPLE
       The  following command signs the example.com zone with the
       DSA key generated  in  the  dnssec-keygen  man  page.  The
       zone's  keys  must  be in the zone. If there are signedkey
       files associated with this zone or any child  zones,  they
       must  be	 in the current directory.  example.com, the fol-
       lowing command would be issued:

       dnssec-signzone	-o  example.com	  db.example.com   Kexam-
       ple.com.+003+26160

       The command would print a string of the form:

       In this example, dnssec-signzone creates the file db.exam-
       ple.com.signed. This file should be referenced in  a  zone
       statement in a named.conf file.

SEE ALSO
       dnssec-keygen(8),  dnssec-signkey(8), BIND 9 Administrator
       Reference Manual, RFC 2535.

AUTHOR
       Internet Software Consortium

BIND9			  June 30, 2000	       DNSSEC-SIGNZONE(8)
[top]

List of man pages available for IRIX

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net