Unix/Linux Go Back    


RedHat 9 (Linux i386) - man page for dnssec-makekeyset (redhat section 8)

Linux & Unix Commands - Search Man Pages
Man Page or Keyword Search:   man
Select Man Page Set:       apropos Keyword Search (sections above)


DNSSEC-MAKEKEYSET(8)							     DNSSEC-MAKEKEYSET(8)

NAME
       dnssec-makekeyset - DNSSEC zone signing tool

SYNOPSIS
       dnssec-makekeyset  [  -a  ]  [ -s start-time ]  [ -e end-time ]	[ -h ]	[ -p ]	[ -r ran-
       domdev ]  [ -tttl ]  [ -v level ]  key...

DESCRIPTION
       dnssec-makekeyset generates a key set from one or more keys created by  dnssec-keygen.  It
       creates	a file containing a KEY record for each key, and self-signs the key set with each
       zone key. The output file is of the form keyset-nnnn., where nnnn is the zone name.

OPTIONS
       -a     Verify all generated signatures.

       -s start-time
	      Specify the date and time when the generated SIG records become valid. This can  be
	      either  an absolute or relative time. An absolute start time is indicated by a num-
	      ber in YYYYMMDDHHMMSS notation; 20000530144500 denotes 14:45:00 UTC  on  May  30th,
	      2000. A relative start time is indicated by +N, which is N seconds from the current
	      time.  If no start-time is specified, the current time is used.

       -e end-time
	      Specify the date and time when the generated SIG records	expire.  As  with  start-
	      time,  an absolute time is indicated in YYYYMMDDHHMMSS notation. A time relative to
	      the start time is indicated with +N, which is N seconds from the start time. A time
	      realtive	to the current time is indicated with now+N. If no end-time is specified,
	      30 days from the start time is used as a default.

       -h     Prints a short summary of the options and arguments to dnssec-makekeyset.

       -p     Use pseudo-random data when signing the zone. This is faster, but less secure, than
	      using  real random data. This option may be useful when signing large zones or when
	      the entropy source is limited.

       -r randomdev
	      Specifies the source of randomness. If the operating  system  does  not  provide	a
	      /dev/random  or  equivalent  device,  the  default source of randomness is keyboard
	      input. randomdev specifies the name of a character device or file containing random
	      data  to	be used instead of the default. The special value keyboard indicates that
	      keyboard input should be used.

       -t ttl Specify the TTL (time to live) of the KEY and SIG records.   The	default  is  3600
	      seconds.

       -v level
	      Sets the debugging level.

       key    The list of keys to be included in the keyset file. These keys are expressed in the
	      form Knnnn.+aaa+iiiii as generated by dnssec-keygen.

EXAMPLE
       The following command generates a keyset containing the DSA key for example.com	generated
       in the dnssec-keygen man page.

       dnssec-makekeyset -t 86400 -s 20000701120000 -e +2592000 Kexample.com.+003+26160

       In  this  example,  dnssec-makekeyset creates the file keyset-example.com.. This file con-
       tains the specified key and a self-generated signature.

       The DNS administrator for example.com could send keyset-example.com. to the  DNS  adminis-
       trator  for  .com  for signing, if the .com zone is DNSSEC-aware and the administrators of
       the two zones have some mechanism for authenticating each other and  exchanging	the  keys
       and signatures securely.

SEE ALSO
       dnssec-keygen(8), dnssec-signkey(8), BIND 9 Administrator Reference Manual, RFC 2535.

AUTHOR
       Internet Software Consortium

BIND9					  June 30, 2000 		     DNSSEC-MAKEKEYSET(8)
Unix & Linux Commands & Man Pages : ©2000 - 2018 Unix and Linux Forums


All times are GMT -4. The time now is 07:25 PM.