redhat man page for dnssec-signkey

Redhat Man Pages All Man Pages Latest Topics Forum Categories

Query: dnssec-signkey

OS: redhat

Section: 8

Format: Original Unix Latex Style Formatted with HTML and a Horizontal Scroll Bar

DNSSEC-SIGNKEY(8)														 DNSSEC-SIGNKEY(8)


NAME

       dnssec-signkey - DNSSEC key set signing tool


SYNOPSIS

       dnssec-signkey [ -a ]  [ -c class ]  [ -s start-time ]  [ -e end-time ]	[ -h ]	[ -p ]	[ -r randomdev ]  [ -v level ]	keyset key...


DESCRIPTION

       dnssec-signkey  signs a keyset. Typically the keyset will be for a child zone, and will have been generated by dnssec-makekeyset. The child
       zone's keyset is signed with the zone keys for its parent zone. The output file is of the form signedkey-nnnn.,	where  nnnn  is  the  zone
       name.


OPTIONS

       -a     Verify all generated signatures.

       -c class
	      Specifies the DNS class of the key sets.

       -s start-time
	      Specify  the date and time when the generated SIG records become valid. This can be either an absolute or relative time. An absolute
	      start time is indicated by a number in YYYYMMDDHHMMSS notation; 20000530144500 denotes 14:45:00 UTC on May 30th,	2000.  A  relative
	      start time is indicated by +N, which is N seconds from the current time.	If no start-time is specified, the current time is used.

       -e end-time
	      Specify the date and time when the generated SIG records expire. As with start-time, an absolute time is indicated in YYYYMMDDHHMMSS
	      notation. A time relative to the start time is indicated with +N, which is N seconds from the start time. A  time  realtive  to  the
	      current time is indicated with now+N. If no end-time is specified, 30 days from the start time is used as a default.

       -h     Prints a short summary of the options and arguments to dnssec-signkey.

       -p     Use  pseudo-random data when signing the zone. This is faster, but less secure, than using real random data. This option may be use-
	      ful when signing large zones or when the entropy source is limited.

       -r randomdev
	      Specifies the source of randomness. If the operating system does not provide a /dev/random or equivalent device, the default  source
	      of  randomness  is  keyboard  input.  randomdev  specifies  the name of a character device or file containing random data to be used
	      instead of the default. The special value keyboard indicates that keyboard input should be used.

       -v level
	      Sets the debugging level.

       keyset The file containing the child's keyset.

       key    The keys used to sign the child's keyset.


EXAMPLE

       The DNS administrator for a DNSSEC-aware .com zone would use the following command to sign the  keyset  file  for  example.com  created	by
       dnssec-makekeyset with a key generated by dnssec-keygen:

       dnssec-signkey keyset-example.com. Kcom.+003+51944

       In this example, dnssec-signkey creates the file signedkey-example.com., which contains the example.com keys and the signatures by the .com
       keys.


SEE ALSO

       dnssec-keygen(8), dnssec-makekeyset(8), dnssec-signzone(8).


AUTHOR

       Internet Software Consortium

BIND9								   June 30, 2000						 DNSSEC-SIGNKEY(8)
Related Man Pages
dnssec-signkey(8) - redhat
dnssec-signzone(8) - redhat
dnssec-makekeyset(1m) - freebsd
dnssec-makekeyset(1m) - php
dnssec-signkey(1m) - php
Similar Topics in the Unix Linux Community
time calculation
searching between start and end time
How to get data between the start time and end time?
How do I set up dnssec ?
Need help with dnscrypt and dnssec