1ldns-signzone(1) General Commands Manual ldns-signzone(1)
2
3
4
6 ldns-signzone - sign a zonefile with DNSSEC data
7
9 ldns-signzone [ OPTION ] ZONEFILE KEY [KEY [KEY] ... ]
10
11
13 ldns-signzone is used to generate a DNSSEC signed zone. When run it
14 will create a new zonefile that contains RRSIG and NSEC resource
15 records, as specified in RFC 4033, RFC 4034 and RFC 4035. It will add
16 the DNSKEY(s) that is/are used to sign the zone.
17
18 Keys must be specified by their base name (i.e. without .key and .pri‐
19 vate) and both the public and private key must be present in the speci‐
20 fied location. Multiple keys can be specified.
21
22
24 -e date
25 Set expiration date of the signatures to this date, the format
26 can be YYYYMMDD[hhmmss], or a timestamp.
27
28
29 -i date
30 Set inception date of the signatures to this date, the format
31 can be YYYYMMDD[hhmmss], or a timestamp.
32
33
34 -f file
35 Use this file to store the signed zone in (default <original‐
36 file>.signed)
37
38
39 -o origin
40 Use this as the origin of the zone, if it cannot be read from
41 the zonefile
42
43
45 Written by the ldns team as an example for ldns usage.
46
47
49 Report bugs to <ldns-team@nlnetlabs.nl>.
50
51
53 Copyright (C) 2005 NLnet Labs. This is free software. There is NO war‐
54 ranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PUR‐
55 POSE.
56
57
58
59 30 May 2005 ldns-signzone(1)