1KZONESIGN(1) Knot DNS KZONESIGN(1)
2
3
4
6 kzonesign - DNSSEC signing utility
7
9 kzonesign [options] -c conf_file zone_name
10
12 This utility reads the zone's zone file, signs the zone according to
13 given configuration, and writes the signed zone file back.
14
15 Options
16 -c, --config conf_file
17 Knot DNS configuration file (same as for knotd).
18
19 -o, --outdir dir_name
20 Write the output zone file to the specified directory insted of
21 the configured one.
22
23 -r, --rollover
24 Allow key roll-overs and NSEC3 re-salt. In order to finish pos‐
25 sible KSK submission, set the KSK's active timestamp to now (+0)
26 using keymgr.
27
28 -t, --time timestamp
29 Sign the zone (and roll the keys if necessary) as if it was at
30 the time specified by timestamp.
31
32 -h, --help
33 Print the program help.
34
35 -V, --version
36 Print the program version.
37
38 Parameters
39 zone_name
40 A name of the zone to be signed.
41
43 Exit status of 0 means successful operation. Any other exit status in‐
44 dicates an error.
45
47 knot.conf(5), keymgr(8).
48
50 CZ.NIC Labs <https://www.knot-dns.cz>
51
53 Copyright 2010–2021, CZ.NIC, z.s.p.o.
54
55
56
57
583.1.4 2021-11-04 KZONESIGN(1)