1KZONESIGN(1)                       Knot DNS                       KZONESIGN(1)
2
3
4

NAME

6       kzonesign - DNSSEC signing utility
7

SYNOPSIS

9       kzonesign [options] -c conf_file zone_name
10

DESCRIPTION

12       This  utility  reads  the zone's zone file, signs the zone according to
13       given configuration, and writes the signed zone file back. An  alterna‐
14       tive  mode is DNSSEC validation of the given zone. The signing or vali‐
15       dation can run in parallel if enabled in the  configuration  (see  pol‐
16       icy.signing-threads and zone.adjust-threads).
17
18   Options
19       -c, --config conf_file
20              Knot DNS configuration file (same as for knotd).
21
22       -o, --outdir dir_name
23              Write the output zone file to the specified directory instead of
24              the configured one.
25
26       -r, --rollover
27              Allow key roll-overs and NSEC3 re-salt. In order to finish  pos‐
28              sible KSK submission, set the KSK's active timestamp to now (+0)
29              using keymgr.
30
31       -v, --verify
32              Instead of (re-)signing the zone, just verify that the  zone  is
33              correctly signed.
34
35       -t, --time timestamp
36              Sign/verify  the  zone (and roll the keys if necessary) as if it
37              was at the time specified by timestamp.
38
39       -h, --help
40              Print the program help.
41
42       -V, --version
43              Print the program version.
44
45   Parameters
46       zone_name
47              A name of the zone to be signed.
48

EXIT VALUES

50       Exit status of 0 means successful operation. Any other exit status  in‐
51       dicates an error.
52

SEE ALSO

54       knot.conf(5), keymgr(8).
55

AUTHOR

57       CZ.NIC Labs <https://www.knot-dns.cz>
58

COPYRIGHT

60       Copyright 2010–2022, CZ.NIC, z.s.p.o.
61
62
63
64
653.1.8                             2022-04-28                      KZONESIGN(1)