Welcome to Linux Knowledge Base and Tutorial
"The place where you learn linux"
Let The Music Play: Join EFF Today

 Create an AccountHome | Submit News | Your Account  

Tutorial Menu
Linux Tutorial Home
Table of Contents

· Introduction to Operating Systems
· Linux Basics
· Working with the System
· Shells and Utilities
· Editing Files
· Basic Administration
· The Operating System
· The X Windowing System
· The Computer Itself
· Networking
· System Monitoring
· Solving Problems
· Security
· Installing and Upgrading
· Linux and Windows

Glossary
MoreInfo
Man Pages
Linux Topics
Test Your Knowledge

Site Menu
Site Map
FAQ
Copyright Info
Terms of Use
Privacy Info
Disclaimer
WorkBoard
Thanks
Donations
Advertising
Masthead / Impressum
Your Account

Communication
Feedback
Forums
Private Messages
Surveys

Features
HOWTOs
News Archive
Submit News
Topics
User Articles
Web Links

Google
Google


The Web
linux-tutorial.info

Who's Online
There are currently, 62 guest(s) and 0 member(s) that are online.

You are an Anonymous user. You can register for free by clicking here

  

dnssec-signzone



SYNOPSIS

       dnssec-signzone  [ -a ]  [ -c class ]  [ -d directory ]  [
       -s start-time ]  [ -e end-time ]  [ -f output-file ]  [ -h
       ]  [ -i interval ]  [ -n nthreads ]  [ -o origin ]  [ -p ]
       [ -r randomdev ]  [ -t ]  [ -v level ]  zonefile [  key...
       ]


DESCRIPTION

       dnssec-signzone  signs  a  zone.  It generates NXT and SIG
       records and produces a signed  version  of  the  zone.  If
       there is a signedkey file from the zone's parent, the par­
       ent's signatures will be incorporated into  the  generated
       signed  zone file. The security status of delegations from
       the the signed zone (that is, whether the child zones  are
       secure or not) is determined by the presence or absence of
       a signedkey file for each child zone.


OPTIONS

       -a     Verify all generated signatures.

       -c class
              Specifies the DNS class of the zone.

       -d directory
              Look for signedkey files in directory as the direc­
              tory

       -s start-time
              Specify  the  date  and time when the generated SIG
              records become valid. This can be either  an  abso­
              lute  or  relative  time. An absolute start time is
              indicated by a number in  YYYYMMDDHHMMSS  notation;
              20000530144500  denotes  14:45:00  UTC on May 30th,
              2000. A relative start time  is  indicated  by  +N,
              which  is  N  seconds from the current time.  If no
              start-time is specified, the current time is  used.

       -e end-time
              Specify  the  date  and time when the generated SIG
              records expire. As  with  start-time,  an  absolute
              time  is  indicated  in  YYYYMMDDHHMMSS notation. A
              time relative to the start time is  indicated  with
              +N,  which is N seconds from the start time. A time
              relative to the  current  time  is  indicated  with
              now+N.  If  no  end-time is specified, 30 days from
              the start time is used as a default.

       -f output-file
              The name of the output file containing  the  signed
              zone. The default is to append .signed to the input
              file.

              times.  So  if  neither  end-time or start-time are
              specified,  dnssec-signzone  generates   signatures
              that  are  valid for 30 days, with a cycle interval
              of 7.5 days. Therefore, if any existing SIG records
              are due to expire in less than 7.5 days, they would
              be replaced.

       -n ncpus
              Specifies the number of threads to use. By default,
              one thread is started for each detected CPU.

       -o origin
              The  zone origin. If not specified, the name of the
              zone file is assumed to be the origin.

       -p     Use pseudo-random data when signing the zone.  This
              is  faster, but less secure, than using real random
              data. This option may be useful when signing  large
              zones or when the entropy source is limited.

       -r randomdev
              Specifies  the source of randomness. If the operat­
              ing system does not provide a /dev/random or equiv­
              alent  device,  the default source of randomness is
              keyboard input. randomdev specifies the name  of  a
              character  device or file containing random data to
              be used instead of the default. The  special  value
              keyboard  indicates  that  keyboard input should be
              used.

       -t     Print statistics at completion.

       -v level
              Sets the debugging level.

       zonefile
              The file containing the zone to  be  signed.   Sets
              the debugging level.

       key    The  keys  used  to  sign  the zone. If no keys are
              specified, the default all zone keys that have pri­
              vate key files in the current directory.


EXAMPLE

       The  following command signs the example.com zone with the
       DSA key generated  in  the  dnssec-keygen  man  page.  The
       zone's  keys  must  be in the zone. If there are signedkey
       files associated with this zone or any child  zones,  they
       must  be  in the current directory.  example.com, the fol­
       lowing command would be issued:

       dnssec-signzone  -o  example.com   db.example.com   Kexam­

BIND9                     June 30, 2000        DNSSEC-SIGNZONE(8)

An undefined database error occurred. SELECT distinct pages.pagepath,pages.pageid FROM pages, page2command WHERE pages.pageid = page2command.pageid AND commandid =


  




Login
Nickname

Password

Security Code
Security Code
Type Security Code


Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.

Help if you can!


Amazon Wish List

Did You Know?
The Linux Tutorial can use your help.


Friends



Tell a Friend About Us

Bookmark and Share



Web site powered by PHP-Nuke

Is this information useful? At the very least you can help by spreading the word to your favorite newsgroups, mailing lists and forums.
All logos and trademarks in this site are property of their respective owner. The comments are property of their posters. Articles are the property of their respective owners. Unless otherwise stated in the body of the article, article content (C) 1994-2013 by James Mohr. All rights reserved. The stylized page/paper, as well as the terms "The Linux Tutorial", "The Linux Server Tutorial", "The Linux Knowledge Base and Tutorial" and "The place where you learn Linux" are service marks of James Mohr. All rights reserved.
The Linux Knowledge Base and Tutorial may contain links to sites on the Internet, which are owned and operated by third parties. The Linux Tutorial is not responsible for the content of any such third-party site. By viewing/utilizing this web site, you have agreed to our disclaimer, terms of use and privacy policy. Use of automated download software ("harvesters") such as wget, httrack, etc. causes the site to quickly exceed its bandwidth limitation and are therefore expressly prohibited. For more details on this, take a look here

PHP-Nuke Copyright © 2004 by Francisco Burzi. This is free software, and you may redistribute it under the GPL. PHP-Nuke comes with absolutely no warranty, for details, see the license.
Page Generation: 0.09 Seconds