kzonesign(1) Knot DNS kzonesign(1)
NAME
kzonesign - DNSSEC signing utility
SYNOPSIS
kzonesign [config_option] [options] zone_name
DESCRIPTION
This utility reads the zone's zone file, signs the zone according to
given configuration, and writes the signed zone file back. An
alternative mode is DNSSEC validation of the given zone. The signing or
validation can run in parallel if enabled in the configuration (see
policy.signing-threads and zone.adjust-threads).
Parameters
zone_name
A name of the zone to be signed.
Config options
-c, --config file
Use a textual configuration file (default is
/opt/local/etc/knot/knot.conf).
-C, --confdb directory
Use a binary configuration database directory (default is
/opt/local/var/lib/knot/confdb). The default configuration
database, if exists, has a preference to the default
configuration file.
Options
-o, --outdir dir_name
Write the output zone file to the specified directory instead of
the configured one.
-r, --rollover
Allow key roll-overs and NSEC3 re-salt. In order to finish
possible KSK submission, set the KSK's active timestamp to now
(+0) using keymgr.
-v, --verify
Instead of (re-)signing the zone, just verify that the zone is
correctly signed.
-t, --time timestamp
Sign/verify the zone (and roll the keys if necessary) as if it
was at the time specified by timestamp.
-h, --help
Print the program help.
-V, --version
Print the program version.
EXIT VALUES
Exit status of 0 means successful operation. Any other exit status
indicates an error.
SEE ALSO
knot.conf(5), keymgr(8).
AUTHOR
CZ.NIC Labs <https://www.knot-dns.cz>
COPYRIGHT
Copyright 2010-2023, CZ.NIC, z.s.p.o.
3.3.2 2023-10-20 kzonesign(1)
knot 3.3.2 - Generated Thu Oct 26 13:09:19 CDT 2023