dnssec-makekeyset man page on OpenIndiana

Man page or keyword search:  
man Server   20441 pages
apropos Keyword Search (all sections)
Output format
OpenIndiana logo
[printable version]

dnssec-makekeyset(1M)	System Administration Commands	 dnssec-makekeyset(1M)

NAME
       dnssec-makekeyset - DNSSEC zone signing tool

SYNOPSIS
       dnssec-makekeyset [-ahp] [-s start-time] [-e end-time]
	    [-r randomdev] [-t ttl] [-v level] key...

DESCRIPTION
       The dnssec-makekeyset utility generates a key set from one or more keys
       created by dnssec-keygen(1M). It creates a file containing a KEY record
       for each key, and self-signs the key set with each zone key. The output
       file is of the form keyset-nnnn., where nnnn is the zone name.

OPTIONS
       -a		Verify all generated signatures.

       -e end-time	Specify the date  and  time  when  the	generated  SIG
			records	 expire.  As with start-time, an absolute time
			is indicated in YYYYMMDDHHMMSS notation. A time	 rela‐
			tive  to the start time is indicated with +N, which is
			N seconds from the start time. A time relative to  the
			current	 time  is indicated with now+N. If no end-time
			is specified, 30 days from the start time is used as a
			default.

       -h		Print  a short summary of the options and arguments to
			dnssec-makekeyset().

       -p		Use pseudo-random data when signing the zone. This  is
			faster,	 but less secure, than using real random data.
			This option may be useful when signing large zones  or
			when the entropy source is limited.

       -r randomdev	Specify	 the  source  of  randomness. If the operating
			system does not provide a  /dev/random	or  equivalent
			device,	 the  default source of randomness is keyboard
			input. The randomdev argument specifies the name of  a
			character  device or file containing random data to be
			used instead of the default. The  special  value  key‐
			board indicates that keyboard input should be used.

       -s start-time	Specify	 the  date  and	 time  when  the generated SIG
			records become valid. This can be either  an  absolute
			or  relative time. An absolute start time is indicated
			by a number in YYYYMMDDHHMMSS notation; 20000530144500
			denotes	 14:45:00  UTC	on  May 30th, 2000. A relative
			start time is indicated by +N, which is N seconds from
			the  current  time. If no start-time is specified, the
			current time is used.

       -t ttl		Specify the TTL (time to live)	of  the	 KEY  and  SIG
			records. The default is 3600 seconds.

       -v level		Set the debugging level.

OPERANDS
       The following operands are supported:

       key    The  list	 of keys to be included in the keyset file. These keys
	      are expressed in	the  form  Knnnn.+aaa+iiiii  as	 generated  by
	      dnssec-keygen.

EXAMPLES
       Example 1 Generates a keyset containing the DSA key for example.com.

       The  following  command	generates  a keyset containing the DSA key for
       example.com generated in the dnssec-keygen(1M) manual page.

	 dnssec-makekeyset -t 86400 -s 20000701120000 -e +2592000 \
	 Kexample.com.+003+26160

       In this example,	 dnssec-makekeyset()  creates  the  file  keyset-exam‐
       ple.com. This file contains the specified key and a self-generated sig‐
       nature.

       The DNS administrator for example.com could send keyset-example.com. to
       the DNS administrator for .com for signing, if the .com zone is DNSSEC-
       aware and the administrators of the two zones have some	mechanism  for
       authenticating  each  other  and	 exchanging  the  keys	and signatures
       securely.

ATTRIBUTES
       See attributes(5) for descriptions of the following attributes:

       ┌───────────────────────────────────────────────────────────┐
       │      ATTRIBUTE TYPE		    ATTRIBUTE VALUE	   │
       │Availability		      SUNWbind9			   │
       │Interface Stability	      Volatile			   │
       └───────────────────────────────────────────────────────────┘

SEE ALSO
       dnssec-keygen(1M), dnssec-signkey(1M), attributes(5)

       RFC 2535

       BIND 9 Administrator Reference Manual

NOTES
       Source for BIND9 is available in the SUNWbind9S package.

SunOS 5.11			  20 Mar 2007		 dnssec-makekeyset(1M)
[top]

List of man pages available for OpenIndiana

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net