dnssec-signkey.1 (2010 09)
d
dnssec-signkey(1) dnssec-signkey(1)
when it next gets signed with dnssec-signzone
. A copy of the generated
signedkey file should be
kept by the parent zone’s DNS administrator, since it will be needed when signing the parent zone.
EXAMPLE
The DNS administrator for a DNSSEC-aware
.com zone would use the following command to make
dnssec-signkey
sign the .keyset file for example.com created in the example shown in the man
page for
dnssec-makekeyset
:
dnssec-signkey example.com.keyset Kcom.+003+51944
where Kcom.+003+51944
was a key file identifier that was produced when
dnssec-keygen gen-
erated a key for the
.com zone.
dnssec-signkey
will produce a file called example.com.signedkey
which has the keys for
example.com signed by the com zone’s zone key.
FILES
/dev/random
SEE ALSO
dnssec-keygen(1), dnssec-makekeyset(1), dnssec-signzone(1), RFC2535.
2 Hewlett-Packard Company − 2 − HP-UX 11i Version 3: September 2010