HP-UX Reference (11i v1 05/09) - 1 User Commands A-M (vol 1)
d
dnssec-signzone(1) dnssec-signzone(1)
An absolute start time is indicated by a number in YYYYMMDDHHMMSS notation; such
as,
20000530144500
denotes 14:45:00 UTC on May 30th, 2000.
A relative start time is supplied when start-time is given as
+N specifying N seconds from
the current time.
If no
-s option is supplied, the current date and time is used for the start time of the SIG
records.
-v level This option is used to make
dnssec-signzone more verbose. As the debugging/tracing
level level increases,
dnssec-signzone
generates increasingly detailed reports about
what it is doing. The default level is zero.
EXAMPLE
The example below shows how
dnssec-signzone
could be used to sign the
example.com zone with
the key that was generated in the example given in the man page for
dnssec-keygen
. The zone file for
this zone is
example.com , which is the same as the origin, so there is no need to use the
-o option to set
the origin. This zone file contains the key set for
example.com that was created by dnssec-
makekeyset
. The zone’s keys are either appended to the zone file or incorporated using a
$INCLUDE
statement. If there was a .signedkey file from the parent zone; i.e., example.com.signedkey
,it
should be present in the current directory. This allows the parent zone’s signature to be included in the
signed version of the
example.com zone.
dnssec-signzone example.com Kexample.com.+003+26160
dnssec-signzone
will create a file called
example.com.signed, the signed version of the
example.com zone. This file can then be referenced in a
zone{} statement in /etc/named.conf
so
that it can be loaded by the name server.
FILES
/dev/random
SEE ALSO
dnssec-keygen(1), dnssec-makekeyset(1), dnssec-signkey(1), RFC2535.
HP-UX 11i Version 1: September 2005 − 2 − Hewlett-Packard Company Section 1−−191