0N/A<!
DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
0N/A - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") 0N/A - Copyright (C) 2000, 2001, 2003 Internet Software Consortium. 0N/A - Permission to use, copy, modify, and distribute this software for any 0N/A - purpose with or without fee is hereby granted, provided that the above 0N/A - copyright notice and this permission notice appear in all copies. 0N/A - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 0N/A - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 0N/A - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 0N/A - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 0N/A - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 0N/A - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 0N/A - PERFORMANCE OF THIS SOFTWARE. 0N/A <
date>June 30, 2000</
date>
0N/A <
refentrytitle><
application>dnssec-makekeyset</
application></
refentrytitle>
0N/A <
manvolnum>8</
manvolnum>
0N/A <
refmiscinfo>BIND9</
refmiscinfo>
0N/A <
refname><
application>dnssec-makekeyset</
application></
refname>
0N/A <
refpurpose>DNSSEC zone signing tool</
refpurpose>
0N/A <
command>dnssec-makekeyset</
command>
0N/A <
arg><
option>-a</
option></
arg>
0N/A <
arg><
option>-s <
replaceable class="parameter">start-time</
replaceable></
option></
arg>
0N/A <
arg><
option>-e <
replaceable class="parameter">end-time</
replaceable></
option></
arg>
0N/A <
arg><
option>-h</
option></
arg>
0N/A <
arg><
option>-p</
option></
arg>
0N/A <
arg><
option>-r <
replaceable class="parameter">randomdev</
replaceable></
option></
arg>
0N/A <
arg><
option>-t</
option><
replaceable class="parameter">ttl</
replaceable></
arg>
0N/A <
arg><
option>-v <
replaceable class="parameter">level</
replaceable></
option></
arg>
0N/A <
arg choice="req" rep="repeat">key</
arg>
0N/A <
title>DESCRIPTION</
title>
100N/A <
command>dnssec-makekeyset</
command> generates a key set from one
100N/A or more keys created by <
command>dnssec-keygen</
command>. It creates
100N/A a file containing a KEY record for each key, and self-signs the key
0N/A set with each zone key. The output file is of the form
0N/A <
filename>keyset-nnnn.</
filename>, where <
filename>nnnn</
filename>
0N/A <
title>OPTIONS</
title>
0N/A Verify all generated signatures.
0N/A <
term>-s <
replaceable class="parameter">start-time</
replaceable></
term>
0N/A Specify the date and time when the generated SIG records
0N/A become valid. This can be either an absolute or relative
0N/A time. An absolute start time is indicated by a number
0N/A in YYYYMMDDHHMMSS notation; 20000530144500 denotes
0N/A 14:45:00 UTC on May 30th, 2000. A relative start time is
0N/A indicated by +N, which is N seconds from the current time.
0N/A If no <
option>start-time</
option> is specified, the current
0N/A <
term>-e <
replaceable class="parameter">end-time</
replaceable></
term>
0N/A Specify the date and time when the generated SIG records
0N/A expire. As with <
option>start-time</
option>, an absolute
0N/A time is indicated in YYYYMMDDHHMMSS notation. A time relative
0N/A to the start time is indicated with +N, which is N seconds from
0N/A the start time. A time relative to the current time is
0N/A indicated with now+N. If no <
option>end-time</
option> is
0N/A specified, 30 days from the start time is used as a default.
0N/A Prints a short summary of the options and arguments to
0N/A <
command>dnssec-makekeyset</
command>.
0N/A Use pseudo-random data when signing the zone. This is faster,
0N/A but less secure, than using real random data. This option
0N/A may be useful when signing large zones or when the entropy
0N/A <
term>-r <
replaceable class="parameter">randomdev</
replaceable></
term>
0N/A Specifies the source of randomness. If the operating
0N/A or equivalent device, the default source of randomness
100N/A is keyboard input. <
filename>randomdev</
filename> specifies
100N/A the name of a character device or file containing random
100N/A data to be used instead of the default. The special value
100N/A <
filename>keyboard</
filename> indicates that keyboard
100N/A <
term>-t <
replaceable class="parameter">ttl</
replaceable></
term>
0N/A Specify the TTL (time to live) of the KEY and SIG records.
0N/A The default is 3600 seconds.
100N/A <
term>-v <
replaceable class="parameter">level</
replaceable></
term>
100N/A Sets the debugging level.
100N/A The list of keys to be included in the keyset file. These keys
100N/A are expressed in the form <
filename>Knnnn.+aaa+iiiii</
filename>
100N/A as generated by <
command>dnssec-keygen</
command>.
0N/A <
title>EXAMPLE</
title>
0N/A The following command generates a keyset containing the DSA key for
0N/A <
command>dnssec-keygen</
command> man page.
0N/A <
userinput>dnssec-makekeyset -t 86400 -s 20000701120000 -e +2592000
Kexample.com.+003+26160</
userinput>
0N/A In this example, <
command>dnssec-makekeyset</
command> creates
0N/A contains the specified key and a self-generated signature.
0N/A administrator for <
userinput>.com</
userinput> for signing, if the
0N/A .com zone is DNSSEC-aware and the administrators of the two zones
0N/A have some mechanism for authenticating each other and exchanging
0N/A the keys and signatures securely.
0N/A <
title>SEE ALSO</
title>
0N/A <
refentrytitle>dnssec-keygen</
refentrytitle>
0N/A <
manvolnum>8</
manvolnum>
0N/A <
refentrytitle>dnssec-signkey</
refentrytitle>
0N/A <
manvolnum>8</
manvolnum>
0N/A <
citetitle>BIND 9 Administrator Reference Manual</
citetitle>,
0N/A <
citetitle>RFC 2535</
citetitle>.
0N/A <
title>AUTHOR</
title>
0N/A <
corpauthor>Internet Systems Consortium</
corpauthor>