dnssec-makekeyset.docbook revision dafcb997e390efa4423883dafd100c975c4095d6
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte - Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte - Copyright (C) 2001, 2003 Internet Software Consortium.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte - Permission to use, copy, modify, and distribute this software for any
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte - purpose with or without fee is hereby granted, provided that the above
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte - copyright notice and this permission notice appear in all copies.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte - PERFORMANCE OF THIS SOFTWARE.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte<!-- $Id: dnssec-makekeyset.docbook,v 1.5 2004/03/05 04:57:41 marka Exp $ -->
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte <refentryinfo>
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte </refentryinfo>
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte <refentrytitle><application>dnssec-makekeyset</application></refentrytitle>
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte <refnamediv>
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte <refname><application>dnssec-makekeyset</application></refname>
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte <refpurpose>DNSSEC zone signing tool</refpurpose>
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte </refnamediv>
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte <refsynopsisdiv>
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte <cmdsynopsis>
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte <arg><option>-s <replaceable class="parameter">start-time</replaceable></option></arg>
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte <arg><option>-e <replaceable class="parameter">end-time</replaceable></option></arg>
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte <arg><option>-r <replaceable class="parameter">randomdev</replaceable></option></arg>
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte <arg><option>-t</option><replaceable class="parameter">ttl</replaceable></arg>
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte <arg><option>-v <replaceable class="parameter">level</replaceable></option></arg>
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte </cmdsynopsis>
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte </refsynopsisdiv>
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte <command>dnssec-makekeyset</command> generates a key set from one
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte or more keys created by <command>dnssec-keygen</command>. It creates
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte a file containing a KEY record for each key, and self-signs the key
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte set with each zone key. The output file is of the form
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte <filename>keyset-nnnn.</filename>, where <filename>nnnn</filename>
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte is the zone name.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte <variablelist>
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte <varlistentry>
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte Verify all generated signatures.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte </varlistentry>
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte <varlistentry>
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte <term>-s <replaceable class="parameter">start-time</replaceable></term>
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte Specify the date and time when the generated SIG records
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte become valid. This can be either an absolute or relative
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte time. An absolute start time is indicated by a number
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte in YYYYMMDDHHMMSS notation; 20000530144500 denotes
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte 14:45:00 UTC on May 30th, 2000. A relative start time is
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte indicated by +N, which is N seconds from the current time.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte If no <option>start-time</option> is specified, the current
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte time is used.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte </varlistentry>
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte <varlistentry>
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte <term>-e <replaceable class="parameter">end-time</replaceable></term>
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte Specify the date and time when the generated SIG records
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte expire. As with <option>start-time</option>, an absolute
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte time is indicated in YYYYMMDDHHMMSS notation. A time relative
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte to the start time is indicated with +N, which is N seconds from
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte the start time. A time relative to the current time is
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte indicated with now+N. If no <option>end-time</option> is
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte specified, 30 days from the start time is used as a default.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte </varlistentry>
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte <varlistentry>
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte Prints a short summary of the options and arguments to
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte </varlistentry>
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte <varlistentry>
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte Use pseudo-random data when signing the zone. This is faster,
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte but less secure, than using real random data. This option
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte may be useful when signing large zones or when the entropy
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte source is limited.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte </varlistentry>
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte <varlistentry>
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte <term>-r <replaceable class="parameter">randomdev</replaceable></term>
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte Specifies the source of randomness. If the operating
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte system does not provide a <filename>/dev/random</filename>
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte or equivalent device, the default source of randomness
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte is keyboard input. <filename>randomdev</filename> specifies
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte the name of a character device or file containing random
<userinput>dnssec-makekeyset -t 86400 -s 20000701120000 -e +2592000 Kexample.com.+003+26160</userinput>