bin/dnssec/dnssec-signzone.docbook

	dnssec-signzone.docbook revision 0b062f4990db5cc6db2fe3398926f71b92a67407
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater
c7ef13f6c9ef4436bc804b150e0a93307b11fa27Tinderbox User<refentry>
c7ef13f6c9ef4436bc804b150e0a93307b11fa27Tinderbox User  <refentryinfo>
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox User    <date>June 30, 2000</date>
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox User  </refentryinfo>
c57668a2fbbe558c1bd21652813616f2f517c469Tinderbox User
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User  <refmeta>
137fdbc214e99c4cbe57551e9e14f2015c2e42aeTinderbox User    <refentrytitle><application>dnssec-signzone</application></refentrytitle>
3349f0044fda807e1fd6681c833d3593a22dad86Tinderbox User    <manvolnum>8</manvolnum>
bed0874e1a09e810575328c4bfc346a47514b69fMark Andrews    <refmiscinfo>BIND9</refmiscinfo>
02b47c5d62e1e827743684c28a08e871da454a2dMark Andrews  </refmeta>
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User  <refnamediv>
e20309353e6246485c521278131d3fced73d7957Tinderbox User    <refname><application>dnssec-signzone</application></refname>
e20309353e6246485c521278131d3fced73d7957Tinderbox User    <refpurpose>DNSSEC zone signing tool</refpurpose>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews  </refnamediv>
6c910bd5e4a85a56e3a61fdf7b237a45bb2553eeTinderbox User
3cc98b8ecedcbc8465f1cf2740b966b315662430Automatic Updater  <refsynopsisdiv>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews    <cmdsynopsis>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews      <command>dnssec-signzone</command>
e20309353e6246485c521278131d3fced73d7957Tinderbox User      <arg><option>-a</option></arg>
e20309353e6246485c521278131d3fced73d7957Tinderbox User      <arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews      <arg><option>-d <replaceable class="parameter">directory</replaceable></option></arg>
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater      <arg><option>-s <replaceable class="parameter">start-time</replaceable></option></arg>
efb0e886f18894a1d2489f1ad74ad14b579e11c7Mark Andrews      <arg><option>-e <replaceable class="parameter">end-time</replaceable></option></arg>
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater      <arg><option>-f <replaceable class="parameter">output-file</replaceable></option></arg>
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson      <arg><option>-h</option></arg>
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater      <arg><option>-i <replaceable class="parameter">interval</replaceable></option></arg>
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater      <arg><option>-n <replaceable class="parameter">nthreads</replaceable></option></arg>
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson      <arg><option>-o <replaceable class="parameter">origin</replaceable></option></arg>
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater      <arg><option>-p</option></arg>
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User      <arg><option>-r <replaceable class="parameter">randomdev</replaceable></option></arg>
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User      <arg><option>-t</option></arg>
aa9c561961e9d877946ebaa8795fa2be054ab7bfEvan Hunt      <arg><option>-v <replaceable class="parameter">level</replaceable></option></arg>
e130ab53e992670e2a2ecf043976ac09f21358d1Automatic Updater      <arg choice="req">zonefile</arg>
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater      <arg rep="repeat">key</arg>
aa9c561961e9d877946ebaa8795fa2be054ab7bfEvan Hunt    </cmdsynopsis>
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater  </refsynopsisdiv>
24934f08b9ff81c2be711e566e8002d145573031Tinderbox User
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater  <refsect1>
aa9c561961e9d877946ebaa8795fa2be054ab7bfEvan Hunt    <title>DESCRIPTION</title>
24934f08b9ff81c2be711e566e8002d145573031Tinderbox User    <para>
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox User        <command>dnssec-signzone</command> signs a zone.  It generates NXT
aa9c561961e9d877946ebaa8795fa2be054ab7bfEvan Hunt    and SIG records and produces a signed version of the zone.  If there
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User    is a <filename>signedkey</filename> file from the zone's parent,
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater    the parent's signatures will be incorporated into the generated
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater    signed zone file.  The security status of delegations from the the
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater        signed zone (that is, whether the child zones are secure or not) is
cdfc81e048bd34c1d628380247bda6b80a89e20eAutomatic Updater        determined by the presence or absence of a
cdfc81e048bd34c1d628380247bda6b80a89e20eAutomatic Updater    <filename>signedkey</filename> file for each child zone.
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater    </para>
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater  </refsect1>
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater  <refsect1>
eabc9c3c07cd956d3c436bd7614cb162dabdda76Mark Andrews    <title>OPTIONS</title>
eabc9c3c07cd956d3c436bd7614cb162dabdda76Mark Andrews
eabc9c3c07cd956d3c436bd7614cb162dabdda76Mark Andrews    <variablelist>
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User      <varlistentry>
e20309353e6246485c521278131d3fced73d7957Tinderbox User        <term>-a</term>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews    <listitem>
24934f08b9ff81c2be711e566e8002d145573031Tinderbox User      <para>
e20309353e6246485c521278131d3fced73d7957Tinderbox User          Verify all generated signatures.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews      </para>
7feccf248d2a20a2ae48b290f58ded5abc853e9aTinderbox User    </listitem>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews      </varlistentry>
c59750de3ea3c7d5890000fb4606e8f5835a52aaTinderbox User
80faf1588895fd26490f82f95a7a1b771df1c324Automatic Updater      <varlistentry>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews        <term>-c <replaceable class="parameter">class</replaceable></term>
ec7751119a08c6a7250f3187beed69a8b836d349Tinderbox User    <listitem>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews      <para>
114f7780384371121918624ae2c80ecfce545683Tinderbox User           Specifies the DNS class of the zone.
693c4232dfdffaff672197d4b9fea944c64cf80aAutomatic Updater      </para>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews    </listitem>
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater      </varlistentry>
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater      <varlistentry>
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater        <term>-d <replaceable class="parameter">directory</replaceable></term>
efb0e886f18894a1d2489f1ad74ad14b579e11c7Mark Andrews    <listitem>
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater      <para>
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson           Look for <filename>signedkey</filename> files in
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater           <option>directory</option> as the directory
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater      </para>
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson    </listitem>
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater      </varlistentry>
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User
b871c7156eb037d41f53828c6fcb9cc876128962Mark Andrews      <varlistentry>
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews        <term>-s <replaceable class="parameter">start-time</replaceable></term>
3349f0044fda807e1fd6681c833d3593a22dad86Tinderbox User    <listitem>
3349f0044fda807e1fd6681c833d3593a22dad86Tinderbox User      <para>
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews           Specify the date and time when the generated SIG records
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont           become valid.  This can be either an absolute or relative
3349f0044fda807e1fd6681c833d3593a22dad86Tinderbox User           time.  An absolute start time is indicated by a number
3349f0044fda807e1fd6681c833d3593a22dad86Tinderbox User           in YYYYMMDDHHMMSS notation; 20000530144500 denotes
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont           14:45:00 UTC on May 30th, 2000.  A relative start time is
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews           indicated by +N, which is N seconds from the current time.
2ba8f584b97cbab864570e38fd26b8cb90961428Tinderbox User           If no <option>start-time</option> is specified, the current
3349f0044fda807e1fd6681c833d3593a22dad86Tinderbox User           time is used.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews      </para>
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews    </listitem>
bed0874e1a09e810575328c4bfc346a47514b69fMark Andrews      </varlistentry>
24bf1e02f03577db0feb50b80238c4150c96d05dAutomatic Updater
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews      <varlistentry>
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews        <term>-e <replaceable class="parameter">end-time</replaceable></term>
2ba8f584b97cbab864570e38fd26b8cb90961428Tinderbox User    <listitem>
a308b69ac66fadf66863484f301314d6e6a3f1d2Automatic Updater      <para>
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews           Specify the date and time when the generated SIG records
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews           expire.  As with <option>start-time</option>, an absolute
551271d8198ae06e37edf5da519d8ee153eeac0fTinderbox User           time is indicated in YYYYMMDDHHMMSS notation.  A time relative
27c3c21f41520e8d6336d80a8094389e321cb6d2Mark Andrews           to the start time is indicated with +N, which is N seconds from
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews           the start time.  A time realtive to the current time is
b871c7156eb037d41f53828c6fcb9cc876128962Mark Andrews           indicated with now+N.  If no <option>end-time</option> is
b871c7156eb037d41f53828c6fcb9cc876128962Mark Andrews           specified, 30 days from the start time is used as a default.
b871c7156eb037d41f53828c6fcb9cc876128962Mark Andrews      </para>
01a5c5503482fb3ba52088bf0178a7213273bf96Mark Andrews    </listitem>
551271d8198ae06e37edf5da519d8ee153eeac0fTinderbox User      </varlistentry>
b871c7156eb037d41f53828c6fcb9cc876128962Mark Andrews
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater      <varlistentry>
cdfc81e048bd34c1d628380247bda6b80a89e20eAutomatic Updater        <term>-f <replaceable class="parameter">output-file</replaceable></term>
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater    <listitem>
fe80a4909bf62b602feaf246866e9d29f7654194Automatic Updater      <para>
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater           The name of the output file containing the signed zone.  The
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater           default is to append <filename>.signed</filename> to the
fe80a4909bf62b602feaf246866e9d29f7654194Automatic Updater           input file.
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater      </para>
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater    </listitem>
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson      </varlistentry>
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews      <varlistentry>
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson        <term>-h</term>
dd65eb1efb40b1c47d57963192bfc54873b219beAutomatic Updater    <listitem>
dd65eb1efb40b1c47d57963192bfc54873b219beAutomatic Updater      <para>
dd65eb1efb40b1c47d57963192bfc54873b219beAutomatic Updater           Prints a short summary of the options and arguments to
133e6d43fa82e80d3798be4de00f4540f485ec6cAutomatic Updater           <command>dnssec-signzone</command>.
133e6d43fa82e80d3798be4de00f4540f485ec6cAutomatic Updater      </para>
133e6d43fa82e80d3798be4de00f4540f485ec6cAutomatic Updater    </listitem>
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater      </varlistentry>
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater      <varlistentry>
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User        <term>-i <replaceable class="parameter">interval</replaceable></term>
8e5fce1f9ceba17dd7e3ff0eb287e1e999c14249Mark Andrews    <listitem>
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User      <para>
c7ef13f6c9ef4436bc804b150e0a93307b11fa27Tinderbox User           When a previously signed zone is passed as input, records
c7ef13f6c9ef4436bc804b150e0a93307b11fa27Tinderbox User           may be resigned.  The <option>interval</option> option
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User           specifies the cycle interval as an offset from the current
f132a836c4e386b1af045dd8fe7106ae61b90bffAutomatic Updater           time (in seconds).  If a SIG record expires after the
d642d3857129678797a01adee14fbd70335b05a9Mark Andrews           cycle interval, it is retained.  Otherwise, it is considered
609b8d08176469485edce25f3c2f50365bbd3819Mark Andrews           to be expiring soon, and it will be replaced.
609b8d08176469485edce25f3c2f50365bbd3819Mark Andrews      </para>
5f33078b538b3d317917deb962bd057b2a888db1Tinderbox User      <para>
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User           The default cycle interval is one quarter of the difference
8e5fce1f9ceba17dd7e3ff0eb287e1e999c14249Mark Andrews           between the signature end and start times.  So if neither
269519eeb959d905ed125f96426e01d725c3b597Tinderbox User           <option>end-time</option> or <option>start-time</option>
8711e5c73ca872d59810760af0332194cbdd619bAutomatic Updater           are specified, <command>dnssec-signzone</command> generates
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater           signatures that are valid for 30 days, with a cycle
8f2c45a35dd8c40bcc9caba8f7d40ce64fc27bcdAutomatic Updater           interval of 7.5 days.  Therefore, if any existing SIG records
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater           are due to expire in less than 7.5 days, they would be
8f2c45a35dd8c40bcc9caba8f7d40ce64fc27bcdAutomatic Updater           replaced.
8e5fce1f9ceba17dd7e3ff0eb287e1e999c14249Mark Andrews      </para>
6a9d2121152c94cb9e35832126c3f2e4d18d81edTinderbox User    </listitem>
e85565067cf73f8cc21ee29b11761659f1d47ee9Automatic Updater      </varlistentry>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater
bc0a53583d92309bebcf93c408e2f3247ebd3d3cAutomatic Updater      <varlistentry>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater        <term>-n <replaceable class="parameter">ncpus</replaceable></term>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater    <listitem>
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater      <para>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater           Specifies the number of threads to use.  By default, one
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater           thread is started for each detected CPU.
7f79131f9a8e804b93c57f3c679065cce878b726Automatic Updater      </para>
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater    </listitem>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater      </varlistentry>
609b8d08176469485edce25f3c2f50365bbd3819Mark Andrews
609b8d08176469485edce25f3c2f50365bbd3819Mark Andrews      <varlistentry>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater        <term>-o <replaceable class="parameter">origin</replaceable></term>
19b3dc94bce93fa76bd7e066f9298630dbc9dcb4Automatic Updater    <listitem>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater      <para>
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater           The zone origin.  If not specified, the name of the zone file
7f94d9a8162c9a96b56e66176702b66e79d8e1a2Automatic Updater           is assumed to be the origin.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater      </para>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater    </listitem>
5ecad47f69b3fd945472ab2900a9ff826a7ce2f6Automatic Updater      </varlistentry>
8e5fce1f9ceba17dd7e3ff0eb287e1e999c14249Mark Andrews
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater      <varlistentry>
6a9d2121152c94cb9e35832126c3f2e4d18d81edTinderbox User        <term>-p</term>
6a9d2121152c94cb9e35832126c3f2e4d18d81edTinderbox User    <listitem>
7262eb86f2b465822206122921e2f357218f0cfdAutomatic Updater      <para>
96ea71632887c58a9d00f47eb318bf76b35903c3Mark Andrews           Use pseudo-random data when signing the zone.  This is faster,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater           but less secure, than using real random data.  This option
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater           may be useful when signing large zones or when the entropy
bbb069be941f649228760edcc241122933c066d2Automatic Updater           source is limited.
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater      </para>
4cda4fd158d6ded5586bacea8c388445d99611eaAutomatic Updater    </listitem>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews      </varlistentry>
da59e63e7af147a8bcef985b98b04443e04c3a0eTinderbox User
80faf1588895fd26490f82f95a7a1b771df1c324Automatic Updater      <varlistentry>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews        <term>-r <replaceable class="parameter">randomdev</replaceable></term>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater    <listitem>
6a9d2121152c94cb9e35832126c3f2e4d18d81edTinderbox User      <para>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews           Specifies the source of randomness.  If the operating
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews           system does not provide a <filename>/dev/random</filename>
27c3c21f41520e8d6336d80a8094389e321cb6d2Mark Andrews           or equivalent device, the default source of randomness
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews           is keyboard input.  <filename>randomdev</filename> specifies
551271d8198ae06e37edf5da519d8ee153eeac0fTinderbox User           the name of a character device or file containing random
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews           data to be used instead of the default.  The special value
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater           <filename>keyboard</filename> indicates that keyboard
bbc0e1c4f47f101c4a64db3469352c49a49e734fTinderbox User           input should be used.
f751b1576ee6fef4023bf7101d10167e4fe520f3Tinderbox User      </para>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater    </listitem>
a792d42c3cdd6cd4608b936c0a06437b8c2d99ccTinderbox User      </varlistentry>
da59e63e7af147a8bcef985b98b04443e04c3a0eTinderbox User
da59e63e7af147a8bcef985b98b04443e04c3a0eTinderbox User      <varlistentry>
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User        <term>-t</term>
dc5552b4df5e3821783821c8d4e734c1608c446eTinderbox User    <listitem>
cf7e98f59148b559946a7f1ca728471374f1eef3Automatic Updater      <para>
930f6069e5aa157cf6987cdafd412f5757a5a558Automatic Updater           Print statistics at completion.
27c3c21f41520e8d6336d80a8094389e321cb6d2Mark Andrews      </para>
dc5552b4df5e3821783821c8d4e734c1608c446eTinderbox User    </listitem>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater      </varlistentry>
cf7e98f59148b559946a7f1ca728471374f1eef3Automatic Updater
c3fd32ed29e9e419bb56583f4272a506773b1ea0Automatic Updater      <varlistentry>
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson        <term>-v <replaceable class="parameter">level</replaceable></term>
c3fd32ed29e9e419bb56583f4272a506773b1ea0Automatic Updater    <listitem>
c3fd32ed29e9e419bb56583f4272a506773b1ea0Automatic Updater      <para>
a382ca49c874d38ad3ac8995b49f9f27128e4ca9Automatic Updater           Sets the debugging level.
fe600c3ad88c0bb078283a953d048087d227c0e5Tinderbox User      </para>
bbc0e1c4f47f101c4a64db3469352c49a49e734fTinderbox User    </listitem>
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User      </varlistentry>
e20309353e6246485c521278131d3fced73d7957Tinderbox User
3857cb6fcabeb79d85de4b3e3e4ab99912b701f8Mark Andrews      <varlistentry>
d642d3857129678797a01adee14fbd70335b05a9Mark Andrews        <term>zonefile</term>
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User    <listitem>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews      <para>
9174e44c14b1cb91a651fa1dc29470438c246ab9Automatic Updater           The file containing the zone to be signed.
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson           Sets the debugging level.
e2caa7536302de34de6cc04025abcd53dc3a499aAutomatic Updater      </para>
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User    </listitem>
8292deab031e7599cd7622aa7675fbe139ca6095Mark Andrews      </varlistentry>
0b57424d28c9a67018107133f9fbc0a7dcf057e2Mark Andrews
0b57424d28c9a67018107133f9fbc0a7dcf057e2Mark Andrews      <varlistentry>
0b57424d28c9a67018107133f9fbc0a7dcf057e2Mark Andrews        <term>key</term>
f751b1576ee6fef4023bf7101d10167e4fe520f3Tinderbox User    <listitem>
f751b1576ee6fef4023bf7101d10167e4fe520f3Tinderbox User      <para>
f751b1576ee6fef4023bf7101d10167e4fe520f3Tinderbox User           The keys used to sign the zone.  If no keys are specified, the
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews           default all zone keys that have private key files in the
b109432c3a939bff66a463be86c371bd88efe3aaAutomatic Updater           current directory.
7d12a6b412fe47e6d6582923fd6954ab8cd0baebAutomatic Updater      </para>
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews    </listitem>
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews      </varlistentry>
3351ccbd5c1961404044f8273d54dad405f53960Mark Andrews
7d12a6b412fe47e6d6582923fd6954ab8cd0baebAutomatic Updater    </variablelist>
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews  </refsect1>
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews
3351ccbd5c1961404044f8273d54dad405f53960Mark Andrews  <refsect1>
7d12a6b412fe47e6d6582923fd6954ab8cd0baebAutomatic Updater    <title>EXAMPLE</title>
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews    <para>
0b57424d28c9a67018107133f9fbc0a7dcf057e2Mark Andrews        The following command signs the <userinput>example.com</userinput>
7d12a6b412fe47e6d6582923fd6954ab8cd0baebAutomatic Updater    zone with the DSA key generated in the <command>dnssec-keygen</command>
0b57424d28c9a67018107133f9fbc0a7dcf057e2Mark Andrews    man page.  The zone's keys must be in the zone.  If there are
e8fc8c884b44371784805e1e0d3100da403dd3f1Automatic Updater    <filename>signedkey</filename> files associated with this zone
e8fc8c884b44371784805e1e0d3100da403dd3f1Automatic Updater    or any child zones, they must be in the current directory.
e8fc8c884b44371784805e1e0d3100da403dd3f1Automatic Updater    <userinput>example.com</userinput>, the following command would be
e8fc8c884b44371784805e1e0d3100da403dd3f1Automatic Updater    issued:
e8fc8c884b44371784805e1e0d3100da403dd3f1Automatic Updater    </para>
e8fc8c884b44371784805e1e0d3100da403dd3f1Automatic Updater    <para>
e8fc8c884b44371784805e1e0d3100da403dd3f1Automatic Updater        <userinput>dnssec-signzone -o example.com db.example.com Kexample.com.+003+26160</userinput>
e8fc8c884b44371784805e1e0d3100da403dd3f1Automatic Updater    </para>
e8fc8c884b44371784805e1e0d3100da403dd3f1Automatic Updater    <para>
7d12a6b412fe47e6d6582923fd6954ab8cd0baebAutomatic Updater        The command would print a string of the form:
b30ec46fec40a1b246f7965fbcd341fc6cfd1cc1Mark Andrews    </para>
82a986aaa5d3384a541b5a7d6dae8cf0726d6513Tinderbox User    <para>
82a986aaa5d3384a541b5a7d6dae8cf0726d6513Tinderbox User        In this example, <command>dnssec-signzone</command> creates
c7ef13f6c9ef4436bc804b150e0a93307b11fa27Tinderbox User    the file <filename>db.example.com.signed</filename>.  This file
01a5c5503482fb3ba52088bf0178a7213273bf96Mark Andrews    should be referenced in a zone statement in a
82a986aaa5d3384a541b5a7d6dae8cf0726d6513Tinderbox User    <filename>named.conf</filename> file.
b30ec46fec40a1b246f7965fbcd341fc6cfd1cc1Mark Andrews    </para>
b30ec46fec40a1b246f7965fbcd341fc6cfd1cc1Mark Andrews  </refsect1>
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User  <refsect1>
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater    <title>SEE ALSO</title>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews    <para>
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox User      <citerefentry>
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox User        <refentrytitle>dnssec-keygen</refentrytitle>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews    <manvolnum>8</manvolnum>
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox User      </citerefentry>,
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews      <citerefentry>
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox User        <refentrytitle>dnssec-signkey</refentrytitle>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews    <manvolnum>8</manvolnum>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater      </citerefentry>,
7f79131f9a8e804b93c57f3c679065cce878b726Automatic Updater      <citetitle>BIND 9 Administrator Reference Manual</citetitle>,
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater      <citetitle>RFC 2535</citetitle>.
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson    </para>
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater  </refsect1>
efb0e886f18894a1d2489f1ad74ad14b579e11c7Mark Andrews
efb0e886f18894a1d2489f1ad74ad14b579e11c7Mark Andrews  <refsect1>
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User    <title>AUTHOR</title>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington    <para>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington        <corpauthor>Internet Software Consortium</corpauthor>
e20309353e6246485c521278131d3fced73d7957Tinderbox User    </para>
f7369b2881b5e63d69600adcedc8ba938303d30cTinderbox User  </refsect1>
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User
b13d89bd89878137c81b36a36596cca3920f27a4Automatic Updater</refentry>
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User<!--
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater - Local variables:
f7369b2881b5e63d69600adcedc8ba938303d30cTinderbox User - mode: sgml
f7369b2881b5e63d69600adcedc8ba938303d30cTinderbox User - End:
d6317350b1180aa4517f2e8a92fa8fbcbf904ad8Automatic Updater-->
bc0a4c01beede169df81a3ee5b614ed9e82339dbAutomatic Updater