man.dnssec-settime.html revision 32098293b78922a5fbd10906afa28624820d3756
5f5870385cff47efd2f58e7892f251cf13761528Timo Sirainen<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen<!--
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen - Copyright (C) 2000-2017 Internet Systems Consortium, Inc. ("ISC")
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen -
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen - This Source Code Form is subject to the terms of the Mozilla Public
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen - License, v. 2.0. If a copy of the MPL was not distributed with this
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen - file, You can obtain one at http://mozilla.org/MPL/2.0/.
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen-->
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen<html lang="en">
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen<head>
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen<title>dnssec-settime</title>
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen<link rel="up" href="Bv9ARM.ch13.html" title="Manual pages">
2615df45a8027948a474abe5e817b34b0499c171Timo Sirainen<link rel="prev" href="man.dnssec-revoke.html" title="dnssec-revoke">
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen<link rel="next" href="man.dnssec-signzone.html" title="dnssec-signzone">
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen</head>
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen<div class="navheader">
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen<table width="100%" summary="Navigation header">
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen<tr><th colspan="3" align="center"><span class="application">dnssec-settime</span></th></tr>
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen<tr>
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen<td width="20%" align="left">
35283613d4c04ce18836e9fc431582c87b3710a0Timo Sirainen<a accesskey="p" href="man.dnssec-revoke.html">Prev</a>�</td>
35283613d4c04ce18836e9fc431582c87b3710a0Timo Sirainen<th width="60%" align="center">Manual pages</th>
35283613d4c04ce18836e9fc431582c87b3710a0Timo Sirainen<td width="20%" align="right">�<a accesskey="n" href="man.dnssec-signzone.html">Next</a>
35283613d4c04ce18836e9fc431582c87b3710a0Timo Sirainen</td>
ebe6df72f1309135f02b6a4d2aef1e81a073f91cTimo Sirainen</tr>
2d01cc1880cf2afd4fb1c8ad7fa6ce78e562e71eTimo Sirainen</table>
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen<hr>
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen</div>
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen<div class="refentry">
910fa4e4204a73d3d24c03f3059dd24e727ca057Timo Sirainen<a name="man.dnssec-settime"></a><div class="titlepage"></div>
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen <div class="refnamediv">
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen<h2>Name</h2>
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen<p>
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen <span class="application">dnssec-settime</span>
83bb013a99f0936995f9c7a1077822662d8fefdbTimo Sirainen &#8212; set the key timing metadata for a DNSSEC key
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen </p>
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen</div>
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen
ae1b268ffff743ad9927c304a1344c5cbd7f909dTimo Sirainen <div class="refsynopsisdiv">
83bb013a99f0936995f9c7a1077822662d8fefdbTimo Sirainen<h2>Synopsis</h2>
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen <div class="cmdsynopsis"><p>
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen <code class="command">dnssec-settime</code>
83bb013a99f0936995f9c7a1077822662d8fefdbTimo Sirainen [<code class="option">-f</code>]
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>]
ae1b268ffff743ad9927c304a1344c5cbd7f909dTimo Sirainen [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>]
83bb013a99f0936995f9c7a1077822662d8fefdbTimo Sirainen [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>]
83bb013a99f0936995f9c7a1077822662d8fefdbTimo Sirainen [<code class="option">-P sync <em class="replaceable"><code>date/offset</code></em></code>]
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>]
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>]
83bb013a99f0936995f9c7a1077822662d8fefdbTimo Sirainen [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>]
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>]
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen [<code class="option">-D sync <em class="replaceable"><code>date/offset</code></em></code>]
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen [<code class="option">-h</code>]
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen [<code class="option">-V</code>]
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen [<code class="option">-v <em class="replaceable"><code>level</code></em></code>]
ae1b268ffff743ad9927c304a1344c5cbd7f909dTimo Sirainen [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>]
83bb013a99f0936995f9c7a1077822662d8fefdbTimo Sirainen {keyfile}
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen </p></div>
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen </div>
97ee61d723f99fa20fc9c95cfe17b3816c613ff5Timo Sirainen
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen <div class="refsection">
ae1b268ffff743ad9927c304a1344c5cbd7f909dTimo Sirainen<a name="id-1.14.15.7"></a><h2>DESCRIPTION</h2>
83bb013a99f0936995f9c7a1077822662d8fefdbTimo Sirainen
83bb013a99f0936995f9c7a1077822662d8fefdbTimo Sirainen <p><span class="command"><strong>dnssec-settime</strong></span>
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen reads a DNSSEC private key file and sets the key timing metadata
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen as specified by the <code class="option">-P</code>, <code class="option">-A</code>,
83bb013a99f0936995f9c7a1077822662d8fefdbTimo Sirainen <code class="option">-R</code>, <code class="option">-I</code>, and <code class="option">-D</code>
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen options. The metadata can then be used by
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen <span class="command"><strong>dnssec-signzone</strong></span> or other signing software to
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen determine when a key is to be published, whether it should be
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen used for signing a zone, etc.
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen </p>
ae1b268ffff743ad9927c304a1344c5cbd7f909dTimo Sirainen <p>
83bb013a99f0936995f9c7a1077822662d8fefdbTimo Sirainen If none of these options is set on the command line,
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen then <span class="command"><strong>dnssec-settime</strong></span> simply prints the key timing
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen metadata already stored in the key.
83bb013a99f0936995f9c7a1077822662d8fefdbTimo Sirainen </p>
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen <p>
75f3dddc3a5922c92a1bdb921b653ead51227cabTimo Sirainen When key metadata fields are changed, both files of a key
83bb013a99f0936995f9c7a1077822662d8fefdbTimo Sirainen pair (<code class="filename">Knnnn.+aaa+iiiii.key</code> and
83bb013a99f0936995f9c7a1077822662d8fefdbTimo Sirainen <code class="filename">Knnnn.+aaa+iiiii.private</code>) are regenerated.
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen Metadata fields are stored in the private file. A human-readable
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen description of the metadata is also placed in comments in the key
83bb013a99f0936995f9c7a1077822662d8fefdbTimo Sirainen file. The private file's permissions are always set to be
6df0ab0c1ab91f06b6418cb30eff44405a1b8f02Timo Sirainen inaccessible to anyone other than the owner (mode 0600).
6df0ab0c1ab91f06b6418cb30eff44405a1b8f02Timo Sirainen </p>
6df0ab0c1ab91f06b6418cb30eff44405a1b8f02Timo Sirainen </div>
6df0ab0c1ab91f06b6418cb30eff44405a1b8f02Timo Sirainen
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen <div class="refsection">
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen<a name="id-1.14.15.8"></a><h2>OPTIONS</h2>
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen <div class="variablelist"><dl class="variablelist">
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen<dt><span class="term">-f</span></dt>
2d01cc1880cf2afd4fb1c8ad7fa6ce78e562e71eTimo Sirainen<dd>
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen <p>
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen Force an update of an old-format key with no metadata fields.
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen Without this option, <span class="command"><strong>dnssec-settime</strong></span> will
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen fail when attempting to update a legacy key. With this option,
910fa4e4204a73d3d24c03f3059dd24e727ca057Timo Sirainen the key will be recreated in the new format, but with the
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen original key data retained. The key's creation date will be
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen set to the present time. If no other values are specified,
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen then the key's publication and activation dates will also
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen be set to the present time.
83bb013a99f0936995f9c7a1077822662d8fefdbTimo Sirainen </p>
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen </dd>
573f0491a5733fe21fa062a455acb4790b4e0499Timo Sirainen<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
f0a2d04321ba456e5c5ba821c0d1ed9e8e0e2e08Timo Sirainen<dd>
573f0491a5733fe21fa062a455acb4790b4e0499Timo Sirainen <p>
6564208826b0f46a00f010d1b5711d85944c3c88Timo Sirainen Sets the directory in which the key files are to reside.
6564208826b0f46a00f010d1b5711d85944c3c88Timo Sirainen </p>
6564208826b0f46a00f010d1b5711d85944c3c88Timo Sirainen </dd>
6564208826b0f46a00f010d1b5711d85944c3c88Timo Sirainen<dt><span class="term">-L <em class="replaceable"><code>ttl</code></em></span></dt>
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen<dd>
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen <p>
83bb013a99f0936995f9c7a1077822662d8fefdbTimo Sirainen Sets the default TTL to use for this key when it is converted
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen into a DNSKEY RR. If the key is imported into a zone,
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen this is the TTL that will be used for it, unless there was
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen already a DNSKEY RRset in place, in which case the existing TTL
0d86aa0d47f7393c669c084b34c0537b193688adTimo Sirainen would take precedence. If this value is not set and there
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen is no existing DNSKEY RRset, the TTL will default to the
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen SOA TTL. Setting the default TTL to <code class="literal">0</code>
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen or <code class="literal">none</code> removes it from the key.
aa247243412a49f9bdebf7255e131dc6ece4ed46Timo Sirainen </p>
e15b305e90c9834734ccf35ed78f0ad29d570ee9Timo Sirainen </dd>
421d30619384e72a27e2a5d13ff6525aff4d17feTimo Sirainen<dt><span class="term">-h</span></dt>
ecd69c4e8371853667e01b0c16d436ef7f7393e2Timo Sirainen<dd>
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen <p>
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen Emit usage message and exit.
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen </p>
a757f31393b9d6fc7760a9dec8363404ab3ae576Timo Sirainen </dd>
a2f250a332dfc1e6cd4ffd196c621eb9dbf7b8a1Timo Sirainen<dt><span class="term">-V</span></dt>
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen<dd>
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen <p>
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen Prints version information.
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen </p>
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen </dd>
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen<dd>
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen <p>
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen Sets the debugging level.
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen </p>
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen </dd>
9af6cc9ebc9986c1275ebdfa29c39e152af1557eTimo Sirainen<dt><span class="term">-E <em class="replaceable"><code>engine</code></em></span></dt>
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen<dd>
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen <p>
ad48319996942463675b53877092ab7e13a7a75aTimo Sirainen Specifies the cryptographic hardware to use, when applicable.
225e82df5dd1e765f4e52b80c954558f00e5a7dfTimo Sirainen </p>
838e367716bbd5e44b4a1691db9cbf72af53e9f0Timo Sirainen <p>
6564208826b0f46a00f010d1b5711d85944c3c88Timo Sirainen When BIND is built with OpenSSL PKCS#11 support, this defaults
6564208826b0f46a00f010d1b5711d85944c3c88Timo Sirainen to the string "pkcs11", which identifies an OpenSSL engine
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen that can drive a cryptographic accelerator or hardware service
module. When BIND is built with native PKCS#11 cryptography
(--enable-native-pkcs11), it defaults to the path of the PKCS#11
provider library specified via "--with-pkcs11".
</p>
</dd>
</dl></div>
</div>
<div class="refsection">
<a name="id-1.14.15.9"></a><h2>TIMING OPTIONS</h2>
<p>
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
If the argument begins with a '+' or '-', it is interpreted as
an offset from the present time. For convenience, if such an offset
is followed by one of the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi',
then the offset is computed in years (defined as 365 24-hour days,
ignoring leap years), months (defined as 30 24-hour days), weeks,
days, hours, or minutes, respectively. Without a suffix, the offset
is computed in seconds. To unset a date, use 'none' or 'never'.
</p>
<div class="variablelist"><dl class="variablelist">
<dt><span class="term">-P <em class="replaceable"><code>date/offset</code></em></span></dt>
<dd>
<p>
Sets the date on which a key is to be published to the zone.
After that date, the key will be included in the zone but will
not be used to sign it.
</p>
</dd>
<dt><span class="term">-P sync <em class="replaceable"><code>date/offset</code></em></span></dt>
<dd>
<p>
Sets the date on which CDS and CDNSKEY records that match this
key are to be published to the zone.
</p>
</dd>
<dt><span class="term">-A <em class="replaceable"><code>date/offset</code></em></span></dt>
<dd>
<p>
Sets the date on which the key is to be activated. After that
date, the key will be included in the zone and used to sign
it.
</p>
</dd>
<dt><span class="term">-R <em class="replaceable"><code>date/offset</code></em></span></dt>
<dd>
<p>
Sets the date on which the key is to be revoked. After that
date, the key will be flagged as revoked. It will be included
in the zone and will be used to sign it.
</p>
</dd>
<dt><span class="term">-I <em class="replaceable"><code>date/offset</code></em></span></dt>
<dd>
<p>
Sets the date on which the key is to be retired. After that
date, the key will still be included in the zone, but it
will not be used to sign it.
</p>
</dd>
<dt><span class="term">-D <em class="replaceable"><code>date/offset</code></em></span></dt>
<dd>
<p>
Sets the date on which the key is to be deleted. After that
date, the key will no longer be included in the zone. (It
may remain in the key repository, however.)
</p>
</dd>
<dt><span class="term">-D sync <em class="replaceable"><code>date/offset</code></em></span></dt>
<dd>
<p>
Sets the date on which the CDS and CDNSKEY records that match this
key are to be deleted.
</p>
</dd>
<dt><span class="term">-S <em class="replaceable"><code>predecessor key</code></em></span></dt>
<dd>
<p>
Select a key for which the key being modified will be an
explicit successor. The name, algorithm, size, and type of the
predecessor key must exactly match those of the key being
modified. The activation date of the successor key will be set
to the inactivation date of the predecessor. The publication
date will be set to the activation date minus the prepublication
interval, which defaults to 30 days.
</p>
</dd>
<dt><span class="term">-i <em class="replaceable"><code>interval</code></em></span></dt>
<dd>
<p>
Sets the prepublication interval for a key. If set, then
the publication and activation dates must be separated by at least
this much time. If the activation date is specified but the
publication date isn't, then the publication date will default
to this much time before the activation date; conversely, if
the publication date is specified but activation date isn't,
then activation will be set to this much time after publication.
</p>
<p>
If the key is being set to be an explicit successor to another
key, then the default prepublication interval is 30 days;
otherwise it is zero.
</p>
<p>
As with date offsets, if the argument is followed by one of
the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi', then the
interval is measured in years, months, weeks, days, hours,
or minutes, respectively. Without a suffix, the interval is
measured in seconds.
</p>
</dd>
</dl></div>
</div>
<div class="refsection">
<a name="id-1.14.15.10"></a><h2>PRINTING OPTIONS</h2>
<p>
<span class="command"><strong>dnssec-settime</strong></span> can also be used to print the
timing metadata associated with a key.
</p>
<div class="variablelist"><dl class="variablelist">
<dt><span class="term">-u</span></dt>
<dd>
<p>
Print times in UNIX epoch format.
</p>
</dd>
<dt><span class="term">-p <em class="replaceable"><code>C/P/Psync/A/R/I/D/Dsync/all</code></em></span></dt>
<dd>
<p>
Print a specific metadata value or set of metadata values.
The <code class="option">-p</code> option may be followed by one or more
of the following letters or strings to indicate which value
or values to print:
<code class="option">C</code> for the creation date,
<code class="option">P</code> for the publication date,
<code class="option">Psync</code> for the CDS and CDNSKEY publication date,
<code class="option">A</code> for the activation date,
<code class="option">R</code> for the revocation date,
<code class="option">I</code> for the inactivation date,
<code class="option">D</code> for the deletion date, and
<code class="option">Dsync</code> for the CDS and CDNSKEY deletion date
To print all of the metadata, use <code class="option">-p all</code>.
</p>
</dd>
</dl></div>
</div>
<div class="refsection">
<a name="id-1.14.15.11"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry">
<span class="refentrytitle">dnssec-keygen</span>(8)
</span>,
<span class="citerefentry">
<span class="refentrytitle">dnssec-signzone</span>(8)
</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 5011</em>.
</p>
</div>
</div>
<div class="navfooter">
<hr>
<table width="100%" summary="Navigation footer">
<tr>
<td width="40%" align="left">
<a accesskey="p" href="man.dnssec-revoke.html">Prev</a>�</td>
<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch13.html">Up</a></td>
<td width="40%" align="right">�<a accesskey="n" href="man.dnssec-signzone.html">Next</a>
</td>
</tr>
<tr>
<td width="40%" align="left" valign="top">
<span class="application">dnssec-revoke</span>�</td>
<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
<td width="40%" align="right" valign="top">�<span class="application">dnssec-signzone</span>
</td>
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.2b1</p>
</body>
</html>