man.dnssec-signzone.html revision 2a9a5e1871710510cdbba67c13ce21e75296b451
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User - Copyright (C) 2000-2003 Internet Software Consortium.
5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User - Permission to use, copy, modify, and distribute this software for any
5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User - purpose with or without fee is hereby granted, provided that the above
5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User - copyright notice and this permission notice appear in all copies.
d6fa26d0adaec6c910115be34fe7a5a5f402c14fMark Andrews - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - PERFORMANCE OF THIS SOFTWARE.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<!-- $Id: man.dnssec-signzone.html,v 1.71 2008/05/02 01:11:50 tbox Exp $ -->
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<link rel="up" href="Bv9ARM.ch10.html" title="Manual pages">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<link rel="prev" href="man.dnssec-keygen.html" title="dnssec-keygen">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<link rel="next" href="man.named-checkconf.html" title="named-checkconf">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<tr><th colspan="3" align="center"><span class="application">dnssec-signzone</span></th></tr>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<a accesskey="p" href="man.dnssec-keygen.html">Prev</a>�</td>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<th width="60%" align="center">Manual pages</th>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td width="20%" align="right">�<a accesskey="n" href="man.named-checkconf.html">Next</a>
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User<a name="man.dnssec-signzone"></a><div class="titlepage"></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p><span class="application">dnssec-signzone</span> — DNSSEC zone signing tool</p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="cmdsynopsis"><p><code class="command">dnssec-signzone</code> [<code class="option">-a</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-d <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-e <em class="replaceable"><code>end-time</code></em></code>] [<code class="option">-f <em class="replaceable"><code>output-file</code></em></code>] [<code class="option">-g</code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>key</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-I <em class="replaceable"><code>input-format</code></em></code>] [<code class="option">-j <em class="replaceable"><code>jitter</code></em></code>] [<code class="option">-N <em class="replaceable"><code>soa-serial-format</code></em></code>] [<code class="option">-o <em class="replaceable"><code>origin</code></em></code>] [<code class="option">-O <em class="replaceable"><code>output-format</code></em></code>] [<code class="option">-p</code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-s <em class="replaceable"><code>start-time</code></em></code>] [<code class="option">-t</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-z</code>] {zonefile} [key...]</p></div>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<p><span><strong class="command">dnssec-signzone</strong></span>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt signs a zone. It generates
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt NSEC and RRSIG records and produces a signed version of the
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt zone. The security status of delegations from the signed zone
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein (that is, whether the child zones are secure or not) is
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User determined by the presence or absence of a
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <code class="filename">keyset</code> file for each child zone.
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User Verify all generated signatures.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User Specifies the DNS class of the zone.
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User<dt><span class="term">-k <em class="replaceable"><code>key</code></em></span></dt>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User Treat specified key as a key signing key ignoring any
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User key flags. This option may be specified multiple times.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="term">-l <em class="replaceable"><code>domain</code></em></span></dt>
ac93437301f55ed69bf85883a497a75598c628f9Automatic Updater Generate a DLV set in addition to the key (DNSKEY) and DS sets.
ac93437301f55ed69bf85883a497a75598c628f9Automatic Updater The domain is appended to the name of the records.
77dccf2a5d9327d16b4374a135cdb99bdd48620eAutomatic Updater<dt><span class="term">-d <em class="replaceable"><code>directory</code></em></span></dt>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews Look for <code class="filename">keyset</code> files in
47012ae6dbf18a2503d7b33c1c9583dc38625cb7Mark Andrews <code class="option">directory</code> as the directory
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce Generate DS records for child zones from keyset files.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce Existing DS records will be removed.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<dt><span class="term">-s <em class="replaceable"><code>start-time</code></em></span></dt>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce Specify the date and time when the generated RRSIG records
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce become valid. This can be either an absolute or relative
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce time. An absolute start time is indicated by a number
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce in YYYYMMDDHHMMSS notation; 20000530144500 denotes
47012ae6dbf18a2503d7b33c1c9583dc38625cb7Mark Andrews 14:45:00 UTC on May 30th, 2000. A relative start time is
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce indicated by +N, which is N seconds from the current time.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce If no <code class="option">start-time</code> is specified, the current
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce time minus 1 hour (to allow for clock skew) is used.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<dt><span class="term">-e <em class="replaceable"><code>end-time</code></em></span></dt>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User Specify the date and time when the generated RRSIG records
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User expire. As with <code class="option">start-time</code>, an absolute
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User time is indicated in YYYYMMDDHHMMSS notation. A time relative
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User to the start time is indicated with +N, which is N seconds from
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User the start time. A time relative to the current time is
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User indicated with now+N. If no <code class="option">end-time</code> is
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User specified, 30 days from the start time is used as a default.
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User<dt><span class="term">-f <em class="replaceable"><code>output-file</code></em></span></dt>
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User The name of the output file containing the signed zone. The
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User default is to append <code class="filename">.signed</code> to
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User input filename.
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User Prints a short summary of the options and arguments to
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User <span><strong class="command">dnssec-signzone</strong></span>.
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User<dt><span class="term">-i <em class="replaceable"><code>interval</code></em></span></dt>
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User When a previously-signed zone is passed as input, records
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User may be resigned. The <code class="option">interval</code> option
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User specifies the cycle interval as an offset from the current
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User time (in seconds). If a RRSIG record expires after the
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User cycle interval, it is retained. Otherwise, it is considered
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User to be expiring soon, and it will be replaced.
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User The default cycle interval is one quarter of the difference
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User between the signature end and start times. So if neither
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <code class="option">end-time</code> or <code class="option">start-time</code>
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User are specified, <span><strong class="command">dnssec-signzone</strong></span>
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User signatures that are valid for 30 days, with a cycle
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User interval of 7.5 days. Therefore, if any existing RRSIG records
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User are due to expire in less than 7.5 days, they would be
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<dt><span class="term">-I <em class="replaceable"><code>input-format</code></em></span></dt>
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User The format of the input zone file.
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User Possible formats are <span><strong class="command">"text"</strong></span> (default)
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User and <span><strong class="command">"raw"</strong></span>.
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User This option is primarily intended to be used for dynamic
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User signed zones so that the dumped zone file in a non-text
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User format containing updates can be signed directly.
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User The use of this option does not make much sense for
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User non-dynamic zones.
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User<dt><span class="term">-j <em class="replaceable"><code>jitter</code></em></span></dt>
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User When signing a zone with a fixed signature lifetime, all
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User RRSIG records issued at the time of signing expires
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User simultaneously. If the zone is incrementally signed, i.e.
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User a previously-signed zone is passed as input to the signer,
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User all expired signatures have to be regenerated at about the
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User same time. The <code class="option">jitter</code> option specifies a
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User jitter window that will be used to randomize the signature
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User expire time, thus spreading incremental signature
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User regeneration over time.
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User Signature lifetime jitter also to some extent benefits
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User validators and servers by spreading out cache expiration,
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User i.e. if large numbers of RRSIGs don't expire at the same time
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User from all caches there will be less congestion than if all
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User validators need to refetch at mostly the same time.
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User<dt><span class="term">-n <em class="replaceable"><code>ncpus</code></em></span></dt>
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User Specifies the number of threads to use. By default, one
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User thread is started for each detected CPU.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<dt><span class="term">-N <em class="replaceable"><code>soa-serial-format</code></em></span></dt>
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User The SOA serial number format of the signed zone.
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User Possible formats are <span><strong class="command">"keep"</strong></span> (default),
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <span><strong class="command">"increment"</strong></span> and
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User <span><strong class="command">"unixtime"</strong></span>.
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User<dt><span class="term"><span><strong class="command">"keep"</strong></span></span></dt>
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User<dd><p>Do not modify the SOA serial number.</p></dd>
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User<dt><span class="term"><span><strong class="command">"increment"</strong></span></span></dt>
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User<dd><p>Increment the SOA serial number using RFC 1982
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User<dt><span class="term"><span><strong class="command">"unixtime"</strong></span></span></dt>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<dd><p>Set the SOA serial number to the number of seconds
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User<dt><span class="term">-o <em class="replaceable"><code>origin</code></em></span></dt>
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User The zone origin. If not specified, the name of the zone file
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User is assumed to be the origin.
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User<dt><span class="term">-O <em class="replaceable"><code>output-format</code></em></span></dt>
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User The format of the output file containing the signed zone.
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User Possible formats are <span><strong class="command">"text"</strong></span> (default)
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User and <span><strong class="command">"raw"</strong></span>.
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User Use pseudo-random data when signing the zone. This is faster,
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User but less secure, than using real random data. This option
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User may be useful when signing large zones or when the entropy
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User source is limited.
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User<dt><span class="term">-r <em class="replaceable"><code>randomdev</code></em></span></dt>
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User Specifies the source of randomness. If the operating
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User system does not provide a <code class="filename">/dev/random</code>
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User or equivalent device, the default source of randomness
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User is keyboard input. <code class="filename">randomdev</code>
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User the name of a character device or file containing random
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User data to be used instead of the default. The special value
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User <code class="filename">keyboard</code> indicates that keyboard
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User input should be used.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User Print statistics at completion.
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User Sets the debugging level.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt Ignore KSK flag on key when determining what to sign.
9c6a5d1f22f972232d7a9fd5c5fa64f10bacbdffAutomatic Updater<dt><span class="term">zonefile</span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein The file containing the zone to be signed.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt Specify which keys should be used to sign the zone. If
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein no keys are specified, then the zone will be examined
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User for DNSKEY records at the zone apex. If these are found and
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt there are matching private keys, in the current directory,
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt then these will be used for signing.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein The following command signs the <strong class="userinput"><code>example.com</code></strong>
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User zone with the DSA key generated by <span><strong class="command">dnssec-keygen</strong></span>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User (Kexample.com.+003+17247). The zone's keys must be in the master
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt file (<code class="filename">db.example.com</code>). This invocation looks
56bd026e6c96482dccab83778bf8f9c92c36bf11Tinderbox User for <code class="filename">keyset</code> files, in the current directory,
56bd026e6c96482dccab83778bf8f9c92c36bf11Tinderbox User so that DS records can be generated from them (<span><strong class="command">-g</strong></span>).
56bd026e6c96482dccab83778bf8f9c92c36bf11Tinderbox User<pre class="programlisting">% dnssec-signzone -g -o example.com db.example.com \
56bd026e6c96482dccab83778bf8f9c92c36bf11Tinderbox User In the above example, <span><strong class="command">dnssec-signzone</strong></span> creates
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein the file <code class="filename">db.example.com.signed</code>. This
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User file should be referenced in a zone statement in a
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein This example re-signs a previously signed zone with default parameters.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein The private keys are assumed to be in the current directory.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<pre class="programlisting">% cp db.example.com.signed db.example.com
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p><span class="corpauthor">Internet Systems Consortium</span>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<table width="100%" summary="Navigation footer">
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<a accesskey="p" href="man.dnssec-keygen.html">Prev</a>�</td>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch10.html">Up</a></td>
dec590a3deb8e87380a8bd3a77d535dba3729bf6Tinderbox User<td width="40%" align="right">�<a accesskey="n" href="man.named-checkconf.html">Next</a>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<span class="application">dnssec-keygen</span>�</td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<td width="40%" align="right" valign="top">�<span class="application">named-checkconf</span>