man.dnssec-signzone.html revision ab8729140b1ad688ab03e1e9ce438fb1cbb49222
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
71cef386fae61275b03e203825680b39fedaa8c6Tinderbox User - Copyright (C) 2000-2003 Internet Software Consortium.
5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User - Permission to use, copy, modify, and distribute this software for any
5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User - purpose with or without fee is hereby granted, provided that the above
5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User - copyright notice and this permission notice appear in all copies.
d6fa26d0adaec6c910115be34fe7a5a5f402c14fMark Andrews - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
cd32f419a8a5432fbb139f56ee73cbf68b9350ccTinderbox User - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - PERFORMANCE OF THIS SOFTWARE.
cd32f419a8a5432fbb139f56ee73cbf68b9350ccTinderbox User<!-- $Id: man.dnssec-signzone.html,v 1.65 2008/03/15 01:11:44 tbox Exp $ -->
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
cd32f419a8a5432fbb139f56ee73cbf68b9350ccTinderbox User<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<link rel="up" href="Bv9ARM.ch10.html" title="Manual pages">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<link rel="prev" href="man.dnssec-keygen.html" title="dnssec-keygen">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<link rel="next" href="man.named-checkconf.html" title="named-checkconf">
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<tr><th colspan="3" align="center"><span class="application">dnssec-signzone</span></th></tr>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<a accesskey="p" href="man.dnssec-keygen.html">Prev</a>�</td>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<th width="60%" align="center">Manual pages</th>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<td width="20%" align="right">�<a accesskey="n" href="man.named-checkconf.html">Next</a>
33c9436ef1a43d3c0fc3d9be9b4b0509daa83223Tinderbox User<a name="man.dnssec-signzone"></a><div class="titlepage"></div>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<p><span class="application">dnssec-signzone</span> — DNSSEC zone signing tool</p>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<div class="cmdsynopsis"><p><code class="command">dnssec-signzone</code> [<code class="option">-a</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-d <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-e <em class="replaceable"><code>end-time</code></em></code>] [<code class="option">-f <em class="replaceable"><code>output-file</code></em></code>] [<code class="option">-g</code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>key</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-I <em class="replaceable"><code>input-format</code></em></code>] [<code class="option">-j <em class="replaceable"><code>jitter</code></em></code>] [<code class="option">-N <em class="replaceable"><code>soa-serial-format</code></em></code>] [<code class="option">-o <em class="replaceable"><code>origin</code></em></code>] [<code class="option">-O <em class="replaceable"><code>output-format</code></em></code>] [<code class="option">-p</code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-s <em class="replaceable"><code>start-time</code></em></code>] [<code class="option">-t</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-z</code>] {zonefile} [key...]</p></div>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<p><span><strong class="command">dnssec-signzone</strong></span>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein signs a zone. It generates
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User NSEC and RRSIG records and produces a signed version of the
f9ce6280cec79deb16ff6d9807aa493ff23e10d9Tinderbox User zone. The security status of delegations from the signed zone
c313914d0e66b20969215e519bbf2ab4ecf39512Tinderbox User (that is, whether the child zones are secure or not) is
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User determined by the presence or absence of a
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <code class="filename">keyset</code> file for each child zone.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt Verify all generated signatures.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt Specifies the DNS class of the zone.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<dt><span class="term">-k <em class="replaceable"><code>key</code></em></span></dt>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User Treat specified key as a key signing key ignoring any
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt key flags. This option may be specified multiple times.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<dt><span class="term">-l <em class="replaceable"><code>domain</code></em></span></dt>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User Generate a DLV set in addition to the key (DNSKEY) and DS sets.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User The domain is appended to the name of the records.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<dt><span class="term">-d <em class="replaceable"><code>directory</code></em></span></dt>
33c9436ef1a43d3c0fc3d9be9b4b0509daa83223Tinderbox User Look for <code class="filename">keyset</code> files in
33c9436ef1a43d3c0fc3d9be9b4b0509daa83223Tinderbox User <code class="option">directory</code> as the directory
33c9436ef1a43d3c0fc3d9be9b4b0509daa83223Tinderbox User Generate DS records for child zones from keyset files.
363b21045b718d06d414784c96193dc9a233e8c5Tinderbox User Existing DS records will be removed.
363b21045b718d06d414784c96193dc9a233e8c5Tinderbox User<dt><span class="term">-s <em class="replaceable"><code>start-time</code></em></span></dt>
33c9436ef1a43d3c0fc3d9be9b4b0509daa83223Tinderbox User Specify the date and time when the generated RRSIG records
363b21045b718d06d414784c96193dc9a233e8c5Tinderbox User become valid. This can be either an absolute or relative
363b21045b718d06d414784c96193dc9a233e8c5Tinderbox User time. An absolute start time is indicated by a number
363b21045b718d06d414784c96193dc9a233e8c5Tinderbox User in YYYYMMDDHHMMSS notation; 20000530144500 denotes
363b21045b718d06d414784c96193dc9a233e8c5Tinderbox User 14:45:00 UTC on May 30th, 2000. A relative start time is
33c9436ef1a43d3c0fc3d9be9b4b0509daa83223Tinderbox User indicated by +N, which is N seconds from the current time.
33c9436ef1a43d3c0fc3d9be9b4b0509daa83223Tinderbox User If no <code class="option">start-time</code> is specified, the current
33c9436ef1a43d3c0fc3d9be9b4b0509daa83223Tinderbox User time minus 1 hour (to allow for clock skew) is used.
33c9436ef1a43d3c0fc3d9be9b4b0509daa83223Tinderbox User<dt><span class="term">-e <em class="replaceable"><code>end-time</code></em></span></dt>
33c9436ef1a43d3c0fc3d9be9b4b0509daa83223Tinderbox User Specify the date and time when the generated RRSIG records
33c9436ef1a43d3c0fc3d9be9b4b0509daa83223Tinderbox User expire. As with <code class="option">start-time</code>, an absolute
33c9436ef1a43d3c0fc3d9be9b4b0509daa83223Tinderbox User time is indicated in YYYYMMDDHHMMSS notation. A time relative
33c9436ef1a43d3c0fc3d9be9b4b0509daa83223Tinderbox User to the start time is indicated with +N, which is N seconds from
33c9436ef1a43d3c0fc3d9be9b4b0509daa83223Tinderbox User the start time. A time relative to the current time is
33c9436ef1a43d3c0fc3d9be9b4b0509daa83223Tinderbox User indicated with now+N. If no <code class="option">end-time</code> is
33c9436ef1a43d3c0fc3d9be9b4b0509daa83223Tinderbox User specified, 30 days from the start time is used as a default.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<dt><span class="term">-f <em class="replaceable"><code>output-file</code></em></span></dt>
8a48b6b9b6fa8486f24b22d1972b2b6ebb36a4a4Tinderbox User The name of the output file containing the signed zone. The
0da02c26a6631c25f075a8e4ac6de9e58f49a0c2Tinderbox User default is to append <code class="filename">.signed</code> to
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User input filename.
8a48b6b9b6fa8486f24b22d1972b2b6ebb36a4a4Tinderbox User Prints a short summary of the options and arguments to
8a48b6b9b6fa8486f24b22d1972b2b6ebb36a4a4Tinderbox User <span><strong class="command">dnssec-signzone</strong></span>.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<dt><span class="term">-i <em class="replaceable"><code>interval</code></em></span></dt>
3ca1a32241189d1e02e59f6b56399eb9b40f2aafTinderbox User When a previously-signed zone is passed as input, records
3ca1a32241189d1e02e59f6b56399eb9b40f2aafTinderbox User may be resigned. The <code class="option">interval</code> option
3ca1a32241189d1e02e59f6b56399eb9b40f2aafTinderbox User specifies the cycle interval as an offset from the current
8a48b6b9b6fa8486f24b22d1972b2b6ebb36a4a4Tinderbox User time (in seconds). If a RRSIG record expires after the
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User cycle interval, it is retained. Otherwise, it is considered
8a48b6b9b6fa8486f24b22d1972b2b6ebb36a4a4Tinderbox User to be expiring soon, and it will be replaced.
8a48b6b9b6fa8486f24b22d1972b2b6ebb36a4a4Tinderbox User The default cycle interval is one quarter of the difference
8a48b6b9b6fa8486f24b22d1972b2b6ebb36a4a4Tinderbox User between the signature end and start times. So if neither
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <code class="option">end-time</code> or <code class="option">start-time</code>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User are specified, <span><strong class="command">dnssec-signzone</strong></span>
a1ff871f78b7d907d6fc3a382beea2a640fe8423Tinderbox User signatures that are valid for 30 days, with a cycle
3ca1a32241189d1e02e59f6b56399eb9b40f2aafTinderbox User interval of 7.5 days. Therefore, if any existing RRSIG records
363b21045b718d06d414784c96193dc9a233e8c5Tinderbox User are due to expire in less than 7.5 days, they would be
363b21045b718d06d414784c96193dc9a233e8c5Tinderbox User<dt><span class="term">-I <em class="replaceable"><code>input-format</code></em></span></dt>
363b21045b718d06d414784c96193dc9a233e8c5Tinderbox User The format of the input zone file.
363b21045b718d06d414784c96193dc9a233e8c5Tinderbox User Possible formats are <span><strong class="command">"text"</strong></span> (default)
363b21045b718d06d414784c96193dc9a233e8c5Tinderbox User and <span><strong class="command">"raw"</strong></span>.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt This option is primarily intended to be used for dynamic
51da15c88648a9e47d0cddff4b2b782665e99401Tinderbox User signed zones so that the dumped zone file in a non-text
550d3276d0490c4918f089ccb1528a3eb0951b0aTinderbox User format containing updates can be signed directly.
550d3276d0490c4918f089ccb1528a3eb0951b0aTinderbox User The use of this option does not make much sense for
550d3276d0490c4918f089ccb1528a3eb0951b0aTinderbox User non-dynamic zones.
550d3276d0490c4918f089ccb1528a3eb0951b0aTinderbox User<dt><span class="term">-j <em class="replaceable"><code>jitter</code></em></span></dt>
51da15c88648a9e47d0cddff4b2b782665e99401Tinderbox User When signing a zone with a fixed signature lifetime, all
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User RRSIG records issued at the time of signing expires
51da15c88648a9e47d0cddff4b2b782665e99401Tinderbox User simultaneously. If the zone is incrementally signed, i.e.
51da15c88648a9e47d0cddff4b2b782665e99401Tinderbox User a previously-signed zone is passed as input to the signer,
51da15c88648a9e47d0cddff4b2b782665e99401Tinderbox User all expired signatures have to be regenerated at about the
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User same time. The <code class="option">jitter</code> option specifies a
51da15c88648a9e47d0cddff4b2b782665e99401Tinderbox User jitter window that will be used to randomize the signature
51da15c88648a9e47d0cddff4b2b782665e99401Tinderbox User expire time, thus spreading incremental signature
51da15c88648a9e47d0cddff4b2b782665e99401Tinderbox User regeneration over time.
51da15c88648a9e47d0cddff4b2b782665e99401Tinderbox User Signature lifetime jitter also to some extent benefits
51da15c88648a9e47d0cddff4b2b782665e99401Tinderbox User validators and servers by spreading out cache expiration,
51da15c88648a9e47d0cddff4b2b782665e99401Tinderbox User i.e. if large numbers of RRSIGs don't expire at the same time
51da15c88648a9e47d0cddff4b2b782665e99401Tinderbox User from all caches there will be less congestion than if all
111d5ef471ecec90671f480afd8f93e550a80917Tinderbox User validators need to refetch at mostly the same time.
111d5ef471ecec90671f480afd8f93e550a80917Tinderbox User<dt><span class="term">-n <em class="replaceable"><code>ncpus</code></em></span></dt>
111d5ef471ecec90671f480afd8f93e550a80917Tinderbox User Specifies the number of threads to use. By default, one
111d5ef471ecec90671f480afd8f93e550a80917Tinderbox User thread is started for each detected CPU.
111d5ef471ecec90671f480afd8f93e550a80917Tinderbox User<dt><span class="term">-N <em class="replaceable"><code>soa-serial-format</code></em></span></dt>
d605cf32834fd19b7d16848655cdb5e458f34aa5Tinderbox User The SOA serial number format of the signed zone.
d605cf32834fd19b7d16848655cdb5e458f34aa5Tinderbox User Possible formats are <span><strong class="command">"keep"</strong></span> (default),
d605cf32834fd19b7d16848655cdb5e458f34aa5Tinderbox User <span><strong class="command">"increment"</strong></span> and
d605cf32834fd19b7d16848655cdb5e458f34aa5Tinderbox User <span><strong class="command">"unixtime"</strong></span>.
d605cf32834fd19b7d16848655cdb5e458f34aa5Tinderbox User<dt><span class="term"><span><strong class="command">"keep"</strong></span></span></dt>
51da15c88648a9e47d0cddff4b2b782665e99401Tinderbox User<dd><p>Do not modify the SOA serial number.</p></dd>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<dt><span class="term"><span><strong class="command">"increment"</strong></span></span></dt>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<dd><p>Increment the SOA serial number using RFC 1982
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<dt><span class="term"><span><strong class="command">"unixtime"</strong></span></span></dt>
d253648fe3331622cebea02d60aaecca3082d78dTinderbox User<dd><p>Set the SOA serial number to the number of seconds
d253648fe3331622cebea02d60aaecca3082d78dTinderbox User<dt><span class="term">-o <em class="replaceable"><code>origin</code></em></span></dt>
d253648fe3331622cebea02d60aaecca3082d78dTinderbox User The zone origin. If not specified, the name of the zone file
d253648fe3331622cebea02d60aaecca3082d78dTinderbox User is assumed to be the origin.
d253648fe3331622cebea02d60aaecca3082d78dTinderbox User<dt><span class="term">-O <em class="replaceable"><code>output-format</code></em></span></dt>
d253648fe3331622cebea02d60aaecca3082d78dTinderbox User The format of the output file containing the signed zone.
d253648fe3331622cebea02d60aaecca3082d78dTinderbox User Possible formats are <span><strong class="command">"text"</strong></span> (default)
d253648fe3331622cebea02d60aaecca3082d78dTinderbox User and <span><strong class="command">"raw"</strong></span>.
b1331a6b3dbc156a418049b8562a3f6105f2b227Tinderbox User Use pseudo-random data when signing the zone. This is faster,
b1331a6b3dbc156a418049b8562a3f6105f2b227Tinderbox User but less secure, than using real random data. This option
b1331a6b3dbc156a418049b8562a3f6105f2b227Tinderbox User may be useful when signing large zones or when the entropy
b1331a6b3dbc156a418049b8562a3f6105f2b227Tinderbox User source is limited.
b1331a6b3dbc156a418049b8562a3f6105f2b227Tinderbox User<dt><span class="term">-r <em class="replaceable"><code>randomdev</code></em></span></dt>
d253648fe3331622cebea02d60aaecca3082d78dTinderbox User Specifies the source of randomness. If the operating
d253648fe3331622cebea02d60aaecca3082d78dTinderbox User system does not provide a <code class="filename">/dev/random</code>
d253648fe3331622cebea02d60aaecca3082d78dTinderbox User or equivalent device, the default source of randomness
bfb7b680bf88c1fdd9949197b71c512c532280a4Tinderbox User is keyboard input. <code class="filename">randomdev</code>
dfae459e8c4f794f8a239e74aa9d5e11cce6ea5bTinderbox User the name of a character device or file containing random
bfb7b680bf88c1fdd9949197b71c512c532280a4Tinderbox User data to be used instead of the default. The special value
bfb7b680bf88c1fdd9949197b71c512c532280a4Tinderbox User <code class="filename">keyboard</code> indicates that keyboard
bfb7b680bf88c1fdd9949197b71c512c532280a4Tinderbox User input should be used.
3ca1a32241189d1e02e59f6b56399eb9b40f2aafTinderbox User Print statistics at completion.
bfb7b680bf88c1fdd9949197b71c512c532280a4Tinderbox User<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
dfae459e8c4f794f8a239e74aa9d5e11cce6ea5bTinderbox User Sets the debugging level.
3ca1a32241189d1e02e59f6b56399eb9b40f2aafTinderbox User Ignore KSK flag on key when determining what to sign.
dfae459e8c4f794f8a239e74aa9d5e11cce6ea5bTinderbox User The file containing the zone to be signed.
bfb7b680bf88c1fdd9949197b71c512c532280a4Tinderbox User Specify which keys should be used to sign the zone. If
bfb7b680bf88c1fdd9949197b71c512c532280a4Tinderbox User no keys are specified, then the zone will be examined
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt for DNSKEY records at the zone apex. If these are found and
abe69df9a7de5cda07a2b8e19e8b7c981bcd7a9dTinderbox User there are matching private keys, in the current directory,
f14ce68ee54a5a4587fbde4ffacb117946df2d73Tinderbox User then these will be used for signing.
f14ce68ee54a5a4587fbde4ffacb117946df2d73Tinderbox User The following command signs the <strong class="userinput"><code>example.com</code></strong>
f14ce68ee54a5a4587fbde4ffacb117946df2d73Tinderbox User zone with the DSA key generated by <span><strong class="command">dnssec-keygen</strong></span>
f14ce68ee54a5a4587fbde4ffacb117946df2d73Tinderbox User (Kexample.com.+003+17247). The zone's keys must be in the master
f14ce68ee54a5a4587fbde4ffacb117946df2d73Tinderbox User file (<code class="filename">db.example.com</code>). This invocation looks
0d6a6642b2be93cffa651c54a9b8810dd2d31392Tinderbox User for <code class="filename">keyset</code> files, in the current directory,
0d6a6642b2be93cffa651c54a9b8810dd2d31392Tinderbox User so that DS records can be generated from them (<span><strong class="command">-g</strong></span>).
0d6a6642b2be93cffa651c54a9b8810dd2d31392Tinderbox User<pre class="programlisting">% dnssec-signzone -g -o example.com db.example.com \
0d6a6642b2be93cffa651c54a9b8810dd2d31392Tinderbox User In the above example, <span><strong class="command">dnssec-signzone</strong></span> creates
abe69df9a7de5cda07a2b8e19e8b7c981bcd7a9dTinderbox User the file <code class="filename">db.example.com.signed</code>. This
abe69df9a7de5cda07a2b8e19e8b7c981bcd7a9dTinderbox User file should be referenced in a zone statement in a
abe69df9a7de5cda07a2b8e19e8b7c981bcd7a9dTinderbox User <code class="filename">named.conf</code> file.
abe69df9a7de5cda07a2b8e19e8b7c981bcd7a9dTinderbox User This example re-signs a previously signed zone with default parameters.
abe69df9a7de5cda07a2b8e19e8b7c981bcd7a9dTinderbox User The private keys are assumed to be in the current directory.
abe69df9a7de5cda07a2b8e19e8b7c981bcd7a9dTinderbox User<pre class="programlisting">% cp db.example.com.signed db.example.com
abe69df9a7de5cda07a2b8e19e8b7c981bcd7a9dTinderbox User% dnssec-signzone -o example.com db.example.com
164ade1482251e1da962b42e5bf0d3aa02a11e03Tinderbox User<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
164ade1482251e1da962b42e5bf0d3aa02a11e03Tinderbox User <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
c48fdfda7a8ae8973aadfeb88cbeaab013024a6cTinderbox User<p><span class="corpauthor">Internet Systems Consortium</span>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<table width="100%" summary="Navigation footer">
9efd8fc7e811d3c0c160adeb5552c2df7e49df67Tinderbox User<a accesskey="p" href="man.dnssec-keygen.html">Prev</a>�</td>
111d5ef471ecec90671f480afd8f93e550a80917Tinderbox User<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch10.html">Up</a></td>
111d5ef471ecec90671f480afd8f93e550a80917Tinderbox User<td width="40%" align="right">�<a accesskey="n" href="man.named-checkconf.html">Next</a>
111d5ef471ecec90671f480afd8f93e550a80917Tinderbox User<span class="application">dnssec-keygen</span>�</td>
111d5ef471ecec90671f480afd8f93e550a80917Tinderbox User<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
111d5ef471ecec90671f480afd8f93e550a80917Tinderbox User<td width="40%" align="right" valign="top">�<span class="application">named-checkconf</span>