kzonesign – DNSSEC signing utility¶
kzonesign [options] -c conf_file zone_name
This utility reads the zone’s zone file, signs the zone according to given configuration, and writes the signed zone file back.
- -c, –config conf_file
Knot DNS configuration file (same as for knotd).
- -o, –outdir dir_name
Write the output zone file to the specified directory insted of the configured one.
- -r, –rollover
Allow key roll-overs and NSEC3 re-salt. In order to finish possible KSK submission, set the KSK’s active timestamp to now (+0) using keymgr.
- -t, –time timestamp
Sign the zone (and roll the keys if necessary) as if it was at the time specified by timestamp.
- -h, –help
Print the program help.
- -V, –version
Print the program version.
A name of the zone to be signed.
Exit status of 0 means successful operation. Any other exit status indicates an error.