FreeBSD Manual Pages
DNSKEY(1) General Commands Manual DNSKEY(1) NAME dnskey -- generate DNSSEC DNSKEY record SYNOPSIS dnskey [-k] [-t ttl] [-c class] domain keyfile DESCRIPTION dnskey writes a DNSSEC DNSKEY record to standard output. The record is generated with the name domain and public key given by keyfile. A DNSKEY record contains a public key that can be used to verify the signatures of the records in a zone. If the Secure Entry Point (SEP) flag is set, the key may be used to verify signatures of the DNSKEY RRset. Otherwise, it may only be used to verify the signatures of other record types. OPTIONS -k Set the Secure Entry Point (SEP) flag. -a The signature algorithm to use with the key. This option can be used to disambiguate the hash used with RSA keys. The fol- lowing algorithms are supported: • RSASHA1 • RSASHA256 (default for RSA keys) • RSASHA512 • ECDSAP256SHA256 • ECDSAP384SHA384 -t The TTL value of the record. If not specified, the TTL is omitted. -c The record class. Defaults to IN. EXAMPLES Generate a DNSKEY record with the SEP flag set for the key in key.pem. $ dnskey -k example.com. key.pem example.com. IN DNSKEY 257 3 13 vj2jYoUXYP5L/Y3VKwy2tv1lTQKvieaDdg2DpZRItJ0TblzoKoJ+9WQgxi4/mq0JkFUFeltRmhPnhtXoCH7Tfw== See ALSO ds(1), nsec(1), rrsig(1), tlsa(1) FreeBSD ports 15.0 May 10, 2021 DNSKEY(1)
NAME | SYNOPSIS | DESCRIPTION | OPTIONS | EXAMPLES | See ALSO
Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=dnskey&sektion=1&manpath=FreeBSD+Ports+15.0>