Site Navigation

FreeBSD Manual Pages

   man apropos
 
   All Sections 1 - General Commands 2 - System Calls 3 - Subroutines 4 - Special Files 5 - File Formats 6 - Games 7 - Macros and Conventions 8 - Maintenance Commands 9 - Kernel Interface n - New Commands FreeBSD 16.0-CURRENT FreeBSD 15.0-STABLE FreeBSD 14.3-RELEASE FreeBSD 14.3-RELEASE and Ports FreeBSD 14.3-STABLE FreeBSD 14.2-RELEASE FreeBSD 14.2-RELEASE and Ports FreeBSD 14.1-RELEASE FreeBSD 14.1-RELEASE and Ports FreeBSD 14.0-RELEASE FreeBSD 14.0-RELEASE and Ports FreeBSD 13.5-RELEASE FreeBSD 13.5-RELEASE and Ports FreeBSD 13.5-STABLE FreeBSD 13.4-RELEASE FreeBSD 13.4-RELEASE and Ports FreeBSD 13.3-RELEASE FreeBSD 13.3-RELEASE and Ports FreeBSD 13.2-RELEASE FreeBSD 13.2-RELEASE and Ports FreeBSD 13.1-RELEASE FreeBSD 13.1-RELEASE and Ports FreeBSD 13.0-RELEASE FreeBSD 13.0-RELEASE and Ports FreeBSD 12.4-RELEASE FreeBSD 12.4-RELEASE and Ports FreeBSD 12.3-RELEASE FreeBSD 12.3-RELEASE and Ports FreeBSD 12.2-RELEASE FreeBSD 12.2-RELEASE and Ports FreeBSD 12.1-RELEASE FreeBSD 12.1-RELEASE and Ports FreeBSD 12.0-RELEASE FreeBSD 12.0-RELEASE and Ports FreeBSD 11.4-RELEASE FreeBSD 11.4-RELEASE and Ports FreeBSD 11.3-RELEASE FreeBSD 11.3-RELEASE and Ports FreeBSD 11.2-RELEASE FreeBSD 11.2-RELEASE and Ports FreeBSD 11.1-RELEASE FreeBSD 11.1-RELEASE and Ports FreeBSD 11.0-RELEASE FreeBSD 11.0-RELEASE and Ports FreeBSD 10.4-RELEASE FreeBSD 10.4-RELEASE and Ports FreeBSD 10.3-RELEASE FreeBSD 10.3-RELEASE and Ports FreeBSD 10.2-RELEASE FreeBSD 10.2-RELEASE and Ports FreeBSD 10.1-RELEASE FreeBSD 10.1-RELEASE and Ports FreeBSD 10.0-RELEASE FreeBSD 10.0-RELEASE and Ports FreeBSD 9.3-RELEASE FreeBSD 9.3-RELEASE and Ports FreeBSD 9.2-RELEASE FreeBSD 9.2-RELEASE and Ports FreeBSD 9.1-RELEASE FreeBSD 9.1-RELEASE and Ports FreeBSD 9.0-RELEASE FreeBSD 9.0-RELEASE and Ports FreeBSD 8.4-RELEASE FreeBSD 8.4-RELEASE and Ports FreeBSD 8.3-RELEASE FreeBSD 8.3-RELEASE and Ports FreeBSD 8.2-RELEASE FreeBSD 8.2-RELEASE and Ports FreeBSD 8.1-RELEASE FreeBSD 8.1-RELEASE and Ports FreeBSD 8.0-RELEASE FreeBSD 8.0-RELEASE and Ports FreeBSD 7.4-RELEASE FreeBSD 7.4-RELEASE and Ports FreeBSD 7.3-RELEASE FreeBSD 7.3-RELEASE and Ports FreeBSD 7.2-RELEASE FreeBSD 7.2-RELEASE and Ports FreeBSD 7.1-RELEASE FreeBSD 7.1-RELEASE and Ports FreeBSD 7.0-RELEASE FreeBSD 6.4-RELEASE FreeBSD 6.4-RELEASE and Ports FreeBSD 6.3-RELEASE FreeBSD 6.3-RELEASE and Ports FreeBSD 6.2-RELEASE FreeBSD 6.1-RELEASE FreeBSD 6.0-RELEASE FreeBSD 6.0-RELEASE and Ports FreeBSD 5.5-RELEASE FreeBSD 5.5-RELEASE and Ports FreeBSD 5.4-RELEASE FreeBSD 5.4-RELEASE and Ports FreeBSD 5.3-RELEASE FreeBSD 5.3-RELEASE and Ports FreeBSD 5.2.1-RELEASE FreeBSD 5.2.1-RELEASE and Ports FreeBSD 5.2-RELEASE FreeBSD 5.2-RELEASE and Ports FreeBSD 5.1-RELEASE FreeBSD 5.0-RELEASE FreeBSD 4.11-RELEASE FreeBSD 4.11-RELEASE and Ports FreeBSD 4.10-RELEASE FreeBSD 4.10-RELEASE and Ports FreeBSD 4.9-RELEASE FreeBSD 4.9-RELEASE and Ports FreeBSD 4.8-RELEASE FreeBSD 4.8-RELEASE and Ports FreeBSD 4.7-RELEASE FreeBSD 4.6.2-RELEASE FreeBSD 4.6.2-RELEASE and Ports FreeBSD 4.6-RELEASE FreeBSD 4.6-RELEASE and Ports FreeBSD 4.5-RELEASE FreeBSD 4.5-RELEASE and Ports FreeBSD 4.4-RELEASE FreeBSD 4.3-RELEASE FreeBSD 4.3-RELEASE and Ports FreeBSD 4.2-RELEASE FreeBSD 4.2-RELEASE and Ports FreeBSD 4.1.1-RELEASE FreeBSD 4.1.1-RELEASE and Ports FreeBSD 4.1-RELEASE FreeBSD 4.0-RELEASE FreeBSD 3.5.1-RELEASE FreeBSD 3.5.1-RELEASE and Ports FreeBSD 3.5-RELEASE and Ports FreeBSD 3.4-RELEASE FreeBSD 3.4-RELEASE and Ports FreeBSD 3.3-RELEASE FreeBSD 3.2-RELEASE FreeBSD 3.1-RELEASE FreeBSD 3.0-RELEASE FreeBSD 2.2.8-RELEASE FreeBSD 2.2.8-RELEASE and Ports FreeBSD 2.2.7-RELEASE FreeBSD 2.2.6-RELEASE FreeBSD 2.2.5-RELEASE FreeBSD 2.2.2-RELEASE FreeBSD 2.2.1-RELEASE FreeBSD 2.1.7.1-RELEASE FreeBSD 2.1.6.1-RELEASE FreeBSD 2.1.5-RELEASE FreeBSD 2.1.0-RELEASE FreeBSD 2.0.5-RELEASE FreeBSD 2.0-RELEASE FreeBSD 1.1.5.1-RELEASE FreeBSD 1.1-RELEASE FreeBSD 1.0-RELEASE FreeBSD Ports 14.3 FreeBSD Ports 14.3.quarterly FreeBSD Ports 14.2 FreeBSD Ports 14.1 FreeBSD Ports 14.0 FreeBSD Ports 13.5 FreeBSD Ports 13.4 FreeBSD Ports 13.3 FreeBSD Ports 13.2 FreeBSD Ports 13.1 FreeBSD Ports 13.0 FreeBSD Ports 12.4 FreeBSD Ports 12.3 FreeBSD Ports 12.2 FreeBSD Ports 12.1 FreeBSD Ports 12.0 FreeBSD Ports 11.4 FreeBSD Ports 11.3 FreeBSD Ports 11.2 FreeBSD Ports 11.1 FreeBSD Ports 11.0 FreeBSD Ports 10.4 FreeBSD Ports 10.3 FreeBSD Ports 10.2 FreeBSD Ports 10.1 FreeBSD Ports 10.0 FreeBSD Ports 9.3 FreeBSD Ports 9.2 FreeBSD Ports 9.1 FreeBSD Ports 9.0 FreeBSD Ports 8.4 FreeBSD Ports 8.3 FreeBSD Ports 8.2 FreeBSD Ports 8.1 FreeBSD Ports 8.0 FreeBSD Ports 7.4 FreeBSD Ports 7.3 FreeBSD Ports 7.2 FreeBSD Ports 7.1 FreeBSD Ports 7.0 FreeBSD Ports 6.4 FreeBSD Ports 6.3 FreeBSD Ports 6.2 FreeBSD Ports 6.0 FreeBSD Ports 5.5 FreeBSD Ports 5.4 FreeBSD Ports 5.3 FreeBSD Ports 5.2.1 FreeBSD Ports 5.2 FreeBSD Ports 5.1 FreeBSD Ports 4.11 FreeBSD Ports 4.10 FreeBSD Ports 4.9 FreeBSD Ports 4.8 FreeBSD Ports 4.7 FreeBSD Ports 4.6.2 FreeBSD Ports 4.6 FreeBSD Ports 4.5 FreeBSD Ports 4.3 FreeBSD Ports 4.2 FreeBSD Ports 4.1.1 FreeBSD Ports 3.5.1 FreeBSD Ports 3.5 FreeBSD Ports 3.4 FreeBSD Ports 2.2.8 4.4BSD Lite2 4.3BSD NET/2 4.3BSD Reno 2.11 BSD 2.10 BSD 2.9.1 BSD 2.8 BSD 386BSD 0.1 386BSD 0.0 CentOS 7.9 CentOS 7.8 CentOS 7.7 CentOS 7.6 CentOS 7.5 CentOS 7.4 CentOS 7.3 CentOS 7.2 CentOS 7.1 CentOS 7.0 CentOS 6.10 CentOS 6.9 CentOS 6.8 CentOS 6.7 CentOS 6.6 CentOS 6.5 CentOS 6.4 CentOS 6.3 CentOS 6.2 CentOS 6.1 CentOS 6.0 CentOS 5.11 CentOS 5.10 CentOS 5.9 CentOS 5.8 CentOS 5.7 CentOS 5.6 CentOS 5.5 CentOS 5.4 CentOS 4.8 CentOS 3.9 Darwin 8.0.1/ppc Darwin 7.0.1 Darwin 6.0.2/x86 Darwin 1.4.1/x86 Darwin 1.3.1/x86 Debian 14.0 unstable Debian 13.1.0 Debian 12.11.0 Debian 11.11.0 Debian 10.13.0 Debian 9.13.0 Debian 8.11.1 Debian 7.11.0 Debian 6.0.10 Debian 5.0.10 Debian 4.0.9 Debian 3.1.8 Debian 2.2.7 Debian 2.0.0 Dell UNIX SVR4 2.2 DragonFly 6.4.0 DragonFly 5.8.3 DragonFly 4.8.1 DragonFly 3.8.2 DragonFly 2.10.1 DragonFly 1.12.1 DragonFly 1.0A HP-UX 11.22 HP-UX 11.20 HP-UX 11.11 HP-UX 11.00 HP-UX 10.20 HP-UX 10.10 HP-UX 10.01 HP-UX 9.07 HP-UX 8.07 Inferno 4th Edition IRIX 6.5.30 Linux Slackware 3.1 MACH 2.5/i386 macOS 26.0 macOS 15.7 macOS 14.8 macOS 13.6.5 macOS 12.7.3 macOS 11.1 macOS 10.15.0 macOS 10.13.6 macOS 10.12.0 Minix 3.3.0 Minix 3.2.1 Minix 3.2.0 Minix 3.1.7 Minix 3.1.6 Minix 3.1.5 Minix 2.0.0 NetBSD 10.1 NetBSD 10.0 NetBSD 9.4 NetBSD 9.3 NetBSD 9.2 NetBSD 9.1 NetBSD 9.0 NetBSD 8.2 NetBSD 8.1 NetBSD 8.0 NetBSD 7.1 NetBSD 7.0 NetBSD 6.1.5 NetBSD 6.0 NetBSD 5.1 NetBSD 5.0 NetBSD 4.0.1 NetBSD 4.0 NetBSD 3.1 NetBSD 3.0 NetBSD 2.1 NetBSD 2.0.2 NetBSD 2.0 NetBSD 1.6.2 NetBSD 1.6.1 NetBSD 1.6 NetBSD 1.5.3 NetBSD 1.5.2 NetBSD 1.5.1 NetBSD 1.5 NetBSD 1.4.3 NetBSD 1.4.2 NetBSD 1.4.1 NetBSD 1.4 NetBSD 1.3.3 NetBSD 1.3.2 NetBSD 1.3.1 NetBSD 1.3 NetBSD 1.2.1 NetBSD 1.2 NetBSD 1.1 NetBSD 1.0 NeXTSTEP 3.3 OpenBSD 7.7 OpenBSD 7.6 OpenBSD 7.5 OpenBSD 7.4 OpenBSD 7.3 OpenBSD 7.2 OpenBSD 7.1 OpenBSD 7.0 OpenBSD 6.9 OpenBSD 6.8 OpenBSD 6.7 OpenBSD 6.6 OpenBSD 6.5 OpenBSD 6.4 OpenBSD 6.3 OpenBSD 6.2 OpenBSD 6.1 OpenBSD 6.0 OpenBSD 5.9 OpenBSD 5.8 OpenBSD 5.7 OpenBSD 5.6 OpenBSD 5.5 OpenBSD 5.4 OpenBSD 5.3 OpenBSD 5.2 OpenBSD 5.1 OpenBSD 5.0 OpenBSD 4.9 OpenBSD 4.8 OpenBSD 4.7 OpenBSD 4.6 OpenBSD 4.5 OpenBSD 4.4 OpenBSD 4.3 OpenBSD 4.2 OpenBSD 4.1 OpenBSD 4.0 OpenBSD 3.9 OpenBSD 3.8 OpenBSD 3.7 OpenBSD 3.6 OpenBSD 3.5 OpenBSD 3.4 OpenBSD 3.3 OpenBSD 3.2 OpenBSD 3.1 OpenBSD 3.0 OpenBSD 2.9 OpenBSD 2.8 OpenBSD 2.7 OpenBSD 2.6 OpenBSD 2.5 OpenBSD 2.4 OpenBSD 2.3 OpenBSD 2.2 OpenBSD 2.1 OpenBSD 2.0 OpenDarwin 7.2.1 OpenDarwin 6.6.2/x86 OpenDarwin 6.6.1/x86 OpenDarwin 20030208pre4/ppc OpenIndiana 2024.10 OpenIndiana 2022.10 OpenIndiana 2020.10 OpenIndiana 2017.10 OpenIndiana 2015.10 OpenIndiana 2013.08 OpenSolaris 2010.03 OpenSolaris 2009.06 OpenStep 4.2 openSUSE 42.3 openSUSE 42.2 openSUSE 42.1 openSUSE 16.0 openSUSE 15.6 openSUSE 15.5 openSUSE 15.4 openSUSE 15.3 openSUSE 15.2 openSUSE 15.1 openSUSE 15.0 openSUSE 13.2 openSUSE 13.1 openSUSE 11.4 openSUSE 11.3 openSUSE 11.2 openSUSE 10.3 openSUSE 10.2 OSF1 V5.1/alpha OSF1 V4.0/alpha OSF1 V1.0/mips Plan 9 Red Hat 9.0 Red Hat 8.0 Red Hat 7.3 Red Hat 7.2 Red Hat 7.1 Red Hat 7.0 Red Hat 6.2 Red Hat 6.1 Red Hat 5.2 Red Hat 5.0 Red Hat 4.2 Rhapsody DR1 Rhapsody DR2 Rocky 10.0 Rocky 9.6 Rocky 9.5 Rocky 9.4 Rocky 9.3 Rocky 9.2 Rocky 9.1 Rocky 9.0 Rocky 8.10 Rocky 8.9 Rocky 8.8 Rocky 8.7 Rocky 8.6 Rocky 8.5 Rocky 8.4 Rocky 8.3 Sun UNIX 0.4 SunOS 5.10 SunOS 5.9 SunOS 5.8 SunOS 5.7 SunOS 5.6 SunOS 5.5.1 SunOS 4.1.3 SuSE 11.3 SuSE 11.2 SuSE 11.1 SuSE 11.0 SuSE 10.3 SuSE 10.2 SuSE 10.1 SuSE 10.0 SuSE 9.3 SuSE 9.2 SuSE 8.2 SuSE 8.1 SuSE 8.0 SuSE 7.3 SuSE 7.2 SuSE 7.1 SuSE 7.0 SuSE 6.4 SuSE 6.3 SuSE 6.1 SuSE 6.0 SuSE 5.3 SuSE 5.2 SuSE 5.0 SuSE 4.3 SuSE ES 10 SP1 Ubuntu 24.04 noble Ubuntu 23.10 mantic Ubuntu 22.04 jammy Ubuntu 20.04 focal Ubuntu 18.04 bionic Ubuntu 16.04 xenial Ubuntu 14.04 trusty ULTRIX 4.2 Ultrix-32 2.0/VAX Unix Seventh Edition X11R7.4 X11R7.3.2 X11R7.2 X11R6.9.0 X11R6.8.2 X11R6.7.0 XFree86 4.8.0 XFree86 4.7.0 XFree86 4.6.0 XFree86 4.5.0 XFree86 4.4.0 XFree86 4.3.0 XFree86 4.2.99.3 XFree86 4.2.0 XFree86 4.1.0 XFree86 4.0.2 XFree86 4.0.1 XFree86 4.0 XFree86 3.3.6 XFree86 3.3 XFree86 2.1 All Architectures html pdf ascii

home | help

---

DNSSEC-SETTIME(1)		    BIND 9		     DNSSEC-SETTIME(1)

NAME
       dnssec-settime -	set the	key timing metadata for	a DNSSEC key

SYNOPSIS
       dnssec-settime  [-f]  [-K  directory]  [-L ttl] [-P date/offset]	[-P ds
       date/offset] [-P	sync date/offset] [-A  date/offset]  [-R  date/offset]
       [-I   date/offset]  [-D	date/offset]  [-D  ds  date/offset]  [-D  sync
       date/offset] [-S	key] [-i interval] [-h]	[-V] [-v  level]  [-E  engine]
       {keyfile} [-s] [-g state] [-d state date/offset]	[-k state date/offset]
       [-r state date/offset] [-z state	date/offset]

DESCRIPTION
       dnssec-settime  reads a DNSSEC private key file and sets	the key	timing
       metadata	as specified by	the -P,	-A, -R,	-I, and	-D options. The	 meta-
       data  can  then be used by dnssec-signzone or other signing software to
       determine when a	key is to be published,	whether	it should be used  for
       signing a zone, etc.

       If  none	 of  these  options is set on the command line,	dnssec-settime
       simply prints the key timing metadata already stored in the key.

       When key	metadata  fields  are  changed,	 both  files  of  a  key  pair
       (Knnnn.+aaa+iiiii.key and Knnnn.+aaa+iiiii.private) are regenerated.

       Metadata	 fields	 are  stored in	the private file. A human-readable de-
       scription of the	metadata is also placed	in comments in the  key	 file.
       The  private  file's  permissions  are always set to be inaccessible to
       anyone other than the owner (mode 0600).

       When working with state files, it is  possible  to  update  the	timing
       metadata	 in those files	as well	with -s.  With this option, it is also
       possible	to update key states with -d (DS), -k (DNSKEY),	-r  (RRSIG  of
       KSK),  or  -z  (RRSIG of	ZSK). Allowed states are HIDDEN, RUMOURED, OM-
       NIPRESENT, and UNRETENTIVE.

       The goal	state of the key can also be set with -g. This should  be  ei-
       ther  HIDDEN or OMNIPRESENT, representing whether the key should	be re-
       moved from the zone or published.

       It is NOT RECOMMENDED to	manipulate state files	manually,  except  for
       testing purposes.

OPTIONS
       -f     This  option forces an update of an old-format key with no meta-
	      data fields. Without this	option,	dnssec-settime fails when  at-
	      tempting	to  update  a legacy key. With this option, the	key is
	      recreated	in the new format, but with the	original key data  re-
	      tained.  The  key's creation date	is set to the present time. If
	      no other values are specified, then the  key's  publication  and
	      activation dates are also	set to the present time.

       -K directory
	      This option sets the directory in	which the key files are	to re-
	      side.

       -L ttl This  option sets	the default TTL	to use for this	key when it is
	      converted	into a DNSKEY RR. This is the TTL used when the	key is
	      imported into a zone, unless there was already a DNSKEY RRset in
	      place, in	which case the existing	TTL takes precedence. If  this
	      value  is	not set	and there is no	existing DNSKEY	RRset, the TTL
	      defaults to the SOA TTL. Setting the default TTL to  0  or  none
	      removes it from the key.

       -h     This option emits	a usage	message	and exits.

       -V     This option prints version information.

       -v level
	      This option sets the debugging level.

       -E engine
	      This  option  specifies  the cryptographic hardware to use, when
	      applicable.

	      When BIND	9 is built with	OpenSSL, this needs to be set  to  the
	      OpenSSL engine identifier	that drives the	cryptographic acceler-
	      ator or hardware service module (usually pkcs11).

TIMING OPTIONS
       Dates  can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS	(which
       is the format used inside key files), or	'Day Mon DD HH:MM:SS YYYY' (as
       printed by dnssec-settime -p),  or  UNIX	 epoch	time  (as  printed  by
       dnssec-settime -up), or the literal now.

       The  argument  can  be  followed	by + or	- and an offset	from the given
       time. The literal now can be omitted before an offset. The  offset  can
       be followed by one of the suffixes y, mo, w, d, h, or mi, so that it is
       computed	 in  years (defined as 365 24-hour days, ignoring leap years),
       months (defined as 30 24-hour days), weeks, days,  hours,  or  minutes,
       respectively. Without a suffix, the offset is computed in seconds.

       To unset	a date,	use none, never, or unset.

       All these formats are case-insensitive.

       -P date/offset
	      This  option  sets the date on which a key is to be published to
	      the zone.	After that date, the key is included in	the  zone  but
	      is not used to sign it.

	      ds date/offset
		     This  option sets the date	on which DS records that match
		     this key have been	seen in	the parent zone.

	      sync date/offset
		     This option sets  the  date  on  which  CDS  and  CDNSKEY
		     records  that  match  this	key are	to be published	to the
		     zone.

       -A date/offset
	      This option sets the date	on which the key is to	be  activated.
	      After  that  date,  the  key is included in the zone and used to
	      sign it.

       -R date/offset
	      This option sets the date	on which the key is to be revoked. Af-
	      ter that date, the key is	flagged	as revoked. It is included  in
	      the zone and is used to sign it.

       -I date/offset
	      This option sets the date	on which the key is to be retired. Af-
	      ter  that	date, the key is still included	in the zone, but it is
	      not used to sign it.

       -D date/offset
	      This option sets the date	on which the key is to be deleted. Af-
	      ter that date, the key is	no longer included in the zone.	 (How-
	      ever, it may remain in the key repository.)

	      ds date/offset
		     This  option  sets	 the date on which the DS records that
		     match this	key have been seen  removed  from  the	parent
		     zone.

	      sync date/offset
		     This  option  sets	 the date on which the CDS and CDNSKEY
		     records that match	this key are to	be deleted.

       -S predecessor key
	      This option selects a key	for which the key being	modified is an
	      explicit successor. The name, algorithm, size, and type  of  the
	      predecessor  key must exactly match those	of the key being modi-
	      fied. The	activation date	of the successor key is	set to the in-
	      activation date of the predecessor. The publication date is  set
	      to  the activation date minus the	prepublication interval, which
	      defaults to 30 days.

       -i interval
	      This option sets the prepublication interval for a key. If  set,
	      then  the	 publication and activation dates must be separated by
	      at least this much time. If the activation date is specified but
	      the publication date is not, the publication  date  defaults  to
	      this  much  time	before the activation date; conversely,	if the
	      publication date is specified but	not the	activation date, acti-
	      vation is	set to this much time after publication.

	      If the key is being created as an	explicit successor to  another
	      key, then	the default prepublication interval is 30 days;	other-
	      wise it is zero.

	      As  with date offsets, if	the argument is	followed by one	of the
	      suffixes y, mo, w, d, h, or mi,  the  interval  is  measured  in
	      years,  months,  weeks,  days,  hours, or	minutes, respectively.
	      Without a	suffix,	the interval is	measured in seconds.

KEY STATE OPTIONS
       To test dnssec-policy it	may be necessary to construct keys with	 arti-
       ficial  state information; these	options	are used by the	testing	frame-
       work for	that purpose, but should never be used in production.

       Known key states	are HIDDEN, RUMOURED, OMNIPRESENT, and UNRETENTIVE.

       -s     This option indicates that when setting  key  timing  data,  the
	      state file should	also be	updated.

       -g state
	      This  option sets	the goal state for this	key. Must be HIDDEN or
	      OMNIPRESENT.

       -d state	date/offset
	      This option sets the DS state for	this key as of	the  specified
	      date, offset from	the current date.

       -k state	date/offset
	      This  option sets	the DNSKEY state for this key as of the	speci-
	      fied date, offset	from the current date.

       -r state	date/offset
	      This option sets the RRSIG (KSK) state for this key  as  of  the
	      specified	date, offset from the current date.

       -z state	date/offset
	      This  option  sets  the RRSIG (ZSK) state	for this key as	of the
	      specified	date, offset from the current date.

PRINTING OPTIONS
       dnssec-settime can also be used to print	the timing metadata associated
       with a key.

       -u     This option indicates that times should be printed in Unix epoch
	      format.

       -p C/P/Pds/Psync/A/R/I/D/Dds/Dsync/all
	      This option prints a specific metadata value or set of  metadata
	      values.	The  -p	 option	 may be	followed by one	or more	of the
	      following	letters	or strings to indicate which value  or	values
	      to  print:  C for	the creation date, P for the publication date,
	      Pds` for the DS  publication  date,  ``Psync  for	 the  CDS  and
	      CDNSKEY  publication  date, A for	the activation date, R for the
	      revocation date, I for the inactivation date, D for the deletion
	      date, Dds	for the	DS deletion date, and Dsync for	 the  CDS  and
	      CDNSKEY deletion date. To	print all of the metadata, use all.

SEE ALSO
       dnssec-keygen(8),  dnssec-signzone(8),  BIND  9 Administrator Reference
       Manual, RFC 5011.

AUTHOR
       Internet	Systems	Consortium

COPYRIGHT
       2025, Internet Systems Consortium

9.20.9				  2025-05-08		     DNSSEC-SETTIME(1)

---

NAME | SYNOPSIS | DESCRIPTION | OPTIONS | TIMING OPTIONS | KEY STATE OPTIONS | PRINTING OPTIONS | SEE ALSO | AUTHOR | COPYRIGHT

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=dnssec-settime&sektion=1&manpath=FreeBSD+Ports+14.3.quarterly>

home | help

---

Legal Notices | © 1995-2025 The FreeBSD Project. All rights reserved.

Contact