FreeBSD Manual Pages
KZONESIGN(1) Knot DNS KZONESIGN(1) NAME kzonesign - DNSSEC signing utility SYNOPSIS kzonesign [config_option] [options] zone_name DESCRIPTION This utility reads the zone's zone file, signs the zone according to given configuration, and writes the signed zone file back. An alterna- tive mode is DNSSEC validation of the given zone. The signing or vali- dation can run in parallel if enabled in the configuration (see pol- icy.signing-threads and zone.adjust-threads). Parameters zone_name A name of the zone to be signed. Config options -c, --config file Use a textual configuration file (default is /usr/lo- cal/etc/knot/knot.conf). -C, --confdb directory Use a binary configuration database directory (default is /usr/local/var/lib/knot/confdb). The default configuration database, if exists, has a preference to the default configura- tion file. Options -o, --outdir dir_name Write the output zone file to the specified directory instead of the configured one. -r, --rollover Allow key roll-overs and NSEC3 re-salt. In order to finish pos- sible KSK submission, set the KSK's active timestamp to now (+0) using keymgr. -v, --verify Instead of (re-)signing the zone, just verify that the zone is correctly signed. -t, --time timestamp Sign/verify the zone (and roll the keys if necessary) as if it was at the time specified by timestamp. -h, --help Print the program help. -V, --version Print the program version. The option -VV makes the program print the compile time configuration summary. EXIT VALUES Exit status of 0 means successful operation. Any other exit status in- dicates an error. SEE ALSO knot.conf(5), keymgr(8). AUTHOR CZ.NIC Labs <https://www.knot-dns.cz> COPYRIGHT Copyright 20102025, CZ.NIC, z.s.p.o. 3.4.6 2025-04-10 KZONESIGN(1)
NAME | SYNOPSIS | DESCRIPTION | EXIT VALUES | SEE ALSO | AUTHOR | COPYRIGHT
Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=kzonesign&sektion=1&manpath=FreeBSD+Ports+14.3.quarterly>