Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help 
RRSIG(1)		    General Commands Manual		      RRSIG(1)

NAME
       rrsig --	generate RRSIG records for a zone

SYNOPSIS
       rrsig [-kz] [-s start] [-e end] keyfile [zonefile]

DESCRIPTION
       rrsig  signs  the  records in a zone and	writes DNSSEC RRSIG records to
       standard	output.

       The signatures are generated for	the zone described in zonefile,	 which
       must be in the format described by RFC 1035.

       An  RRSIG record	contains a signature for a set of DNS records (RRset),
       all with	the same name and type.	 These records are returned along with
       the results of a	query and the signatures can be	verified with the pub-
       lic keys	in the DNSKEY records for the domain.

OPTIONS
       -k      Sign the	DNSKEY records in the zone.  The key in	 keyfile  must
	       have a DNSKEY record in the zone	with the SEP flag set.

       -z      Sign  the  non-DNSKEY  records in the zone.  The	key in keyfile
	       must have a DNSKEY record in the	zone.

       -s      The unix	time at	which the signature becomes valid.

       -e      The unix	time after which the signature is no longer valid.

       If neither -k or	-z is specified, all records in	the zone are signed.

EXAMPLES
       Sign the	records	in the example.com zone	with the key in	key.pem

	     $ rrsig key.pem example.com.zone
	     example.com.    86400   IN	     RRSIG   SOA 13 2 86400 20200616002419 20200517002419 32716	example.com. pT8tmBBTpTG139CBJbN1MbshvygYyaiNn713gmvMw2Y/C2dTwGSZwuriXOk7luLb+Ej9OHvcjgaNaVzWnu5IiQ==
	     example.com.    86400   IN	     RRSIG   A 13 2 86400 20200616002419 20200517002419	32716 example.com. ziulNlLfYTwUO0VGiVW4TSR3Pfg8j/RhUhuWCbL2rn9PVBUIr3P0ql5JHkfskfCy9BNDIW7rSIWxwuLBULfudw==
	     example.com.    86400   IN	     RRSIG   NS	13 2 86400 20200616002419 20200517002419 32716 example.com. 9FdDokZ6RWGcAZTgpB430T71t9NZWeCZLTqxkeDyi77vxDt5eRwCNdzdDIEYaChGIfX6NBcrFIZ9Arz7vEA+ww==
	     example.com.    1200    IN	     RRSIG   NSEC 13 2 1200 20200616002419 20200517002419 32716	example.com. QeClnuEuVdq0Wppv+kH0DNR3huWFw7Rack0ZuFRqEpRLfVx/NTaaieHBax4SJTgecaF2MgpT+f/yJsRe/rsr3g==
	     example.com.    86400   IN	     RRSIG   DNSKEY 13 2 86400 20200616002419 20200517002419 32716 example.com.	ypFHj/ttCnJkzOsCSj+SM+pU7yj9jfT7IaHZpotrU1ITOQBj2x+5nhQSj7dAbi21N4Vjie1rS5vx7E6T2g0msg==
	     ns1.example.com.	     86400   IN	     RRSIG   A 13 3 86400 20200616002419 20200517002419	32716 example.com. /M9W4asOST8JuRfibKA0hf780GX3HglEsgB1PoNuV2PCK5sTXWKVexb7wfxAeBAK/gDsLy3HQIPH2im6iRuI9g==
	     ns1.example.com.	     1200    IN	     RRSIG   NSEC 13 3 1200 20200616002419 20200517002419 32716
	     example.com. Mph6z5j6ZePdrxoO/vBr1rwA76a/0lpkUEfsiNWOtELtoPCNRrhRDxvQWM/mPfRw+plfzFXqANymU5shvPwZZA==

SEE ALSO
       dnskey(1), ds(1), rrsig(1), tlsa(1)

FreeBSD	ports 15.0		 May 10, 2021			      RRSIG(1)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=rrsig&sektion=1&manpath=FreeBSD+Ports+15.0>

home | help