System administration command. Sign a secure DNS zonefile with the signatures in the specified list of key-identifiers. If signed keysets associated with the zone are found in the current directory, include their signatures in the signed zone file. The dnssec-signzone command writes the signed zone information to a file named db-domainname.signed. This file should be referenced in a zone statement in a named.conf file. For more information on Secure DNS, see DNS and BIND (O'Reilly), or read RFC 2535.
Verify generated signatures.
Specify the DNS class of the keyset.
Search directory for signed keyfiles.
Specify the date and time the records will expire. The end-time may be specified in yyyymmddhhmmss notation, or given as +n seconds from the start-time. The default is 30 days from start-time.
Write output to the specified file instead of the default output file.
Print help message, then exit.
When signing a previously signed zone, replace any records due to expire within the specified number of days. The default is one quarter of the number of days between the signature's start-time and end-time.
Specify the number of threads to use when signing the zone file. The default is one for each detected CPU.
Specify the zone origin. The name of the zone file is the default origin.
Use pseudo-random data to sign the zone key.
Specify the device to use as a source of randomness when creating keys. This can be a device file, a file containing random data, or the string keyboard to specify keyboard input. By default, /dev/random will be used when available, and keyboard input will be used when it is not.
Specify the date and time the records become valid. The end-time may be specified in yyyymmddhhmmss notation, or given as +n seconds from the current time. The default is the current time.