genkrf - Man Page

Generate a keyrec file from Key Signing Key (KSK) and/or Zone Signing Key (ZSK) files

Synopsis

  genkrf [options] <zone-file> [<signed-zone-file>]

Description

genkrf generates a keyrec file from KSK and/or ZSK files.  It generates new KSK and ZSK keys if needed.

The name of the keyrec file to be generated is given by the -krfile option.  If this option is not specified, zone-name.krf is used as the name of the keyrec file.  If the keyrec file already exists, it will be overwritten with new keyrec definitions.

The zone-file argument is required.  It specifies the name of the zone file from which the signed zone file was created.  The optional signed-zone-file argument specifies the name of the signed zone file.  If it is not given, then it defaults to zone-file.signed.  The signed zone file field is, in effect, a dummy field as the zone file is not actually signed.

Options

genkrf has a number of options that assist in creation of the keyrec file.  These options will be set to the first value found from this search path:

    command line options
    DNSSEC-Tools configuration file
    DNSSEC-Tools defaults

See tooloptions.pm(3) for more details. Exceptions to this are given in the option descriptions.

The genkrf options are described below.

General genkrf Options

-zone zone-name

This option specifies the name of the zone.  If it is not given then zone-file will be used as the name of the zone.

-krfile keyrec-file

This option specifies the name of the keyrec file to be generated. If it is not given, then zone-name.krf will be used.

-algorithm algorithm

This option specifies the algorithm used to generate encryption keys.

-endtime endtime

This option specifies the time that the signature on the zone expires, measured in seconds.

-random random-device

Source of randomness used to generate the zone's keys. See the man page for dnssec-signzone for the valid format of this field.

-verbose

Display additional messages during processing.  If this option is given at least once, then a message will be displayed indicating the successful generation of the keyrec file.  If it is given twice, then the values of all options will also be displayed.

-Version

Displays the version information for genkrf and the DNSSEC-Tools package.

-help

Display a usage message.

Author

Wayne Morrison, tewok@tislabs.com

See Also

dnssec-keygen(8), dnssec-signzone(8), zonesigner(8)

Net::DNS::SEC::Tools::conf.pm(3), Net::DNS::SEC::Tools::defaults.pm(3), Net::DNS::SEC::Tools::keyrec.pm(3)

conf(5), keyrec(5)

Info

2024-06-10 perl v5.40.0 User Contributed Perl Documentation