genkrf man page

genkrf — Generate a keyrec file from Key Signing Key (KSK) and/or Zone Signing Key (ZSK) files

Synopsis

genkrf [options] <zone-file> [<signed-zone-file>]

Description

genkrf generates a keyrec file from KSK and/or ZSK files. It generates new KSK and ZSK keys if needed.

The name of the keyrec file to be generated is given by the -krfile option. If this option is not specified, zone-name.krf is used as the name of the keyrec file. If the keyrec file already exists, it will be overwritten with new keyrec definitions.

The zone-file argument is required. It specifies the name of the zone file from which the signed zone file was created. The optional signed-zone-file argument specifies the name of the signed zone file. If it is not given, then it defaults to zone-file.signed. The signed zone file field is, in effect, a dummy field as the zone file is not actually signed.

Options

genkrf has a number of options that assist in creation of the keyrec file. These options will be set to the first value found from this search path:

command line options
DNSSEC-Tools configuration file
DNSSEC-Tools defaults

See tooloptions.pm(3) for more details. Exceptions to this are given in the option descriptions.

The genkrf options are described below.

General genkrf Options

-zone zone-name
This option specifies the name of the zone. If it is not given then zone-file will be used as the name of the zone.
-krfile keyrec-file
This option specifies the name of the keyrec file to be generated. If it is not given, then zone-name.krf will be used.
-algorithm algorithm
This option specifies the algorithm used to generate encryption keys.
-endtime endtime
This option specifies the time that the signature on the zone expires, measured in seconds.
-random random-device
Source of randomness used to generate the zone's keys. See the man page for dnssec-signzone for the valid format of this field.
-verbose
Display additional messages during processing. If this option is given at least once, then a message will be displayed indicating the successful generation of the keyrec file. If it is given twice, then the values of all options will also be displayed.
-Version
Displays the version information for genkrf and the DNSSEC-Tools package.
-help
Display a usage message.

Author

Wayne Morrison, tewok@tislabs.com

See Also

dnssec-keygen(8), dnssec-signzone(8), zonesigner(8)

Net::DNS::SEC::Tools::conf.pm(3), Net::DNS::SEC::Tools::defaults.pm(3), Net::DNS::SEC::Tools::keyrec.pm(3)

conf(5), keyrec(5)

Info

2015-06-30 perl v5.24.0 User Contributed Perl Documentation