opendkim-genzone man page

opendkim-genzone — DKIM public key zone file generation tool

Synopsis

opendkim-genzone [-C address] [-d domain] [-D] [-E secs] [-F] [-N ns[,...]] [-o file] [-r secs] [-R secs] [-S] [-t secs] [-T secs] [-u] [-v] [-x conffile] [dataset]

Description

opendkim-genzone generates a file suitable for use with named(8) to publish a set of public keys.

The dataset parameter should specify a set of data as described in the opendkim(8) man page.  It can currently refer to flat files, Sleepycat databases, comma-separated lists, LDAP directories or SQL databases.  The dataset may be omitted if a configuration file (via the -x command line flag) is specified referring to a configuration file that sets a KeyTable parameter, in which case that value will be used.

The database contents should be formatted as described for the KeyTable parameter, described in the opendkim.conf(5) man page.

Options

-C contact

Uses contact as the contact information to be used when an SOA record is generated (see -S below).  If not specified, the userid of the executing user and the local hostname will be used; if the executing user can't be determined, "hostmaster" will be used.

-d domain

Restricts output to those records for which the domain field is the specified domain.

-D

Adds a "._domainkey" suffix to selector names in the zone file.

-E secs

When generating an SOA record (see -S below), use secs as the default record expiration time.  The default is 604800.

-F

Adds a "._domainkey" suffix and the domainname to selector names in the zone file.

-N nslist

Specifies a comma-separated list of nameservers, which will be output in NS records before the TXT records.  The first nameserver in this list will also be used in the SOA record (if -S is also specified) as the authority hostname.

-o file

Sends output to the named file rather than standard output.

-r secs

When generating an SOA record (see -S below), use secs as the zone refresh time.  The default is 10800.

-R secs

When generating an SOA record (see -S below), use secs as the zone retry time.  The default is 1800.

-s

Extends the logic of "-d" to include subdomains.

-S

Asks for an SOA record to be generated at the top of the output.  The content of this output can be controlled using the -E, -r, -R, -T options.  The serial number will be generated based on the current time of day.

-t ttl

Puts a TTL (time-to-live) value of ttl on all records output.  The units are in seconds.

-T secs

When generating an SOA record (see -S below), use secs as the default record TTL time.  The default is 86400.

-u

Produce output suitable for use as input to nsupdate(8).

-v

Increases the verbosity of debugging output written to standard error.

-x conffile

Names an opendkim.conf(5) file to be read for LDAP-specific parameters when an LDAP dataset is given on the command line.  Not required for other dataset types. The default is /etc/opendkim.conf.

Version

This man page covers the version of opendkim-genzone that shipped with version 2.11.0 of OpenDKIM.

See Also

nsupdate(8), opendkim(8), opendkim.conf(5)

Info

The Trusted Domain Project