EnglishFrenchSpanish

Ad


OnWorks favicon

ldns-signzone - Online in the Cloud

Run ldns-signzone in OnWorks free hosting provider over Ubuntu Online, Fedora Online, Windows online emulator or MAC OS online emulator

This is the command ldns-signzone that can be run in the OnWorks free hosting provider using one of our multiple free online workstations such as Ubuntu Online, Fedora Online, Windows online emulator or MAC OS online emulator

PROGRAM:

NAME


ldns-signzone - sign a zonefile with DNSSEC data

SYNOPSIS


ldns-signzone [ OPTIONS ] ZONEFILE KEY [KEY [KEY] ... ]

DESCRIPTION


ldns-signzone is used to generate a DNSSEC signed zone. When run it will create a new
zonefile that contains RRSIG and NSEC resource records, as specified in RFC 4033, RFC 4034
and RFC 4035.

Keys must be specified by their base name (i.e. without .private). If the DNSKEY that
belongs to the key in the .private file is not present in the zone, it will be read from
the file <base name>.key. If that file does not exist, the DNSKEY value will be generated
from the private key.

Multiple keys can be specified, Key Signing Keys are used as such when they are either
already present in the zone, or specified in a .key file, and have the KSK bit set.

OPTIONS


-b Augments the zone and the RR's with extra comment texts for a more readable layout,
easier to debug. DS records will have a bubblebabble version of the data in the
comment text, NSEC3 records will have the original NSEC3 in the comment text.

Without this option, only DNSKEY RR's will have their Key Tag annotated in the
comment text.

-d Normally, if the DNSKEY RR for a key that is used to sign the zone is not found in
the zone file, it will be read from .key, or derived from the private key (in that
order). This option turns that feature off, so that only the signatures are added
to the zone.

-e date
Set expiration date of the signatures to this date, the format can be
YYYYMMDD[hhmmss], or a timestamp.

-f file
Use this file to store the signed zone in (default <originalfile>.signed)

-i date
Set inception date of the signatures to this date, the format can be
YYYYMMDD[hhmmss], or a timestamp.

-o origin
Use this as the origin of the zone

-v Print the version and exit

-A Sign the DNSKEY record with all keys. By default it is signed with a minimal
number of keys, to keep the response size for the DNSKEY query small, and only the
SEP keys that are passed are used. If there are no SEP keys, the DNSKEY RRset is
signed with the non-SEP keys. This option turns off the default and all keys are
used to sign the DNSKEY RRset.

-E name
Use the EVP cryptographic engine with the given name for signing. This can have
some extra options; see ENGINE OPTIONS for more information.

-k id,int
Use the key with the given id as the signing key for algorithm int as a Zone
signing key. This option is used when you use an OpenSSL engine, see ENGINE OPTIONS
for more information.

-K id,int

Use the key with the given id as the signing key for algorithm int as a Key signing
key. This options is used when you use an OpenSSL engine, see ENGINE OPTIONS for
more information.

-n Use NSEC3 instead of NSEC.

If you use NSEC3, you can specify the following extra options:

-a algorithm
Algorithm used to create the hashed NSEC3 owner names

-p Opt-out. All NSEC3 records in the zone will have the Opt-out flag set. After
signing, you can add insecure delegations to the signed zone.

-s string
Salt

-t number
Number of hash iterations

ENGINE OPTIONS


You can modify the possible engines, if supported, by setting an OpenSSL configuration
file. This is done through the environment variable OPENSSL_CONF. If you use -E with a
non-existent engine name, ldns-signzone will print a list of engines supported by your
configuration.

The key options (-k and -K) work as follows; you specify a key id, and a DNSSEC algorithm
number (for instance, 5 for RSASHA1). The key id can be any of the following:

<id>
<slot>:<id>
id_<id>
slot_<slot>-id_<id>
label_<label>
slot_<slot>-label_<label>

Where '<id>' is the PKCS #11 key identifier in hexadecimal notation, '<label>' is the PKCS
#11 human-readable label, and '<slot>' is the slot number where the token is present.

If not already present, a DNSKEY RR is generated from the key data, and added to the zone.

EXAMPLES


ldns-signzone nlnetlabs.nl Knlnetlabs.nl.+005+12273
Sign the zone in the file 'nlnetlabs.nl' with the key in the files
'Knlnetlabs.nl.+005+12273.private'. If the DNSKEY is not present in the zone, use
the key in the file 'Knlnetlabs.nl.+005+12273.key'. If that is not present,
generate one with default values from 'Knlnetlabs.nl.+005+12273.private'.

Use ldns-signzone online using onworks.net services


Free Servers & Workstations

Download Windows & Linux apps

  • 1
    wxPython
    wxPython
    A set of Python extension modules that
    wrap the cross-platform GUI classes from
    wxWidgets.. Audience: Developers. User
    interface: X Window System (X11), Win32 ...
    Download wxPython
  • 2
    packfilemanager
    packfilemanager
    This is the Total War pack file manager
    project, starting from version 1.7. A
    short introduction into Warscape
    modding: ...
    Download packfilemanager
  • 3
    IPerf2
    IPerf2
    A network traffic tool for measuring
    TCP and UDP performance with metrics
    around both throughput and latency. The
    goals include maintaining an active
    iperf cod...
    Download IPerf2
  • 4
    fre:ac - free audio converter
    fre:ac - free audio converter
    fre:ac is a free audio converter and CD
    ripper for various formats and encoders.
    It features MP3, MP4/M4A, WMA, Ogg
    Vorbis, FLAC, AAC, and Bonk format
    support, ...
    Download fre:ac - free audio converter
  • 5
    BotMan
    BotMan
    Write your chatbot logic once and
    connect it to one of the available
    messaging services, including Amazon
    Alexa, Facebook Messenger, Slack,
    Telegram or even yo...
    Download BotMan
  • 6
    gerbv  a Gerber (RS-274X) viewer
    gerbv a Gerber (RS-274X) viewer
    Gerbv is an open source Gerber file
    (RS-274X only) viewer. Gerbv lets you
    load several files on top of each other,
    do measurements on the displayed image,
    etc. ...
    Download gerbv a Gerber (RS-274X) viewer
  • 7
    Iometer
    Iometer
    I/O performance Analysis Tool.
    Audience: Developers, Information
    Technology, Science/Research, System
    Administrators. User interface: Win32
    (MS Windows). Progr...
    Download Iometer
  • More »

Linux commands

Ad