Zonesigner
From DNSSEC-Tools Wiki
| DNSSEC-Tools Component | |
| zonesigner | |
| This describes zonesigner, which in the Zone Administration Tools category within the DNSSEC-Tools Components framework of tools. | |
| Tool Name: | zonesigner |
| Tool Type: | Zone Administration Tools |
| Manual: | Manual |
|---|---|
| Example: | Example |
| CLI: | Help |
| Tutorial: | Tutorial |
About
Zonesigner is a DNS Zone File signing script that makes the process of signing DNS zones incredibly easy. With a single call to the script you can perform all the needed operations of zonesigning in one call. Although it is designed to "just do the right thing" It is highly flexible and can be tailored to meet the needs of each deployed environment.
Getting Started
Getting started with zonesigner is easy. Simply run it as follows the first time:
zonesigner --genkeys db.example.com db.example.com.signed
It will generate new keys for you (that's what the --genkeys option does) and place the finished and signed zone file in the db.example.com.signed file which you should serve with your name server. Next time you need to update your zone simply run the same command without the --genkeys option:
zonesigner db.example.com db.example.com.signed
That's it! There are, of course, many other options.
See the Sign Your Zone page for a complete example with data and output results, as well as the example output web page for other example usage.
