oreilly.comSafari Books Online.Conferences.


Linux in a Nutshell

This directory of Linux commands is from Linux in a Nutshell, 5th Edition.

Click on any of the 687 commands below to get a description and list of available options. All links in the command summaries point to the online version of the book on Safari Bookshelf.

Buy it now, or read it online on Safari Bookshelf.


dnssec-signzone [options] zonefile [key-identifiers]

System administration command. Sign a secure DNS zonefile with the signatures in the specified list of key-identifiers. If signed keysets associated with the zone are found in the current directory, include their signatures in the signed zone file. The dnssec-signzone command writes the signed zone information to a file named db-domainname.signed. This file should be referenced in a zone statement in a named.conf file. For more information on Secure DNS, see DNS and BIND (O'Reilly), or read RFC 2535.



Verify generated signatures.

-c class

Specify the DNS class of the keyset.

-d directory

Search directory for signed keyfiles.

-e end-time

Specify the date and time the records will expire. The end-time may be specified in yyyymmddhhmmss notation, or given as +n seconds from the start-time. The default is 30 days from start-time.

-f file

Write output to the specified file instead of the default output file.


Print help message, then exit.

-i days

When signing a previously signed zone, replace any records due to expire within the specified number of days. The default is one quarter of the number of days between the signature's start-time and end-time.

-n threads

Specify the number of threads to use when signing the zone file. The default is one for each detected CPU.

-o origin

Specify the zone origin. The name of the zone file is the default origin.


Use pseudo-random data to sign the zone key.

-r device

Specify the device to use as a source of randomness when creating keys. This can be a device file, a file containing random data, or the string keyboard to specify keyboard input. By default, /dev/random will be used when available, and keyboard input will be used when it is not.

-s start-time

Specify the date and time the records become valid. The end-time may be specified in yyyymmddhhmmss notation, or given as +n seconds from the current time. The default is the current time.


Print statistics when complete.

Linux Resources
  • Linux Online
  • The Linux FAQ
  • Linux Kernel Archives
  • Kernel Traffic

  • Sponsored by: