Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
DNSSEC-IMPORTKEY(8)		    BIND 9		   DNSSEC-IMPORTKEY(8)

NAME
       dnssec-importkey	 - import DNSKEY records from external systems so they
       can be managed

SYNOPSIS
       dnssec-importkey	[-K directory] [-L  ttl]  [-P  date/offset]  [-P  sync
       date/offset]  [-D  date/offset]	[-D  sync date/offset] [-h] [-v	level]
       [-V] {keyfile}

       dnssec-importkey	{-f filename} [-K directory] [-L ttl] [-P date/offset]
       [-P  sync  date/offset] [-D date/offset]	[-D sync date/offset] [-h] [-v
       level] [-V] [dnsname]

DESCRIPTION
       dnssec-importkey	reads a	public DNSKEY record and generates a  pair  of
       .key/.private  files.  The  DNSKEY  record may be read from an existing
       .key file, in which case	a corresponding	.private file is generated, or
       it may be read from any other file or from the standard input, in which
       case both .key and .private files are generated.

       The newly created .private file does not	contain	private	key data,  and
       cannot  be  used	 for signing. However, having a	.private file makes it
       possible	to set publication (-P)	and deletion (-D) times	for  the  key,
       which  means the	public key can be added	to and removed from the	DNSKEY
       RRset on	schedule even if the true private key is stored	offline.

OPTIONS
       -f filename
	      This option indicates the	zone file mode.	Instead	 of  a	public
	      keyfile name, the	argument is the	DNS domain name	of a zone mas-
	      ter file,	which can be read from filename. If the	domain name is
	      the same as filename, then it may	be omitted.

	      If  filename  is set to "-", then	the zone data is read from the
	      standard input.

       -K directory
	      This option sets the directory in	which the key files are	to re-
	      side.

       -L ttl This  option sets	the default TTL	to use for this	key when it is
	      converted	into a DNSKEY RR. This is the TTL used when the	key is
	      imported into a zone, unless there was already a DNSKEY RRset in
	      place, in	which case the existing	TTL takes precedence.  Setting
	      the default TTL to 0 or none removes it from the key.

       -h     This option emits	a usage	message	and exits.

       -v level
	      This option sets the debugging level.

       -V     This option prints version information.

TIMING OPTIONS
       Dates can be expressed in the format YYYYMMDD or	YYYYMMDDHHMMSS.	If the
       argument	begins with a +	or -, it is interpreted	as an offset from  the
       present	time. For convenience, if such an offset is followed by	one of
       the suffixes y, mo, w, d, h, or mi, then	 the  offset  is  computed  in
       years  (defined	as 365 24-hour days, ignoring leap years), months (de-
       fined as	30 24-hour days), weeks,  days,	 hours,	 or  minutes,  respec-
       tively. Without a suffix, the offset is computed	in seconds. To explic-
       itly prevent a date from	being set, use none or never.

       -P date/offset
	      This option sets the date	on which a key is to be	 published  to
	      the  zone.  After	that date, the key is included in the zone but
	      is not used to sign it.

       -P sync date/offset
	      This option sets the date	on which CDS and CDNSKEY records  that
	      match this key are to be published to the	zone.

       -D date/offset
	      This option sets the date	on which the key is to be deleted. Af-
	      ter that date, the key is	no longer included in the zone.	 (How-
	      ever, it may remain in the key repository.)

       -D sync date/offset
	      This  option  sets the date on which the CDS and CDNSKEY records
	      that match this key are to be deleted.

FILES
       A keyfile can be	designed by the	key identification Knnnn.+aaa+iiiii or
       the full	file name Knnnn.+aaa+iiiii.key,	as generated by	dnssec-keygen.

SEE ALSO
       dnssec-keygen(8),  dnssec-signzone(8),  BIND  9 Administrator Reference
       Manual, RFC 5011.

AUTHOR
       Internet	Systems	Consortium

COPYRIGHT
       2021, Internet Systems Consortium

9.16.12				  2021-02-04		   DNSSEC-IMPORTKEY(8)

NAME | SYNOPSIS | DESCRIPTION | OPTIONS | TIMING OPTIONS | FILES | SEE ALSO | AUTHOR | COPYRIGHT

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=dnssec-importkey&sektion=8&manpath=FreeBSD+13.0-RELEASE+and+Ports>

home | help