dnssec-makekeyset
dnssec-makekeyset
dnssec-makekeyset [options] key-identifiers
System administration command. Generate a domain keyset from one or more DNS Security keys generated by dnssec-keygen. Keysets can be sent to parent zone administrators to be signed with the zone key. The keyset is written to a file with the name keyset-domainname. For more information on Secure DNS
Options
Verify all generated signatures.
Specify the date and time the records will expire. The end-time may be specified in yyyymmddhhmmss notation, or as +n seconds from the start-time. The default is 30 days from start-time.
Print help message, then exit.
Use pseudo-random data to sign the zone key.
Specify the device to use as a source of randomness when creating keys. This can be a device file, a file containing random data, or the string keyboard to specify keyboard input. By default, /dev/random will be used when available, and keyboard input will be used when it is not.
Specify the date and time the records become valid. The end-time may be specified in yyyymmddhhmmss notation, or as +n seconds from the current time. The default is the current time.
Specify the TTL (time to live) in seconds for the KEY and SIG records. Default is 3600 seconds.