Updated: May 06, 2022

DNSSEC zone-signing tool


dnssec-signzone [options...] {zonefile} [key...]

Runs on:

QNX Neutrino


The dnssec-signzone utility signs a zone. It is part of BIND DNS server software. It generates NSEC and RRSIG records and produces a signed version of the zone. The security status of delegations from the signed zone (that is, whether the child zones are secure or not) is determined by the presence or absence of a keyset file for each child zone.

This program uses the OpenSSL library for cryptography services.

For more information, use the -V option to check the current version first, and then find the corresponding BIND Administrator Reference Manual at: https://kb.isc.org/docs/aa-01493