Man page - dnst-keygen(1)

Packages contains this manual

Package:  dnst
apt-get install dnst

Manuals in package:
• dnst-signzone(1)
• dnst-keygen(1)
• dnst-notify(1)
• dnst-keyset(1)
• dnst-update(1)
• ldns-update(1)
• dnst-key2ds(1)
• ldns-key2ds(1)
• dnst-nsec3-hash(1)
• dnst(1)
• ldns-keygen(1)
• ldns-nsec3-hash(1)
• ldns-notify(1)
• ldns-signzone(1)
Documentations in package:
• dnst

Manual

DNST-KEYGEN

NAME
SYNOPSIS
DESCRIPTION
ARGUMENTS
OPTIONS
AUTHOR
COPYRIGHT

---

NAME

dnst-keygen - Generate a new key pair for a domain name

SYNOPSIS

dnst keygen [OPTIONS] -a <ALGORITHM> <DOMAIN NAME>

DESCRIPTION

dnst keygen generates a new key pair for a given domain name.

The following files will be created:

	•		K<name>+<alg>+<tag>.key : The public key file containing a DNSKEY RR in zone file format.
	•		K<name>+<alg>+<tag>.private : The private key file containing the private key data fields in BIND's Private-key-format .
	•		K<name>+<alg>+<tag>.ds : The public key digest file containing the DS RR in zone file format. It is only created for key signing keys.

<name> is the fully-qualified owner name for the key (with a trailing dot).
<alg> is the algorithm number of the key, zero-padded to 3 digits.
<tag> is the 16-bit tag of the key, zero-padded to 5 digits.

Upon completion, K<name>+<alg>+<tag> will be printed.

ARGUMENTS

<DOMAIN NAME>

The owner name of the apex of the zone which the generated key is intended to sign.

OPTIONS

-a <NUMBER OR MNEMONIC>

Use the given signing algorithm. Mandatory.

Possible values are:

-k

Generate a key signing key (KSK) instead of a zone signing key (ZSK).

-b <BITS>

The length of the key (for RSA keys only). Defaults to 2048.

-r <DEVICE>

The randomness source to use for generation. Defaults to /dev/urandom .

	-s		Create symlinks .key and .private to the generated keys.
	-f		Overwrite existing symlinks (for use with -s ).

-h, --help

Print the help text (short summary with -h , long help with --help ).

AUTHOR

NLnet Labs

COPYRIGHT

2024–2026, NLnet Labs

---