opendkim-genzone - DKIM public key zone file generation
tool
opendkim-genzone [-C address] [-d domain] [-D] [-M] [-E
secs] [-F] [-N ns[,...]] [-o file] [-r secs] [-R secs] [-s] [-S] [-t secs]
[-T secs] [-u] [-v] [-x conffile] [dataset]
opendkim-genzone generates a file suitable for use with
named(8) to publish a set of public keys.
The dataset parameter should specify a set of data as
described in the opendkim(8) man page. It can currently refer to flat
files, Sleepycat databases, comma-separated lists, LDAP directories or SQL
databases. The dataset may be omitted if a configuration file (via
the -x command line flag) is specified referring to a configuration
file that sets a KeyTable parameter, in which case that value will be
used.
The database contents should be formatted as described for the
KeyTable parameter, described in the opendkim.conf(5) man
page.
- -C contact
- Uses contact as the contact information to be used when an SOA
record is generated (see -S below). If not specified, the userid of
the executing user and the local hostname will be used; if the executing
user can't be determined, "hostmaster" will be used.
- -d domain
- Restricts output to those records for which the domain field is the
specified domain.
- -D
- Adds a "._domainkey" suffix to selector names in the zone
file.
- -M
- Restricts the keys for use in e-mail signing only. The default is to allow
the keys to be used for any service.
- -E secs
- When generating an SOA record (see -S below), use secs as
the default record expiration time. The default is 604800.
- -F
- Adds a "._domainkey" suffix and the domainname to selector names
in the zone file.
- -N nslist
- Specifies a comma-separated list of nameservers, which will be output in
NS records before the TXT records. The first nameserver in this list will
also be used in the SOA record (if -S is also specified) as the
authority hostname.
- -o file
- Sends output to the named file rather than standard output.
- -r secs
- When generating an SOA record (see -S below), use secs as
the zone refresh time. The default is 10800.
- -R secs
- When generating an SOA record (see -S below), use secs as
the zone retry time. The default is 1800.
- -s
- Extends the logic of "-d" to include subdomains.
- -S
- Asks for an SOA record to be generated at the top of the output. The
content of this output can be controlled using the -E, -r,
-R, -T options. The serial number will be generated based on
the current time of day.
- -t ttl
- Puts a TTL (time-to-live) value of ttl on all records output. The
units are in seconds.
- -T secs
- When generating an SOA record (see -S below), use secs as
the default record TTL time. The default is 86400.
- -u
- Produce output suitable for use as input to nsupdate(8).
- -v
- Increases the verbosity of debugging output written to standard
error.
- -x conffile
- Names an opendkim.conf(5) file to be read for LDAP-specific
parameters when an LDAP dataset is given on the command line. Not required
for other dataset types. The default is /etc/opendkim.conf.
This man page covers the version of opendkim-genzone that
shipped with version 2.11.0 of OpenDKIM.
Copyright (c) 2010, 2012, 2014, 2015, The Trusted Domain Project.
All rights reserved.