Breadcrumbs

Sign and verify zone files with RSA Keys

  1. Use dnssec-signzone command to perform zone signing.

›_ Console 

# dnssec-signzone -E pkcs11 -S -o example.net /var/named/example.net
tmp9hrwljmu.jpg

Zone signing for RSA key

This generates the example.net.signed file.

  1. Verify the signed zone file.

›_ Console 

# dnssec-verify -E pkcs11 -z -o example.net /var/named/example.net.signed Kexample.net.+008+06500.key Kexample.net.+008+44509.key
tmpgrbi9yh3.jpg

Zone verification for RSA Key

Where Kexample.net.+008+06500.key is key file generated for ksk key and Kexample.net.+008+44509.key is key file generated for zsk key.