opendkim-genzone(8) System Manager's Manual opendkim-genzone(8)
NAME
opendkim-genzone - DKIM public key zone file generation tool
SYNOPSIS
opendkim-genzone [-C address] [-d domain] [-D] [-M] [-E secs] [-F] [-N
ns[,...]] [-o file] [-r secs] [-R secs] [-s] [-S] [-t secs] [-T secs]
[-u] [-v] [-x conffile] [dataset]
DESCRIPTION
opendkim-genzone generates a file suitable for use with named(8) to
publish a set of public keys.
The dataset parameter should specify a set of data as described in the
opendkim(8) man page. It can currently refer to flat files, Sleepycat
databases, comma-separated lists, LDAP directories or SQL databases.
The dataset may be omitted if a configuration file (via the -x command
line flag) is specified referring to a configuration file that sets a
KeyTable parameter, in which case that value will be used.
The database contents should be formatted as described for the KeyTable
parameter, described in the opendkim.conf(5) man page.
OPTIONS
-C contact
Uses contact as the contact information to be used when an SOA
record is generated (see -S below). If not specified, the
userid of the executing user and the local hostname will be
used; if the executing user can't be determined, "hostmaster"
will be used.
-d domain
Restricts output to those records for which the domain field is
the specified domain.
-D Adds a "._domainkey" suffix to selector names in the zone file.
-M Restricts the keys for use in e-mail signing only. The default
is to allow the keys to be used for any service.
-E secs
When generating an SOA record (see -S below), use secs as the
default record expiration time. The default is 604800.
-F Adds a "._domainkey" suffix and the domainname to selector names
in the zone file.
-N nslist
Specifies a comma-separated list of nameservers, which will be
output in NS records before the TXT records. The first name-
server in this list will also be used in the SOA record (if -S
is also specified) as the authority hostname.
-o file
Sends output to the named file rather than standard output.
-r secs
When generating an SOA record (see -S below), use secs as the
zone refresh time. The default is 10800.
-R secs
When generating an SOA record (see -S below), use secs as the
zone retry time. The default is 1800.
-s Extends the logic of "-d" to include subdomains.
-S Asks for an SOA record to be generated at the top of the output.
The content of this output can be controlled using the -E, -r,
-R, -T options. The serial number will be generated based on
the current time of day.
-t ttl Puts a TTL (time-to-live) value of ttl on all records output.
The units are in seconds.
-T secs
When generating an SOA record (see -S below), use secs as the
default record TTL time. The default is 86400.
-u Produce output suitable for use as input to nsupdate(8).
-v Increases the verbosity of debugging output written to standard
error.
-x conffile
Names an opendkim.conf(5) file to be read for LDAP-specific pa-
rameters when an LDAP dataset is given on the command line. Not
required for other dataset types. The default is /etc/opend-
kim.conf.
VERSION
This man page covers the version of opendkim-genzone that shipped with
version 2.11.0 of OpenDKIM.
COPYRIGHT
Copyright (c) 2010, 2012, 2014, 2015, The Trusted Domain Project. All
rights reserved.
SEE ALSO
nsupdate(8), opendkim(8), opendkim.conf(5)
The Trusted Domain Project opendkim-genzone(8)
Generated by dwww version 1.14 on Sun Apr 20 11:05:49 CEST 2025.