opendkim-atpszone(8) System Manager's Manual opendkim-atpszone(8)
NAME
opendkim-atpszone - DKIM ATPS zone file generation tool
SYNOPSIS
opendkim-atpszone [-A] [-C address] [-E secs] [-h hash] [-N ns[,...]]
[-o file] [-r secs] [-R secs] [-S] [-t secs] [-T secs] [-u domain] [-v]
[dataset]
DESCRIPTION
opendkim-atpszone generates a file suitable for use with named(8) to
publish a set of domains authorized as third-party signers for a local
domain.
The dataset parameter should specify a set of data as described in the
opendkim(8) man page. It can currently refer to flat files, Sleepycat
databases, comma-separated lists, LDAP directories or SQL databases.
The keys in the named database are assumed to comprise a set of domains
that are to be advertised using the experimental Authorized Third-Party
Signers protocol as permitted to sign mail using DKIM on behalf of the
local domain. Values in the database are not used.
OPTIONS
-A Adds a "._atps" suffix to records in the zone file.
-C contact
Uses contact as the contact information to be used when an SOA
record is generated (see -S below). If not specified, the
userid of the executing user and the local hostname will be
used; if the executing user can't be determined, "hostmaster"
will be used.
-E secs
When generating an SOA record (see -S below), use secs as the
default record expiration time. The default is 604800.
-h hash
Specifies which SHA hash algorithm to use. Must be one of
"none", "sha1" and "sha256", with "sha256" being the default if
it is available.
-N nslist
Specifies a comma-separated list of nameservers, which will be
output in NS records before the TXT records. The first name-
server in this list will also be used in the SOA record (if -S
is also specified) as the authority hostname.
-o file
Sends output to the named file rather than standard output.
-r secs
When generating an SOA record (see -S below), use secs as the
zone refresh time. The default is 10800.
-R secs
When generating an SOA record (see -S below), use secs as the
zone retry time. The default is 1800.
-S Asks for an SOA record to be generated at the top of the output.
The content of this output can be controlled using the -E, -r,
-R, -T options. The serial number will be generated based on
the current time of day.
-t ttl Puts a TTL (time-to-live) value of ttl on all records output.
The units are in seconds.
-T secs
When generating an SOA record (see -S below), use secs as the
default record TTL time. The default is 86400.
-u domain
Produce output suitable for use as input to nsupdate(8) to add
ATPS records to the named domain.
-v Increases the verbosity of debugging output written to standard
error.
VERSION
This man page covers the version of opendkim-atpszone that shipped with
version 2.11.0 of OpenDKIM.
COPYRIGHT
Copyright (c) 2011, 2012, The Trusted Domain Project. All rights re-
served.
SEE ALSO
nsupdate(8), opendkim(8), opendkim.conf(5)
The Trusted Domain Project opendkim-atpszone(8)
Generated by dwww version 1.14 on Sat Jun 13 12:10:52 CEST 2026.