How to generate ZSK key with one year valid
Ed Daniel
esdaniel at esdaniel.com
Fri Nov 13 14:39:29 UTC 2020
On 13/11/2020 13:08, rams wrote:
> Hi,
> Can anyone help me how to generate ZSK key with one year validity?
> When I am trying , it is default 30 days validity but i want to make ZSK
> key validity 1 year. Is it possible in bind?
>
> Regards,
> Ramesh
Hi Ramesh,
Are you using the CLI-based tool dnssec-keygen ?
dnssec-keygen
https://linux.die.net/man/8/dnssec-keygen
Timing Options
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS. If the
argument begins with a '+' or '-', it is interpreted as an offset from
the present time. For convenience, if such an offset is followed by one
of the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi', then the offset is
computed in years (defined as 365 24-hour days, ignoring leap years),
months (defined as 30 24-hour days), weeks, days, hours, or minutes,
respectively. Without a suffix, the offset is computed in seconds.
-R date/offset
Sets the date on which the key is to be revoked. After that date, the
key will be flagged as revoked. It will be included in the zone and will
be used to sign it.
HTH,
esdaniel
More information about the bind-users
mailing list