NAME
dnssec-verify - DNSSEC zone verification tool
SYNOPSIS
dnssec-verify [-c class] [-E engine] [-I input-format] [-o origin] [-v level] [-x] [-z] {zonefile}
DESCRIPTION
dnssec-verify verifies that a zone is fully signed for each algorithm found in the DNSKEY RRset for the zone, and that the NSEC / NSEC3 chains are complete.
Options: (default value in parenthesis)
-v debuglevel (0)
-o origin:
zone origin (name of zonefile)
-I format:
file format of input zonefile (text)
-c class (IN)
-E engine:
name of an OpenSSL engine to use
-x: DNSKEY record signed with KSKs only, not ZSKs
-z: All records signed with KSKs |