# zonesigner -genkeys -gends -zone zone-name zone-file
output-file [ENTER]
Key generation and signing may take a few minutes to complete depending on the size of the zone file and size of the keys. This operation may appear to be unresponsive for a period of time, depending on the operating system's random number generator device. (See Chapter 2, Configure DNSSEC-Tools for more information on random number generators and DNSSEC-Tools.)
The output is a set of files outlined below.
Table 3.1. zonesigner Output Files
| File | Description |
|---|---|
output-file.signed | The signed zone file. The .signed is added by zonesigner. |
keyset-zone-name | The keyset for the zone. This is stored in the directory specified by the configuration file and may have to be sent to the parent zone - see Chapter 7, Creating a Signed Delegation - Child Zone Activity. |
dsset-zone-name | The dsset for the zone. This is stored in the directory specified by the configuration file and may have to be sent to the parent zone - see Chapter 7, Creating a Signed Delegation - Child Zone Activity. |
| zone-name.krf | The keyrec file. This is used by zonesigner to maintain information about the keys used for the zone. |
Kzone-name.+algid+keytag.private | The private key file. This is stored in the
directory specified by the configuration file. The
keytag is a unique identifier for
this key. The algid is the
numeric authentication algorithm identifier. |
Kzone-name.+algid+keytag.key | The public key file. This is stored in the
directory specified by the configuration file. The
keytag is a unique identifier for
this key. The algid is the
numeric authentication algorithm identifier. |
See the zonesigner man page for more information about the zonesigner command and its options.