The zonesigner tool simplifies the maintenance of a signed zone. It automates many of the routine tasks required for signing a zone. Given this, an operator already using BIND tools to maintain a signed zone may want to transition to zonesigner, while still retaining existing keys that are being used to sign a zone.

This section provides step-by-step instructions to transition from using BIND tools for maintaining a signed zone to using zonesigner. In the examples given below, the zone example.com is currently signed, signed zone file is maintained using dnssec-signzone command from BIND 9.3.1, and the following files are present: