Skip to end of metadata
Go to start of metadata

Start OpenDNSSEC for the first time

Also see: Running OpenDNSSEC

Pre-generate keys

OpenDNSSEC will generate keys as needed, however if you wish to pre-generate a pool of keys for use later use the following command:

> ods-ksmutil key generate --policy my_policy --interval P6M

Also see: Key Management

Backup keys

Also see: Key Management

Publish a DS

Manual export

Also see: Running OpenDNSSEC and Key Management

Automatic export

Also see: conf.xml

Add a zone

Using ksmutil

By importing zonelist.xml

Also see: Zone Management

Manually update a zone file and re-sign

Also see: Zone Management

Automatically reload a signed zone file to a nameserver

Configure the <NotifyCommand> option in the conf.xml file, for example:

<NotifyCommand>rndc reload %zone</NotifyCommand>

Migrate a zone to OpenDNSSEC

See: Migrating to OpenDNSSEC


The kasp database can be backed up with the following command:

ods-ksmutil database backup [--output <output>] 
  • No labels