Scroll to navigation

opendkim-atpszone(8) System Manager's Manual opendkim-atpszone(8)


opendkim-atpszone - DKIM ATPS zone file generation tool


opendkim-atpszone [-A] [-C address] [-E secs] [-h hash] [-N ns[,...]] [-o file] [-r secs] [-R secs] [-S] [-t secs] [-T secs] [-u domain] [-v] [dataset]


opendkim-atpszone generates a file suitable for use with named(8) to publish a set of domains authorized as third-party signers for a local domain.

The dataset parameter should specify a set of data as described in the opendkim(8) man page. It can currently refer to flat files, Sleepycat databases, comma-separated lists, LDAP directories or SQL databases. The keys in the named database are assumed to comprise a set of domains that are to be advertised using the experimental Authorized Third-Party Signers protocol as permitted to sign mail using DKIM on behalf of the local domain. Values in the database are not used.


Adds a "._atps" suffix to records in the zone file.
Uses contact as the contact information to be used when an SOA record is generated (see -S below). If not specified, the userid of the executing user and the local hostname will be used; if the executing user can't be determined, "hostmaster" will be used.
When generating an SOA record (see -S below), use secs as the default record expiration time. The default is 604800.
Specifies which SHA hash algorithm to use. Must be one of "none", "sha1" and "sha256", with "sha256" being the default if it is available.
Specifies a comma-separated list of nameservers, which will be output in NS records before the TXT records. The first nameserver in this list will also be used in the SOA record (if -S is also specified) as the authority hostname.
Sends output to the named file rather than standard output.
When generating an SOA record (see -S below), use secs as the zone refresh time. The default is 10800.
When generating an SOA record (see -S below), use secs as the zone retry time. The default is 1800.
Asks for an SOA record to be generated at the top of the output. The content of this output can be controlled using the -E, -r, -R, -T options. The serial number will be generated based on the current time of day.
Puts a TTL (time-to-live) value of ttl on all records output. The units are in seconds.
When generating an SOA record (see -S below), use secs as the default record TTL time. The default is 86400.
Produce output suitable for use as input to nsupdate(8) to add ATPS records to the named domain.
Increases the verbosity of debugging output written to standard error.


This man page covers the version of opendkim-atpszone that shipped with version 2.11.0 of OpenDKIM.


Copyright (c) 2011, 2012, The Trusted Domain Project. All rights reserved.


nsupdate(8), opendkim(8), opendkim.conf(5)

The Trusted Domain Project