PhoenixDKIM


This page documents PhoenixDKIM, a maintained fork of OpenDKIM. Options may differ from the original.

NAME

opendkim-genzone - DKIM public key DNS zone file generation tool

SYNOPSIS

opendkim-genzone [-C address] [-d domain] [-D] [-E secs] [-f] [-F] [-o file] [-r] [-s] [-S] [-t secs] [-T secs] [-u] [-v] [--version] [-z] dataset

DESCRIPTION

opendkim-genzone reads a DKIM key table dataset (typically the file referenced by the KeyTable configuration option in opendkim.conf(5)) and generates a DNS zone file fragment or nsupdate(8) input containing the corresponding public key TXT records.

The dataset argument specifies the key table to read. It uses the same format as the KeyTable option in opendkim.conf(5).

OPTIONS

-C address

Contact address to include in SOA record. Only used with -z.

-d domain

Only include records for the named domain.

-D

Include a DKIM flag indicating subdomain signing is not permitted.

-E secs

Sets the expire time in the SOA record. Only used with -z. The default is 604800 (one week).

-f

Force output even if a key cannot be found or loaded.

-F

Add a DKIM flag indicating this is a test key.

-o file

Send output to the named file rather than standard output.

-r

Restrict the key to e-mail signing use only (adds s=email to the key record).

-s

Extends the logic of -d to also match subdomains of the specified domain.

-S

Don’t generate SOA or NS records when using -z.

-t secs

Specify a TTL for generated records. Default is 300.

-T secs

Sets the TTL in the SOA record. Only used with -z. The default is 3600.

-u

Generate nsupdate(8) compatible output rather than a zone fragment.

-v

Increase verbose output.

--version

Print version number and exit.

-z

Include SOA and NS records in the output.

VERSION

This man page covers the version of opendkim-genzone that shipped with version 3.0.0 of OpenDKIM.

COPYRIGHT

Copyright (c) 2007, 2008, Sendmail, Inc. and its suppliers.
Copyright (c) 2009-2015, The Trusted Domain Project.
Copyright (c) 2026, PhoenixDKIM contributors.
All rights reserved.

SEE ALSO

opendkim(8), opendkim.conf(5), opendkim-genkey(8), nsupdate(8)

RFC 6376 - DomainKeys Identified Mail

RFC 8463 - A New Cryptographic Signature Method for DomainKeys Identified Mail (Ed25519)


This document was created from the manual pages using groff.
Time: Fri May 29 17:43:59 2026