This page documents PhoenixDKIM, a maintained fork of OpenDKIM. Options may differ from the original.
NAME
opendkim-genzone - DKIM public key DNS zone file generation tool
SYNOPSIS
opendkim-genzone [-C address] [-d domain] [-D] [-E secs] [-f] [-F] [-o file] [-r] [-s] [-S] [-t secs] [-T secs] [-u] [-v] [--version] [-z] dataset
DESCRIPTION
opendkim-genzone reads a DKIM key table dataset (typically the file referenced by the KeyTable configuration option in opendkim.conf(5)) and generates a DNS zone file fragment or nsupdate(8) input containing the corresponding public key TXT records.
The dataset argument specifies the key table to read. It uses the same format as the KeyTable option in opendkim.conf(5).
OPTIONS
-C address
Contact address to include in SOA record. Only used with -z.
-d domain
Only include records for the named domain.
|
-D |
Include a DKIM flag indicating subdomain signing is not permitted. |
-E secs
Sets the expire time in the SOA record. Only used with -z. The default is 604800 (one week).
|
-f |
Force output even if a key cannot be found or loaded. |
|||
|
-F |
Add a DKIM flag indicating this is a test key. |
-o file
Send output to the named file rather than standard output.
|
-r |
Restrict the key to e-mail signing use only (adds s=email to the key record). | ||
|
-s |
Extends the logic of -d to also match subdomains of the specified domain. | ||
|
-S |
Don’t generate SOA or NS records when using -z. |
-t secs
Specify a TTL for generated records. Default is 300.
-T secs
Sets the TTL in the SOA record. Only used with -z. The default is 3600.
|
-u |
Generate nsupdate(8) compatible output rather than a zone fragment. |
|||
|
-v |
Increase verbose output. |
--version
Print version number and exit.
|
-z |
Include SOA and NS records in the output. |
VERSION
This man page covers the version of opendkim-genzone that shipped with version 3.0.0 of OpenDKIM.
COPYRIGHT
Copyright (c)
2007, 2008, Sendmail, Inc. and its suppliers.
Copyright (c) 2009-2015, The Trusted Domain Project.
Copyright (c) 2026, PhoenixDKIM contributors.
All rights reserved.
SEE ALSO
opendkim(8), opendkim.conf(5), opendkim-genkey(8), nsupdate(8)
RFC 6376 - DomainKeys Identified Mail
RFC 8463 - A New Cryptographic Signature Method for DomainKeys Identified Mail (Ed25519)
This document was created from the manual pages using groff.
Time: Fri May 29 17:43:59 2026