This page documents PhoenixDKIM, a maintained fork of OpenDKIM. Options may differ from the original.
NAME
opendkim-genzone - DKIM public key DNS zone file generation toolSYNOPSIS
opendkim-genzone [-C address] [-d domain] [-D] [-E secs] [-f] [-F] [-o file] [-r] [-S] [-t secs] [-T secs] [-u] [-v] [--version] [-z] datasetDESCRIPTION
opendkim-genzone reads a DKIM key table dataset (typically the file referenced by the KeyTable configuration option in the corresponding public key TXT records.The dataset argument specifies the key table to read. It uses the same format as the KeyTable option in
OPTIONS
- -C address
- Contact address to include in SOA record. Only used with -z.
- -d domain
- Only include records for the named domain.
- -D
- Include a DKIM flag indicating subdomain signing is not permitted.
- -E secs
- Sets the expire time in the SOA record. Only used with -z. The default is 604800 (one week).
- -f
- Force output even if a key cannot be found or loaded.
- -F
- Add a DKIM flag indicating this is a test key.
- -o file
- Send output to the named file rather than standard output.
- -r
- Restrict the key to e-mail signing use only (adds s=email to the key record).
- -S
- Don't generate SOA or NS records when using -z.
- -t secs
- Specify a TTL for generated records. Default is 300.
- -T secs
- Sets the TTL in the SOA record. Only used with -z. The default is 3600.
- -u
- -v
- Increase verbose output.
- --version
- Print version number and exit.
- -z
- Include SOA and NS records in the output.
VERSION
This man page covers the version of opendkim-genzone that shipped with version 3.0 of OpenDKIM.COPYRIGHT
Copyright (c) 2007, 2008, Sendmail, Inc. and its suppliers.Copyright (c) 2009-2015, The Trusted Domain Project.
Copyright (c) 2026, PhoenixDKIM contributors.
All rights reserved.
SEE ALSO
RFC 6376 - DomainKeys Identified Mail
RFC 8463 - A New Cryptographic Signature Method for DomainKeys Identified Mail (Ed25519)
This document was created by using the manual pages.
Time: 10:39:48 GMT, May 22, 2026