dnssec-keygen: invalid argument -- Usage: dnssec-keygen [options] name Version: 9.10.3-P4-Ubuntu name: owner of the key Options: -K <directory>: write keys into directory -a <algorithm>: RSA | RSAMD5 | DSA | RSASHA1 | NSEC3RSASHA1 | NSEC3DSA | RSASHA256 | RSASHA512 | ECCGOST | ECDSAP256SHA256 | ECDSAP384SHA384 | DH | HMAC-MD5 | HMAC-SHA1 | HMAC-SHA224 | HMAC-SHA256 | HMAC-SHA384 | HMAC-SHA512 (default: RSASHA1, or NSEC3RSASHA1 if using -3) -3: use NSEC3-capable algorithm -b <key size in bits>: RSAMD5: [512..4096] RSASHA1: [512..4096] NSEC3RSASHA1: [512..4096] RSASHA256: [512..4096] RSASHA512: [1024..4096] DH: [128..4096] DSA: [512..1024] and divisible by 64 NSEC3DSA: [512..1024] and divisible by 64 ECCGOST: ignored ECDSAP256SHA256: ignored ECDSAP384SHA384: ignored HMAC-MD5: [1..512] HMAC-SHA1: [1..160] HMAC-SHA224: [1..224] HMAC-SHA256: [1..256] HMAC-SHA384: [1..384] HMAC-SHA512: [1..512] (if using the default algorithm, key size defaults to 2048 for KSK, or 1024 for all others) -n <nametype>: ZONE | HOST | ENTITY | USER | OTHER (DNSKEY generation defaults to ZONE) -c <class>: (default: IN) -d <digest bits> (0 => max, default) -E <engine>: name of an OpenSSL engine to use -f <keyflag>: KSK | REVOKE -g <generator>: use specified generator (DH only) -L <ttl>: default key TTL -p <protocol>: (default: 3 [dnssec]) -r <randomdev>: a file containing random data -s <strength>: strength value this key signs DNS records with (default: 0) -T <rrtype>: DNSKEY | KEY (default: DNSKEY; use KEY for SIG(0)) -t <type>: AUTHCONF | NOAUTHCONF | NOAUTH | NOCONF (default: AUTHCONF) -h: print usage and exit -m <memory debugging mode>: usage | trace | record | size | mctx -v <level>: set verbosity level (0 - 10) -V: print version information Timing options: -P date/[+-]offset/none: set key publication date (default: now) -A date/[+-]offset/none: set key activation date (default: now) -R date/[+-]offset/none: set key revocation date -I date/[+-]offset/none: set key inactivation date -D date/[+-]offset/none: set key deletion date -G: generate key only; do not set -P or -A -C: generate a backward-compatible key, omitting all dates -S <key>: generate a successor to an existing key -i <interval>: prepublication interval for successor key (default: 30 days) Output: K<name>+<alg>+<id>.key, K<name>+<alg>+<id>.private

dnssec-keygen: invalid argument -- Usage: dnssec-keygen [options] name Version: 9.10.3-P4-Ubuntu name: owner of the key Options: -K <directory>: write keys into directory -a <algorithm>: RSA | RSAMD5 | DSA | RSASHA1 | NSEC3RSASHA1 | NSEC3DSA | RSASHA256 | RSASHA512 | ECCGOST | ECDSAP256SHA256 | ECDSAP384SHA384 | DH | HMAC-MD5 | HMAC-SHA1 | HMAC-SHA224 | HMAC-SHA256 | HMAC-SHA384 | HMAC-SHA512 (default: RSASHA1, or NSEC3RSASHA1 if using -3) -3: use NSEC3-capable algorithm -b <key size in bits>: RSAMD5: [512..4096] RSASHA1: [512..4096] NSEC3RSASHA1: [512..4096] RSASHA256: [512..4096] RSASHA512: [1024..4096] DH: [128..4096] DSA: [512..1024] and divisible by 64 NSEC3DSA: [512..1024] and divisible by 64 ECCGOST: ignored ECDSAP256SHA256: ignored ECDSAP384SHA384: ignored HMAC-MD5: [1..512] HMAC-SHA1: [1..160] HMAC-SHA224: [1..224] HMAC-SHA256: [1..256] HMAC-SHA384: [1..384] HMAC-SHA512: [1..512] (if using the default algorithm, key size defaults to 2048 for KSK, or 1024 for all others) -n <nametype>: ZONE | HOST | ENTITY | USER | OTHER (DNSKEY generation defaults to ZONE) -c <class>: (default: IN) -d <digest bits> (0 => max, default) -E <engine>: name of an OpenSSL engine to use -f <keyflag>: KSK | REVOKE -g <generator>: use specified generator (DH only) -L <ttl>: default key TTL -p <protocol>: (default: 3 [dnssec]) -r <randomdev>: a file containing random data -s <strength>: strength value this key signs DNS records with (default: 0) -T <rrtype>: DNSKEY | KEY (default: DNSKEY; use KEY for SIG(0)) -t <type>: AUTHCONF | NOAUTHCONF | NOAUTH | NOCONF (default: AUTHCONF) -h: print usage and exit -m <memory debugging mode>: usage | trace | record | size | mctx -v <level>: set verbosity level (0 - 10) -V: print version information Timing options: -P date/[+-]offset/none: set key publication date (default: now) -A date/[+-]offset/none: set key activation date (default: now) -R date/[+-]offset/none: set key revocation date -I date/[+-]offset/none: set key inactivation date -D date/[+-]offset/none: set key deletion date -G: generate key only; do not set -P or -A -C: generate a backward-compatible key, omitting all dates -S <key>: generate a successor to an existing key -i <interval>: prepublication interval for successor key (default: 30 days) Output: K<name>+<alg>+<id>.key, K<name>+<alg>+<id>.private