dnssec-keygen -a NSEC3RSASHA1 -b 2048 -n ZONE example.com dnssec-keygen -f KSK -a NSEC3RSASHA1 -b 4096 -n ZONE example.com for key in `ls Kexample.com*.key` do echo "\$INCLUDE $key">> example.com.zone done dnssec-signzone -3 -A -N INCREMENT -o -t dnssec-signzone -A -3 $(head -c 1000 /dev/random | sha1sum | cut -b 1-16) -N INCREMENT -o example.com -t example.com.zone TLSA $ openssl x509 -noout -fingerprint -sha256 < /path/to/your/certificate/file | tr -d : https://www.huque.com/bin/gen_tlsa