-1
Use SHA-1 as the digest algorithm (the default is to use both SHA-1 and SHA-256).
-2
Use SHA-256 as the digest algorithm.
-a algorithm
Select the digest algorithm. The value of algorithm must be one of SHA-1 (SHA1) or SHA-256 (SHA256). These values are case insensitive.
-K directory
Look for key files (or, in keyset mode, keyset- files) in directory.
-f file
Zone file mode: in place of the keyfile name, the argument is the DNS domain name of a zone master file, which can be read from file. If the zone name is the same as file, then it may be omitted.
-A
Include ZSK's when generating DS records. Without this option, only keys which have the KSK flag set will be converted to DS records and printed. Useful only in zone file mode.
-l domain
Generate a DLV set instead of a DS set. The specified domain is appended to the name for each record in the set. The DNSSEC Lookaside Validation (DLV) RR is described in RFC 4431.
-s
Keyset mode: in place of the keyfile name, the argument is the DNS domain name of a keyset file.
-c class
Specifies the DNS class (default is IN). Useful only in keyset or zone file mode.
-v level
Sets the debugging level.