Firms Tackle Security Flaw In Web Addressing System
Bruce Esquibel
bje at e4500.ripco.com
Sun Jul 13 13:50:15 UTC 2008
Alan Clegg <Alan_Clegg at isc.org> wrote:
> As the author of the paper, the result is YOU being able to deploy a
> DNSSEC signed zone within 6 minutes. No, you can't learn to do it in 6
> minutes, but once you understand the process (and it's not really
> difficult), you can easily go from unsigned (no keys, etc) to fully
> signed within 6 minutes per zone (and that's doing it by hand!)
This is probably a stupid question but I do have a question about that
paper/pdf.
On page 31 of it (Sample with real names) you have this:
dnssec-keygen -a rsasha1 -b 4096 -n ZONE -k KSK udp53.org
which just results in:
dnssec-keygen: extraneous arguments
On page 16 (the walk through section) it's there as:
dnssec-keygen -a rsasha1 -b 4096 -n ZONE -f KSK zonename
I'm assuming the "-k" is wrong and the "-f" is correct?
-bruce
bje at ripco.com
More information about the bind-users
mailing list