Firms Tackle Security Flaw In Web Addressing System
Alan Clegg
Alan_Clegg at isc.org
Sun Jul 13 20:34:11 UTC 2008
Bruce Esquibel wrote:
> Alan Clegg <Alan_Clegg at isc.org> wrote:
>
>> As the author of the paper, the result is YOU being able to deploy a
>> DNSSEC signed zone within 6 minutes. No, you can't learn to do it in 6
>> minutes, but once you understand the process (and it's not really
>> difficult), you can easily go from unsigned (no keys, etc) to fully
>> signed within 6 minutes per zone (and that's doing it by hand!)
>
>
> This is probably a stupid question but I do have a question about that
> paper/pdf.
>
> On page 31 of it (Sample with real names) you have this:
>
> dnssec-keygen -a rsasha1 -b 4096 -n ZONE -k KSK udp53.org
>
> which just results in:
>
> dnssec-keygen: extraneous arguments
>
> On page 16 (the walk through section) it's there as:
>
> dnssec-keygen -a rsasha1 -b 4096 -n ZONE -f KSK zonename
>
>
> I'm assuming the "-k" is wrong and the "-f" is correct?
Yes, it's FLAGS. "oops"
Thanks for that catch, I'll fix it and provide credit. :)
AlanC
More information about the bind-users
mailing list