dnssec-keygen: a key with algorithm 'HMAC-MD5' cannot be a zone key
blrmaani
blrmaani at gmail.com
Fri May 9 23:02:57 UTC 2008
I used to successfully generate keys when I have BIND 9.2 installed on
my host using the following
commandline
# dnssec-keygen -a HMAC-MD5 -b 128 -n ZONE mykey-otherkey
I upgraded my host to with BIND 9.3 and used the same command line
above to get the following
error:
# dnssec-keygen -a HMAC-MD5 -b 128 -n ZONE mykey-otherkey
dnssec-keygen: a key with algorithm 'HMAC-MD5' cannot be a zone key
What exactly changed? What is the alternative? If I use HOST instead
of ZONE what impact will it
have on the generated keys?
I can't downgrade to BIND 9.2 just to make the above work. Also I
can't have BIND 9.2 and BIND 9.3 both
on my host.
All my script may require change. But please let me know the side
effect?
thanks
Blr
More information about the bind-users
mailing list