dnssec-key 'unknown algorithm RSASHA512'
trgapp16
trgapp16 at cdot.in
Thu Jan 11 11:58:52 UTC 2024
Hello,
Bind version - 9.18.12
-->This is the command I used for generating dnssec-keygen keys -
root at dhcpt: /etc/bind# dnssec-keygen -a ECDSAP256SHA256 -n ZONE example.com
Kexample.com.+013+43215.key
Kexample.com.+013+43215.private
root at dhcpt:/etc/bind# cat Kexample.com.+013+43215.private
Private-key-format: v1.3
Algorithm: 13 (ECDSAP256SHA256)
PrivateKey: ESkrVALONh7Rj4UZVsOy54Y2SIJiY5HYhoQdxJLuWPk=
Created: 20240111045202
Publish: 20240111045202
Activate: 20240111045202
-->With help of the private key i generated one file with name "named.conf.tsigkeys" at
/etc/bind -
root at dhcpt:/etc/bind# cat named.conf.tsigkeys
key "my-tsig" {
algorithm "ECDSAP256SHA256";
secret "ESkrVALONh7Rj4UZVsOy54Y2SIJiY5HYhoQdxJLuWPk=";
};
--> below is the error received when i restart named service
root at dhcpt:/etc/bind# named-checkconf
/etc/bind/named.conf.tsigkeys:2: unknown algorithm 'ECDSAP256SHA256'
Any help is greatly appreciated.
Regards,
Mounika
On Thu, 11 Jan 2024 15:49:18 +1100, Mark Andrews wrote
> Firstly show what you are actually doing. It it too much for you to actually
> cut-and-paste what you are doing?
>
> Secondly BIND 9.18 is at 9.18.22. Version 9.18.8 is seriously out of date.
>
> > On 11 Jan 2024, at 15:21, pvs via bind-users <bind-users at lists.isc.org> wrote:
> >
> > Hello,
> >
> > I'm using ubuntu 22.04 server on which bind 9.18.8 service is running.
> > I'm trying to generate dnssec-key by using the command "dnssec-keygen -a RSASHA512
-b 2048 -n zone example.com"
> >
> > After doing this, it is generating both public key and private key. When I generate
a file with aprivate key in /etc/bind directory, it is throwing error 'unknown
algorithm 'RSASHA512'
> > Same error is thrown when tried with other algorithms like ECDSAP256SHA256, RSASHA1,
RSASHA256 etc
> > Any help is greatly appreciated.
> >
> > --
> > Regards,
> >
> > पं. विष्णु शंकर P. Vishnu Sankar
> > टीम लीडर Team Leader-Network Operations
> > सी-डॉट C-DOT
> > इलैक्ट्रॉनिक्स सिटी फेज़ I Electronics City Phase I
> > होसूर रोड बेंगलूरु Hosur Road Bengaluru – 560100
> > फोन Ph 91 80 25119466
> > ------------------------------------------------------
> > Disclaimer :
> > This email and any files transmitted with it are confidential and intended solely
for the use of the individual or entity to whom they are addressed.
> > If you are not the intended recipient you are notified that disclosing, copying,
distributing or taking any action in reliance on the contents of this information is
strictly prohibited.
> > The sender does not accept liability for any errors or omissions in the contents of
this message, which arise as a result.
> > --
> > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this
list
> >
> > ISC funds the development of this software with paid support subscriptions. Contact
us at https://www.isc.org/contact/ for more information.
> >
> >
> > bind-users mailing list
> > bind-users at lists.isc.org
> > https://lists.isc.org/mailman/listinfo/bind-users
>
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
>
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
### Please consider the environment and print this email only if necessary . Go Green
###
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Disclaimer :
This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you are not the intended recipient you are notified that disclosing,
copying, distributing or taking any action in reliance on the contents of this
information is strictly prohibited. The sender does not accept liability
for any errors or omissions in the contents of this message, which arise as a
result.
--
Open WebMail Project (http://openwebmail.org)
More information about the bind-users
mailing list