how to generate keys
Mark_Andrews at isc.org
Mark_Andrews at isc.org
Wed Dec 19 20:39:54 UTC 2001
> Hi,
> I am reading page 310 DNS and Bind.
>
> I typed in the command:
>
> dnskeygen -a HMAC-MD5 -b 128 -n HOST ns3-ns2.mydomain.com.
>
dnssec-keygen (BIND9) != dnskeygen (BIND8)
Mark
> and it comes back with this:
>
> No key generated
> Usage:dnskeygen: No key name specified -n <name>
> Usage:dnskeygen -{DHR} <size> [-F] -{zhu} [-ac] [-p <no>] [-s <no>] -n name
> -D generate DSA/DSS KEY: size must be one of following:
> 512, 576, 640, 704, 768, 832, 896, 960, 1024,
> -H generate HMAC-MD5 KEY: size in the range [1..512]:
> -R generate RSA KEY: size in the range [512..4096]
> -F RSA KEYS only: use large exponent
> -z Zone key
> -h Host/Entity key
> -u User key
> -a Key CANNOT be used for authentication
> -c Key CANNOT be used for encryption
> -p Set protocol field to <no>
> default: 2 (email) for Host keys, 3 (dnssec) for all others
> -s Strength value this key signs DNS records with
> default: 1 for Zone keys, 0 for all others
> -n name: the owner of the key
>
> Reading page 310, looks like I need the lines:
>
> key terminator-wormhole.movie.edu. {
> algorithm hmac-md5;
> secret ".........==";
> };
>
> thanks
>
> "Cricket Liu" <cricket at menandmice.com> wrote in message
> news:9vp40r$dpc at pub3.rc.vix.com...
> >
> > > how do I generate the secret key before I run the command dnskeygen?
> >
> > dnskeygen is a program for generating keys, as the name should
> > suggest. Why would you need to generate the secret key
> > *before* running dnskeygen?
> >
> > cricket
> >
> > Men & Mice
> > DNS Software, Training and Consulting
> > www.menandmice.com
> >
> > Attend our next DNS and BIND class! See
> > http://www.menandmice.com/8000/8000_dns_training.html
> > for the schedule and to register for upcoming classes
> >
> >
>
>
>
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at isc.org
More information about the bind-users
mailing list