how to generate keys

[Cricket Liu]

>     I am reading page 310 DNS and Bind.
> 
> I typed in the command:
> 
> dnskeygen -a HMAC-MD5 -b 128 -n HOST ns3-ns2.mydomain.com.
> 
> and it comes back with this:
> 
> No key generated
> Usage:dnskeygen: No key name specified -n <name>
> Usage:dnskeygen -{DHR} <size> [-F] -{zhu} [-ac]  [-p <no>] [-s 
> <no>] -n name
>         -D generate DSA/DSS KEY: size must be one of following:
>                  512, 576, 640, 704, 768, 832, 896, 960, 1024,
>         -H generate HMAC-MD5 KEY: size in the range [1..512]:
>         -R generate RSA KEY: size in the range [512..4096]
>         -F RSA KEYS only: use large exponent
>         -z Zone key
>         -h Host/Entity key
>         -u User key
>         -a Key CANNOT be used for authentication
>         -c Key CANNOT be used for encryption
>         -p Set protocol field to <no>
>                  default: 2 (email) for Host keys, 3 (dnssec) for 
> all others
>         -s Strength value this key signs DNS records with
>                  default: 1 for Zone keys, 0 for all others
>         -n name: the owner of the key
> 
> Reading page 310, looks like I need the lines:
> 
> key terminator-wormhole.movie.edu. {
>     algorithm hmac-md5;
>     secret ".........==";
> };

Notice that the example on p. 311 is for dnssec-keygen, and you're
running dnskeygen.

cricket

Men & Mice
DNS Software & Services
www.menandmice.com

Attend our next DNS and BIND class!  See
http://www.menandmice.com/8000/8000_dns_training.html
for the schedule and to register for upcoming classes