how to generate keys
Cricket Liu
cricket at menandmice.com
Wed Dec 19 20:39:20 UTC 2001
> I am reading page 310 DNS and Bind.
>
> I typed in the command:
>
> dnskeygen -a HMAC-MD5 -b 128 -n HOST ns3-ns2.mydomain.com.
>
> and it comes back with this:
>
> No key generated
> Usage:dnskeygen: No key name specified -n <name>
> Usage:dnskeygen -{DHR} <size> [-F] -{zhu} [-ac] [-p <no>] [-s
> <no>] -n name
> -D generate DSA/DSS KEY: size must be one of following:
> 512, 576, 640, 704, 768, 832, 896, 960, 1024,
> -H generate HMAC-MD5 KEY: size in the range [1..512]:
> -R generate RSA KEY: size in the range [512..4096]
> -F RSA KEYS only: use large exponent
> -z Zone key
> -h Host/Entity key
> -u User key
> -a Key CANNOT be used for authentication
> -c Key CANNOT be used for encryption
> -p Set protocol field to <no>
> default: 2 (email) for Host keys, 3 (dnssec) for
> all others
> -s Strength value this key signs DNS records with
> default: 1 for Zone keys, 0 for all others
> -n name: the owner of the key
>
> Reading page 310, looks like I need the lines:
>
> key terminator-wormhole.movie.edu. {
> algorithm hmac-md5;
> secret ".........==";
> };
Notice that the example on p. 311 is for dnssec-keygen, and you're
running dnskeygen.
cricket
Men & Mice
DNS Software & Services
www.menandmice.com
Attend our next DNS and BIND class! See
http://www.menandmice.com/8000/8000_dns_training.html
for the schedule and to register for upcoming classes
More information about the bind-users
mailing list