how to generate a rndc_key??
Mark_Andrews at isc.org
Mark_Andrews at isc.org
Thu Nov 28 13:22:00 UTC 2002
> Hi,
>
> I am using BIND 8.2.5 on HP-Unix.
> I want to know how can I generate a rndc_key?? what is the command and tools
> I
> need??
>
> like this..
>
> key "rndc_key" {
> algorithm "hmac-md5";
> secret "replacemewithyourgeneratedkey";
> };
>
> Please let me know,
>
> Thanks in advance,
>
> Regards,
>
> John
BIND 8 uses ndc not rndc for control. ndc does not sign its
messages so no key is required.
If you are wanting to generate a key for any other purpose then
any random data fed converted to base64 (or hex) will do.
e.g.
dd if=/dev/random bs=16 count=1 | mimencode
dd if=/dev/random bs=16 count=1 | md5
% dd if=/dev/random bs=16 count=1 | mimencode
1+0 records in
1+0 records out
16 bytes transferred in 0.000078 secs (205226 bytes/sec)
oGeN+qE2mo/HNiYNoxStcg==
%
% dd if=/dev/random bs=16 count=1 | md5
1+0 records in
1+0 records out
16 bytes transferred in 0.000088 secs (181621 bytes/sec)
cf90a3cd3d22e20d426a5714c3bb5615
%
Which gives you secrets of "oGeN+qE2mo/HNiYNoxStcg==" and
"cf90a3cd3d22e20d426a5714c3bb5615".
If your system doesn't have /dev/random flip a coin 128 times
and record the result (H/T or 0/1) then run md5 on it to condence
it.
Mark
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at isc.org
More information about the bind-users
mailing list