tsig keys
Mark.Andrews at nominum.com
Mark.Andrews at nominum.com
Fri Jun 29 00:53:16 UTC 2001
> hi
> can any body tell me how to generate TSIG keys for master and slave and how t
> o put them in conf file
> we are running bind 8.2.3 -REL
> Madan Rai
Write 'A'-'Z', 'a'-'z', '0'-'9', '+' and '/' on cards.
Shuffle them. Spread them on the floor. Throw a coin in
the air and choose the closest card to to the coin. Write
down the value. Repeat this for 24 times.
The result is your secret key.
Other ways are:
dd if=/dev/random bs=16 count=1 | mimecode
dd if=/dev/random bs=16 count=1 | md5
dnskeygen -H 128 -h -c -n the.key.name.
All these methods give you atleast 128 bits of random key
material encoded in a base 64 string.
nsupdate knows how to read the keys stored in the files
produced by dnskeygen. Also change the mode on the ".key"
file to 600 if you use dnskeygen.
Mark
slave.conf:
key "the.key.name" {
algorithm "hmac-md5";
secret "aaaabbbbccccdddd";
};
server 1.2.3.4 { /*master*/
keys { "the.key.name"; };
};
master.conf:
key "the.key.name" {
algorithm "hmac-md5";
secret "aaaabbbbccccdddd";
};
server 1.2.3.5 { /*slave*/
keys { "the.key.name"; };
};
--
Mark Andrews, Nominum Inc.
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at nominum.com
More information about the bind-users
mailing list