Jump to first page
 -94
TSIG configuration steps 1-3
n1. Create key using DNSSEC-keygen:
udnssec-keygen -a HMAC-MD5 -b 256 -n HOST me-friend
u
uKme-friend.+157+51197
n2. Cut-n-paste key material into named.conf
ukey Óme-friend." {
u        algorithm hmac-md5;
u        secret ÒnEfRX9jxOmzsby8VKRgDWEJorhyNbjt1ebbPn7lyQtE=";
u};
n3. Communicate this with your partner (off band, PGPÉ)
The DNSSEC-keygen -n HOST will create a key pair. The key material is the same in both the private and public part of the key.


Ônamed.confÕ is normally world readable. To protect your keys put them in a separate root only readable  ÒkeyfileÓ and use  include ÒkeyfileÓ; in your named.conf.