Jump to first page
 -112
Signing a Zone 1
Creating the KEY
ndnssec-keygen -a RSASHA1 -b 1024 -n zone secret-wg.org
u
uKsecret-wg.org.+005+20704
n
nKsecret-wg.org.+005+20704.key contains the public key.
n
nKsecret-wg.org.+005+20704.private should be kept secret
When generating keys it is important to have access to a pool of random numbers. Be careful when selecting your source for random numbers.

On FreeBSD the /dev/random generator will block once it runs out of entropy (.i.e. sufficient randomness). Use /dev/urandom on systems where this happens.

The private key should be kept secret; when deploying DNSSEC one should consider to separate the signer from the nameserver itself.