dnskeygen - Generates public, private, and shared secret
keys for DNS Security
/usr/bin/dnskeygen [-DHR] key-size [-zhu] [-p value] [-s
value] -n name
Specifies that the key cannot be used for authentication.
Specifies that the key cannot be used for encryption.
Generates a DSA/DSS key. The size (in bytes) must be one
of the following values: 512, 576, 640, 704, 768, 832,
896, 960, or 1024. Uses a large exponent for key generation
(RSA only). Generates an HMAC-MD5 key. The size (in
bytes) must be between 1 and 512. Generates a Host key
for a host or service. Specifies the name of the key that
you generate. Sets the protocol field value. The default
is 2 (E-mail) for Host keys and 3 (DNS Security) for all
others. Generates an RSA key. The size (in bytes) must be
between 512 and 4096. Sets the strength value with which
this key signs DNS records. The default is 1 for Zone keys
and 0 for all others. Generates a User key for E-mail or
another purpose. Generates a Zone key for DNS validation.
When the dnskeygen command is executed with no options, it
generates output containing a list of its options.
Use the dnskeygen utility to generate and maintain keys
for DNS Security. The utility can generate public and private
keys to authenticate zone data and shared secret keys
to use for Request/Transaction signatures.
Although the dnskeygen command supports the full range of
options offered by the Internet Software Consortium's
(ISC) original program, at this time, the operating system
supports only the keys it generates for secure dynamic
updates and zone transfers. See bind_manual_setup(7) and
the Network Administration: Services guide for more information
about these features.
In the following example, an administrator creates a private
key for authentication of DNS dynamic updates (the
forward slash \ indicates line continuation): # dnskeygen
-H 1024 -h -c -n pubnet-enterprise_update ** Adding dot to
the name to make it fully qualified domain name** Generating
1024 bit HMAC-MD5 Key for pubnet-enterprise_update.
Generated 1024 bit Key for pubnet-enterprise_update. id=0
alg=157 \
flags=16897
# ls K* Kpubnet-enterprise_update.+157+00000.key Kpubnetenterprise_update.+157+00000.private
The dnskeygen command generates two files in the directory
in which it is executed: Public key file. Private key
file.
Commands: named(8)
Files: named.conf(4)
Others: bind_manual_setup(7)
Network Administration: Services
dnskeygen(1)
[ Back ] | 