Find the answer to your Linux question:
Results 1 to 2 of 2

Thread: dnskeygen

Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Linux Engineer
    Join Date
    Nov 2002
    Queens, NY


    Does anyone know how to use dnskeygen?

    I'm starting to understand the concept but here are a few things that are throwing me off.

    1. the options -z (zone), -h(host), -u (user), When is it appropriate to use these? Thus far, I've only seen examples with -h and I'm not sure in what case the -z and -u are utilized.

    2. It looks like the dnskeygen program will generate two keys: public and private. I'm assuming that you need to copy a key to a slave server but which one do you copy? Public or private?
    The best things in life are free.

  2. #2
    Just Joined!
    Join Date
    Jun 2005
    Behind You...
    wow a forums eng asking for help....

    The dnskeygen utility supports the following options:


    Generate a DSA/DSS key. The value of size must be one of the following: 512, 576, 640, 704, 768, 832, 896, 960 or 1024.

    Use a large exponent for key generation. Use for RSA only.

    Generate a HMAC-MD5 key. The value of size must be between 128 and 504.

    Generate an RSA key. The value of size must be between 512 and 4096.

    Cannot use key for authentication.

    Cannot use key for encryption.

    Generate host or service key.
    -n name

    Set the key's name to name.
    -p num

    Set the key's protocol field to num. The values for num are as follows:


    If -z or -h is specified (DNSSEC), this is the default value.

    Unless specified, the default value for all other options.

    Use this value for TLS.

    Use this value for IPSEC.

    Use this value for ANY.

    -s num

    Set the key's strength field to num. The default value of num is 0.

    Generate User key, for example, for email.

    Generate Zone key for DNS validation.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts