dnskeygen

[bpark]

Does anyone know how to use dnskeygen?

I'm starting to understand the concept but here are a few things that are throwing me off.

1. the options -z (zone), -h(host), -u (user), When is it appropriate to use these? Thus far, I've only seen examples with -h and I'm not sure in what case the -z and -u are utilized.

2. It looks like the dnskeygen program will generate two keys: public and private. I'm assuming that you need to copy a key to a slave server but which one do you copy? Public or private?

[antisaint]

wow a forums eng asking for help....

The dnskeygen utility supports the following options:

-D

Generate a DSA/DSS key. The value of size must be one of the following: 512, 576, 640, 704, 768, 832, 896, 960 or 1024.
-F

Use a large exponent for key generation. Use for RSA only.
-H

Generate a HMAC-MD5 key. The value of size must be between 128 and 504.
-R

Generate an RSA key. The value of size must be between 512 and 4096.
-a

Cannot use key for authentication.
-c

Cannot use key for encryption.
-h

Generate host or service key.
-n name

Set the key's name to name.
-p num

Set the key's protocol field to num. The values for num are as follows:

3

If -z or -h is specified (DNSSEC), this is the default value.
2

Unless specified, the default value for all other options.
1

Use this value for TLS.
4

Use this value for IPSEC.
255

Use this value for ANY.

-s num

Set the key's strength field to num. The default value of num is 0.
-u

Generate User key, for example, for email.
-z

Generate Zone key for DNS validation.