Results 1 to 2 of 2
Does anyone know how to use dnskeygen? I'm starting to understand the concept but here are a few things that are throwing me off. 1. the options -z (zone), -h(host), ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 06-24-2005 #1
- Join Date
- Nov 2002
- Queens, NY
Does anyone know how to use dnskeygen?
I'm starting to understand the concept but here are a few things that are throwing me off.
1. the options -z (zone), -h(host), -u (user), When is it appropriate to use these? Thus far, I've only seen examples with -h and I'm not sure in what case the -z and -u are utilized.
2. It looks like the dnskeygen program will generate two keys: public and private. I'm assuming that you need to copy a key to a slave server but which one do you copy? Public or private?The best things in life are free.
- 06-25-2005 #2
- Join Date
- Jun 2005
- Behind You...
wow a forums eng asking for help....
The dnskeygen utility supports the following options:
Generate a DSA/DSS key. The value of size must be one of the following: 512, 576, 640, 704, 768, 832, 896, 960 or 1024.
Use a large exponent for key generation. Use for RSA only.
Generate a HMAC-MD5 key. The value of size must be between 128 and 504.
Generate an RSA key. The value of size must be between 512 and 4096.
Cannot use key for authentication.
Cannot use key for encryption.
Generate host or service key.
Set the key's name to name.
Set the key's protocol field to num. The values for num are as follows:
If -z or -h is specified (DNSSEC), this is the default value.
Unless specified, the default value for all other options.
Use this value for TLS.
Use this value for IPSEC.
Use this value for ANY.
Set the key's strength field to num. The default value of num is 0.
Generate User key, for example, for email.
Generate Zone key for DNS validation.