unixdev.net


Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (OSF1-V5.1-alpha)
Page:
Section:
Apropos / Subsearch:
optional field



dnskeygen(1)							 dnskeygen(1)



NAME

  dnskeygen - Generates	public,	private, and shared secret keys	for DNS	Secu-
  rity

SYNOPSIS

  /usr/bin/dnskeygen [-DHR] key-size [-zhu] [-p	value] [-s value] -n name

OPTIONS

  -a  Specifies	that the key cannot be used for	authentication.

  -c  Specifies	that the key cannot be used for	encryption.

  -D  Generates	a DSA/DSS key. The size	(in bytes) must	be one of the follow-
      ing values: 512, 576, 640, 704, 768, 832,	896, 960, or 1024.

  -F  Uses a large exponent for	key generation (RSA only).

  -H  Generates	an HMAC-MD5 key.  The size (in bytes) must be between 1	and
      512.

  -h  Generates	a Host key for a host or service.

  -n  Specifies	the name of the	key that you generate.

  -p value
      Sets the protocol	field value. The default is 2 (E-mail) for Host	keys
      and 3 (DNS Security) for all others.

  -R  Generates	an RSA key. The	size (in bytes)	must be	between	512 and	4096.

  -s value
      Sets the strength	value with which this key signs	DNS records. The
      default is 1 for Zone keys and 0 for all others.

  -u  Generates	a User key for E-mail or another purpose.

  -z  Generates	a Zone key for DNS validation.

  When the dnskeygen command is	executed with no options, it generates output
  containing a list of its options.

DESCRIPTION

  Use the dnskeygen utility to generate	and maintain keys for DNS Security.
  The utility can generate public and private keys to authenticate zone	data
  and shared secret keys to use	for Request/Transaction	signatures.





RESTRICTIONS

  Although the dnskeygen command supports the full range of options offered
  by the Internet Software Consortium's	(ISC) original program,	at this	time,
  the operating	system supports	only the keys it generates for secure dynamic
  updates and zone transfers. See bind_manual_setup(7) and the Network
  Administration: Services guide for more information about these features.

EXAMPLES

  In the following example, an administrator creates a private key for
  authentication of DNS	dynamic	updates	(the forward slash \ indicates line
  continuation):

       # dnskeygen -H 1024 -h -c -n pubnet-enterprise_update
       ** Adding dot to	the name to make it fully qualified domain name**
       Generating 1024 bit HMAC-MD5 Key	for pubnet-enterprise_update.

       Generated 1024 bit Key for pubnet-enterprise_update. id=0 alg=157 \
	flags=16897

       # ls K*
       Kpubnet-enterprise_update.+157+00000.key
       Kpubnet-enterprise_update.+157+00000.private


FILES

  The dnskeygen	command	generates two files in the directory in	which it is
  executed:

  K<key-name><proto-id><key-id>.key
      Public key file.

  K<key-name><proto-id><key-id>.private
      Private key file.

SEE ALSO

  Commands: named(8)

  Files: named.conf(4)

  Others: bind_manual_setup(7)

  Network Administration: Services