nsupdate with signature

Stefan Mangard smang at cs.jhu.edu
Thu May 18 16:41:33 UTC 2000


Hi,

I am currently trying to start using the DNSSEC features included in BIND
8.2.2-P5.
I have problem is updating the DNS server using nsupdate: I want to update
it using a signature TSIG.

So what I tried was exectuing

nsupdate -k /var/named/keys:updater

where updater is a key generated by dnskeygen. I have to following files
in /var/named

Kupdater.+001+58829.key      Kupdater.+001+58829.private

My problem is, that nsupdate returns the message: error reading key.

My questions are: 
Do I have to use a different program for key generation?
Are there any restrictions to certain algorithms, key length, ...?


Thanks,

Stefan Mangard




More information about the bind-users mailing list