nsupdate with signature
Stefan Mangard
smang at cs.jhu.edu
Thu May 18 16:41:33 UTC 2000
Hi,
I am currently trying to start using the DNSSEC features included in BIND
8.2.2-P5.
I have problem is updating the DNS server using nsupdate: I want to update
it using a signature TSIG.
So what I tried was exectuing
nsupdate -k /var/named/keys:updater
where updater is a key generated by dnskeygen. I have to following files
in /var/named
Kupdater.+001+58829.key Kupdater.+001+58829.private
My problem is, that nsupdate returns the message: error reading key.
My questions are:
Do I have to use a different program for key generation?
Are there any restrictions to certain algorithms, key length, ...?
Thanks,
Stefan Mangard
More information about the bind-users
mailing list