nsupdate, dnskeygen, trusted-keys, OH my!

[Chris MacLeod]

I've been wrestleing with nsupdate for a couple of days now and have
finally gotten it working with ip based security rules.

I'm trying to do key based authentication now so I can't be spoofed.

Could someone point me to a good reference (or post here) what a
named.conf using trusted-keys with nsupdate should look like.  And also
how keys should be generated with dnskeygen.

Thanks.

Stick