how to get the secret key in named.conf
Jim Reid
jim at rfc1035.com
Wed Dec 19 21:19:31 UTC 2001
>>>>> "Tony" == Tony <tony.wong at stanford.edu> writes:
Tony> How do I find or generate the key in named.conf? eg:
Tony> key test. { algorithm hmac-md5; secret
Tony> "AK5nBT0vCFhemCmZ0J1+Yw=="; };
Tony> Where does: secret "AK5nBT0vCFhemCmZ0J1+Yw=="; come from?
It's a secret! :-) Any base-64 encoded string can be used for a TSIG
shared secret. You can even run mimencode or something like that on
some random or not easily guessed data source. The BIND9 DNSSEC tools
are better: use them instead of the stuff in BIND8. And read the
documentation. The BIND9 Administrator Reference Manual tells you how
to set up and use TSIG. The same procedure will work for BIND8 too, if
you insist on running that.
More information about the bind-users
mailing list