rndc key for bind 9.3.0. catch-22?

Christopher L. Barnard cbar44 at tsg.cbot.com
Mon Dec 6 17:47:20 UTC 2004


I am confused.  This is bind 9.3.0.

from the rndc man page:

[...] In the current versions of rndc and named  named  the
     only  supported  authentication algorithm is HMAC-MD5 [...]

however, when I try to generate a key

root#> /opt/local/sbin/dnssec-keygen -a hmac-md5 -b 512 -n ZONE cbot.com
dnssec-keygen: a key with algorithm 'hmac-md5' cannot be a zone key

That dnssec-keygen command worked fine with bind9 prior to version 9.3.0.
An existing key works fine on a server that has been upgraded to bind
9.3.0 from 9.2.3.  However a new installation of bind 9.3.0 fails because
I cannot generate the key for rndc.  How do I generate a key for the
/etc/rndc.conf file with bind version 9.3.0?

+-----------------------------------------------------------------------+
| Christopher L. Barnard         O     When I was a boy I was told that |
| cbarnard at tsg.cbot.com         / \    anybody could become president.  |
| (312) 347-4901               O---O   Now I'm beginning to believe it. |
| http://www.cs.uchicago.edu/~cbarnard                --Clarence Darrow |
+----------PGP public key available via finger or PGP keyserver---------+



More information about the bind-users mailing list