Firms Tackle Security Flaw In Web Addressing System

Mark Andrews Mark_Andrews at isc.org
Mon Jul 14 00:35:20 UTC 2008


> Alan Clegg <Alan_Clegg at isc.org> wrote:
> 
> > As the author of the paper, the result is YOU being able to deploy a
> > DNSSEC signed zone within 6 minutes.  No, you can't learn to do it in 6
> > minutes, but once you understand the process (and it's not really
> > difficult), you can easily go from unsigned (no keys, etc) to fully
> > signed within 6 minutes per zone (and that's doing it by hand!)
> 
> 
> This is probably a stupid question but I do have a question about that
> paper/pdf.
> 
> On page 31 of it (Sample with real names) you have this:
> 
> dnssec-keygen -a rsasha1 -b 4096 -n ZONE -k KSK udp53.org
> 
> which just results in:
> 
> dnssec-keygen: extraneous arguments
> 
> On page 16 (the walk through section) it's there as:
> 
> dnssec-keygen -a rsasha1 -b 4096 -n ZONE -f KSK zonename
> 
> 
> I'm assuming the "-k" is wrong and the "-f" is correct?

	Yes.
 
> -bruce
> bje at ripco.com
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org


More information about the bind-users mailing list