Firms Tackle Security Flaw In Web Addressing System
Mark Andrews
Mark_Andrews at isc.org
Mon Jul 14 00:35:20 UTC 2008
> Alan Clegg <Alan_Clegg at isc.org> wrote:
>
> > As the author of the paper, the result is YOU being able to deploy a
> > DNSSEC signed zone within 6 minutes. No, you can't learn to do it in 6
> > minutes, but once you understand the process (and it's not really
> > difficult), you can easily go from unsigned (no keys, etc) to fully
> > signed within 6 minutes per zone (and that's doing it by hand!)
>
>
> This is probably a stupid question but I do have a question about that
> paper/pdf.
>
> On page 31 of it (Sample with real names) you have this:
>
> dnssec-keygen -a rsasha1 -b 4096 -n ZONE -k KSK udp53.org
>
> which just results in:
>
> dnssec-keygen: extraneous arguments
>
> On page 16 (the walk through section) it's there as:
>
> dnssec-keygen -a rsasha1 -b 4096 -n ZONE -f KSK zonename
>
>
> I'm assuming the "-k" is wrong and the "-f" is correct?
Yes.
> -bruce
> bje at ripco.com
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list