error generating HMAC-SHA256 TSIG keys

Chris Buxton cbuxton at
Wed Jun 11 22:18:10 UTC 2008

I've been wondering for some time now why this happens:

$ dnssec-keygen -a hmac-sha256 -b 256 -n host some-key
dnssec-keygen: failed to write key some-key/163/38039: private key is  

I haven't been able to get the .private file for any key type except  
HMAC-MD5 and HMAC-SHA1. Is there a work-around?

Chris Buxton
Professional Services
Men & Mice

More information about the bind-users mailing list