Format of 'dig -k' "TSIG key file"?
Joseph S D Yao
jsdy at tux.org
Fri Jul 31 21:18:04 UTC 2009
On Fri, Jul 31, 2009 at 03:32:48PM +1000, Mark Andrews wrote:
> In message <20090730174054.H23872 at gwyn.tux.org>, Joseph S D Yao writes:
...
> > Plus, I'm curious to know what 'dig -k' really wants to see.
>
> A keyfile as generated by "dnssec-keygen -a HMAC-*".
...
Of which there are two - a .key file and a .private file. But I never
thought of using the .private file format! Next week ...
> HMAC-MD5, HMAC-SHA1, HMAC-SHA224, HMAC-SHA256, HMAC-SHA384 or HMAC-SHA512.
Now, I must not have been paying attention - all my written down [or
electronically inscribed] information says that the HMAC-MD5 algorithm
must be used for TSIG. When did this get opened up?
Thanks!
--
/*********************************************************************\
**
** Joe Yao jsdy at tux.org - Joseph S. D. Yao
**
\*********************************************************************/
More information about the bind-users
mailing list