Regarding HMAC-SHA256 and RSASHA512 key generation algorithm in dnssec-keygen
dot at dotat.at
Mon Mar 3 11:57:32 UTC 2014
Gaurav Kansal <gaurav.kansal at nic.in> wrote:
> I have doubt in this only. What's the difference between Zone or Host ??
Zone keys are used for DNSSEC signing zones.
Host keys are used for TSIG transaction authentication, for securing zone
transfers or dynamic updates.
> I also want to know which algorithm is the best one on security aspects for
> generating Keys for DNSSEC.
Your security is affected more by how you store the keys than anything
else. RSASHA256 is fine.
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
Faeroes: East or southeast 5 to 7. Rough or very rough. Rain. Moderate.
More information about the bind-users