Dear Team,
I am using RSASHA1 key generation algorithm for generating the KSK and ZSK. Today, I tried to generate the algorithm using RSASHA512 and HMAC-SHA256 algorithm. Key generation through RSASHA512 algorithm run successfully but while generating the keys through HMAC-SHA512 algorithm, I am getting the following error - "dnssec-keygen: fatal: a key with algorithm 'HMAC-SHA512' cannot be a zone key" I googled it and find a previous discussion on BIND Mailing list that HMAC-* is used for generating keys for Host and not for Zone. I have doubt in this only. What's the difference between Zone or Host ?? Is it key generation for one client machine or what ? I also want to know which algorithm is the best one on security aspects for generating Keys for DNSSEC. Thanks and Regards, Gaurav Kansal Emp Code - 6274 Mob - 9910118448 Intercom - 7331 Have you enabled IPv6 on something today...?
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
