HI Tony,
Thanks for help. I was wondering if HMAC* keys are not used for zone then why the same is displayed when we use "dnssec-keygen -h". Regards, Gaurav Kansal -----Original Message----- From: Tony Finch [mailto:fa...@hermes.cam.ac.uk] On Behalf Of Tony Finch Sent: Monday, March 3, 2014 3:58 AM To: Gaurav Kansal Cc: bind-users@lists.isc.org Subject: Re: Regarding HMAC-SHA256 and RSASHA512 key generation algorithm in dnssec-keygen Gaurav Kansal < <mailto:gaurav.kan...@nic.in> gaurav.kan...@nic.in> wrote: > > I have doubt in this only. What's the difference between Zone or Host ?? Zone keys are used for DNSSEC signing zones. Host keys are used for TSIG transaction authentication, for securing zone transfers or dynamic updates. > I also want to know which algorithm is the best one on security > aspects for generating Keys for DNSSEC. Your security is affected more by how you store the keys than anything else. RSASHA256 is fine. Tony. -- f.anthony.n.finch < <mailto:d...@dotat.at> d...@dotat.at> <http://dotat.at/> http://dotat.at/ Faeroes: East or southeast 5 to 7. Rough or very rough. Rain. Moderate.
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
