I'm working on generating TSIG keys for use with my bind server.
When I generate a 2nd set of keys in a dir, I get a "bad key type" error,
DIR="/home/me/test/nsupdate"
HOST="myhost.example.com"
dnssec-keygen -V
dnssec-keygen 9.10.3-P4
cd $DIR
rm -f *
ls *
(emtpy)
dnssec-keygen -a hmac-sha256 -b 128 -K $DIR -n HOST $HOST
Kmyhost.example.com.+163+35917
ls *
Kmyhost.example.com.+163+35917.key
Kmyhost.example.com.+163+35917.private
dnssec-keygen -a hmac-sha256 -b 128 -K $DIR -n HOST $HOST
dnssec-keygen: warning: dns_dnssec_findmatchingkeys: error
reading key file Kmyhost.example.com.+163+39520.private: bad key type
dnssec-keygen: warning: dns_dnssec_findmatchingkeys: error reading key
file Kmyhost.example.com.+163+35917.private: bad key type
Kmyhost.example.com.+163+16588
ls *
Kmyhost.example.com.+163+16588.key
Kmyhost.example.com.+163+16588.private
Kmyhost.example.com.+163+35917.key
Kmyhost.example.com.+163+35917.private
>From the manpage
Note 2: DH, HMAC-MD5, and HMAC-SHA1 through HMAC-SHA512 automatically set the
-T KEY option.
So it's auto-set here. What's "bad" about the automatically set key type?
Jason
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
