On Tue, Apr 19, 2016, at 02:24 PM, Evan Hunt wrote:
> On Tue, Apr 19, 2016 at 07:40:38AM -0700, jaso...@mail-central.com wrote:
> > I'm working on generating TSIG keys for use with my bind server.
>
> I think you'll be happier if you use "tsig-keygen" instead of "dnssec-keygen".
Huh. Didn't come across that in any of the example I was using :-/
Looks like tsig-keygen is also from bind
rpm -q --whatprovides /usr/sbin/dnssec-keygen /usr/sbin/tsig-keygen
bind-utils-9.10.3P4-215.1.x86_64
bind-utils-9.10.3P4-215.1.x86_64
I'll sure read up and give tsig-keygen a try.
But, why's using dnssec-keygen 'bad' for TSIG ? Apart from all the online
tutes that refer to it, from its manpage
DESCRIPTION
dnssec-keygen generates keys for DNSSEC (Secure DNS), as defined
in RFC 2535 and
RFC 4034. It can also generate keys for use with TSIG
(Transaction Signatures) as
defined in RFC 2845, or TKEY (Transaction Key) as defined in RFC
2930.
I'd still like to at least understand what the problem is.
Jason
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
