On 12/24/2015 03:50 PM, Alice Wonder wrote:
On 12/24/2015 12:40 PM, Robert Moskowitz wrote:
I am reading:
https://www.centos.org/docs/5/html/Deployment_Guide-en-US/s1-bind-rndc.html
I have bind installed and default config running. I have not applied my
customizations yet. The first step I am taking is getting rndc.key
created. So reading the guide I am trying to run (while logged in as
root, and in /etc):
dnssec-keygen -a hmac-md5 -b 256 -n HOST rndc.key
The system is just sitting there and doing nothing. I have sshed as
another session and do not see any processing being done by
dnssec-keygen.
Has anyone else done this? Am I doing things in the right order? If it
works for others, then there is something wrong with my setup...
It's working fine for me.
I'm using the command ldns-keygen to generate keys though - e.g.
ZSK=`/usr/bin/ldns-keygen -a RSASHA1-NSEC3-SHA1 -b 1024 ${zone}`
and
KSK=`/usr/bin/ldns-keygen -k -a RSASHA1-NSEC3-SHA1 -b 2048 ${zone}`
ldns-keygen is from the ldns package.
Mine is currently all scripted and automated, has been for months - I
started with an Ubuntu tutorial though, not CentOS documentation, and
adapted it.
I'll have to look at the scripts I wrote more carefully when I get
home (wonder if I should be using different than SHA1 now too? I'll
have to research that)
Right now all I want working is rndc. dnssec will be worked on come spring.
With all I do in security, it bothers me that the Centos documentation
specifies MD5. Should be at least SHA1, if not SHA256.
_______________________________________________
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
