dnskeygen(1)dnskeygen(1)NAMEdnskeygen - Generates public, private, and shared secret keys for DNS
Security
SYNOPSIS
/usr/bin/dnskeygen [-DHR] key-size [-zhu] [-p value] [-s value] -n name
OPTIONS
Specifies that the key cannot be used for authentication. Specifies
that the key cannot be used for encryption. Generates a DSA/DSS key.
The size (in bytes) must be one of the following values: 512, 576, 640,
704, 768, 832, 896, 960, or 1024. Uses a large exponent for key gener‐
ation (RSA only). Generates an HMAC-MD5 key. The size (in bytes) must
be between 1 and 512. Generates a Host key for a host or service.
Specifies the name of the key that you generate. Sets the protocol
field value. The default is 2 (E-mail) for Host keys and 3 (DNS Secu‐
rity) for all others. Generates an RSA key. The size (in bytes) must
be between 512 and 4096. Sets the strength value with which this key
signs DNS records. The default is 1 for Zone keys and 0 for all others.
Generates a User key for E-mail or another purpose. Generates a Zone
key for DNS validation.
When the dnskeygen command is executed with no options, it generates
output containing a list of its options.
DESCRIPTION
Use the dnskeygen utility to generate and maintain keys for DNS Secu‐
rity. The utility can generate public and private keys to authenticate
zone data and shared secret keys to use for Request/Transaction signa‐
tures.
RESTRICTIONS
Although the dnskeygen command supports the full range of options
offered by the Internet Software Consortium's (ISC) original program,
at this time, the operating system supports only the keys it generates
for secure dynamic updates and zone transfers. See bind_manual_setup(7)
and the Network Administration: Services guide for more information
about these features.
EXAMPLES
In the following example, an administrator creates a private key for
authentication of DNS dynamic updates (the forward slash \ indicates
line continuation): # dnskeygen-H 1024 -h-c-n pubnet-enter‐
prise_update ** Adding dot to the name to make it fully qualified
domain name** Generating 1024 bit HMAC-MD5 Key for pubnet-enter‐
prise_update.
Generated 1024 bit Key for pubnet-enterprise_update. id=0 alg=157 \
flags=16897
# ls K* Kpubnet-enterprise_update.+157+00000.key Kpubnet-enter‐
prise_update.+157+00000.private
FILES
The dnskeygen command generates two files in the directory in which it
is executed: Public key file. Private key file.
SEE ALSO
Commands: named(8)
Files: named.conf(4)
Others: bind_manual_setup(7)
Network Administration: Services
dnskeygen(1)