Re: rndc key for bind 9.3.0. catch-22?
This is a discussion on Re: rndc key for bind 9.3.0. catch-22? within the Bind Users forums, part of the DNS and Related Forums category; On Mon, 2004-12-06 at 12:47, Christopher L. Barnard wrote: > I am confused. This is bind 9....
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
12-06-2004
|
|||
|
|||
Re: rndc key for bind 9.3.0. catch-22?
On Mon, 2004-12-06 at 12:47, Christopher L. Barnard wrote:
> I am confused. This is bind 9.3.0. > > from the rndc man page: > > [...] In the current versions of rndc and named named the > only supported authentication algorithm is HMAC-MD5 [...] > > however, when I try to generate a key > > root#> /opt/local/sbin/dnssec-keygen -a hmac-md5 -b 512 -n ZONE cbot.com > dnssec-keygen: a key with algorithm 'hmac-md5' cannot be a zone key > > That dnssec-keygen command worked fine with bind9 prior to version 9.3.0. > An existing key works fine on a server that has been upgraded to bind > 9.3.0 from 9.2.3. However a new installation of bind 9.3.0 fails because > I cannot generate the key for rndc. How do I generate a key for the > /etc/rndc.conf file with bind version 9.3.0? > > +-----------------------------------------------------------------------+ > | Christopher L. Barnard O When I was a boy I was told that | > | cbarnard@tsg.cbot.com / \ anybody could become president. | > | (312) 347-4901 O---O Now I'm beginning to believe it. | > | http://www.cs.uchicago.edu/~cbarnard --Clarence Darrow | > +----------PGP public key available via finger or PGP keyserver---------+ > > You could substitute 'HOST' for 'ZONE' in the dnssec-keygen command, and then copy the generated key (the last field of the KEY record) from either the K*.public or K*.private files (removing spaces) into the 'rndc.key' file. Alternatively, you could use the attached C-program which generates a usable hmac-md5 key on stdout. This is used by Red Hat's BIND distribution to generate the initial rndc.key : --- BEGIN "keygen.c" C program attachment #include <stdio.h> #include <string.h> int main(int argc, char **argv) { FILE *f=fopen("/dev/urandom", "r"); char key[61]; int i=0; char tmp; memset(key, 0, 61); while(i<60) { tmp=fgetc(f); if((tmp>='a' && tmp<='z') || (tmp>='A' && tmp<='Z') || (tmp>='0' && tmp<='9')) key[i++]=tmp; } puts(key); fclose(f); } --- END C program attachment To build: $ cc -o dns-keygen keygen.c To Run: $ ./dns-keygen vAPjDZR1EYNGjlzufOUU4zLvJvUkRbXbfMrb2t4xWTHyyinapB XWauUxzgrO 
|
 |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT +1. The time now is 08:04 AM.
