Up: keys Statement Definition and Usage


A.2.2.1 key_id Statement

The key_id statement defines a secret shared key for use with TSIG. It consists of its name, algorithm and key contents.

Supported algoritms:

You need to use bind or ldns utils to generate TSIG keys. Unfortunately, Knot DNS does not have any own generation utilities yet.

     
     $ dnssec-keygen -a HMAC-SHA256 -b 256 -n HOST foobar.example.com
     Kfoobar.example.com.+163+21239
     $ cat Kfoobar.example.com.+163+21239.key
     foobar.example.com. ( IN KEY 512 3 163
                           rqv2WRyDgIUaHcJi03Zssor9jtG1kOpb3dPywxZfTeo= )
     

Key generated in previous paragraph would be written as:

     
     keys {
       foobar.example.com. hmac-sha256
       "rqv2WRyDgIUaHcJi03Zssor9jtG1kOpb3dPywxZfTeo=";
     }