Welcome to Linux Knowledge Base and Tutorial
"The place where you learn linux"
International Medical Corps

 Create an AccountHome | Submit News | Your Account  

Tutorial Menu
Linux Tutorial Home
Table of Contents

· Introduction to Operating Systems
· Linux Basics
· Working with the System
· Shells and Utilities
· Editing Files
· Basic Administration
· The Operating System
· The X Windowing System
· The Computer Itself
· Networking
· System Monitoring
· Solving Problems
· Security
· Installing and Upgrading
· Linux and Windows

Man Pages
Linux Topics
Test Your Knowledge

Site Menu
Site Map
Copyright Info
Terms of Use
Privacy Info
Masthead / Impressum
Your Account

Private Messages

News Archive
Submit News
User Articles
Web Links


The Web

Who's Online
There are currently, 61 guest(s) and 0 member(s) that are online.

You are an Anonymous user. You can register for free by clicking here




       dnssec-keygen  -a  algorithm  -b  keysize -n nametype [ -c
       class ]  [ -e ]  [ -g generator ]  [ -h ]  [ -p protocol ]
       [ -r randomdev ]  [ -s strength ]  [ -t type ]  [ -v level
       ]  name


       dnssec-keygen generates keys for DNSSEC (Secure  DNS),  as
       defined  in  RFC  2535.  It can also generate keys for use
       with TSIG (Transaction  Signatures),  as  defined  in  RFC


       -a algorithm
              Selects  the  cryptographic algorithm. The value of
              algorithm must be one of RSAMD5  or  RSA,  DSA,  DH
              (Diffie  Hellman),  or  HMAC-MD5.  These values are
              case insensitive.

              Note that for DNSSEC, DSA is a mandatory to  imple­
              ment  algorithm,  and RSA is recommended. For TSIG,
              HMAC-MD5 is mandatory.

       -b keysize
              Specifies the number of bits in the key. The choice
              of key size depends on the algorithm used. RSA keys
              must be between 512 and 2048 bits.  Diffie  Hellman
              keys  must  be  between 128 and 4096 bits. DSA keys
              must be between 512 and 1024 bits and an exact mul­
              tiple  of  64.  HMAC-MD5 keys must be between 1 and
              512 bits.

       -n nametype
              Specifies the owner type of the key. The  value  of
              nametype  must  either  be  ZONE (for a DNSSEC zone
              key), HOST or ENTITY (for a key associated  with  a
              host),  or USER (for a key associated with a user).
              These values are case insensitive.

       -c class
              Indicates that the DNS record  containing  the  key
              should  have the specified class. If not specified,
              class IN is used.

       -e     If generating an RSA key, use a large exponent.

       -g generator
              If generating a Diffie Hellman key, use this gener­
              ator.   Allowed values are 2 and 5. If no generator
              is specified, a known prime from RFC 2539  will  be
              used if possible; otherwise the default is 2.

              alent  device,  the default source of randomness is
              keyboard input. randomdev specifies the name  of  a
              character  device or file containing random data to
              be used instead of the default. The  special  value
              keyboard  indicates  that  keyboard input should be

       -s strength
              Specifies  the  strength  value  of  the  key.  The
              strength  is  a  number  between 0 and 15, and cur­
              rently has no defined purpose in DNSSEC.

       -t type
              Indicates the use of the key. type must be  one  of
              AUTHCONF,   NOAUTHCONF,   NOAUTH,  or  NOCONF.  The
              default is AUTHCONF. AUTH refers to the ability  to
              authenticate  data, and CONF the ability to encrypt

       -v level
              Sets the debugging level.


       When dnssec-keygen completes  successfully,  it  prints  a
       string  of  the form Knnnn.+aaa+iiiii to the standard out­
       put. This is an identification string for the key  it  has
       generated.  These  strings  can  be  used  as arguments to

       · nnnn is the key name.

       · aaa is the numeric representation of the algorithm.

       · iiiii is the key identifier (or footprint).

       dnssec-keygen creates two file, with names  based  on  the
       printed  string.  Knnnn.+aaa+iiiii.key contains the public
       key, and  Knnnn.+aaa+iiiii.private  contains  the  private

       The  .key  file  contains  a  DNS  KEY  record that can be
       inserted into a zone file (directly  or  with  a  $INCLUDE

       The  .private file contains algorithm specific fields. For
       obvious security reasons, this file does not have  general
       read permission.

       Both  .key  and .private files are generated for symmetric
       In this example, dnssec-keygen creates  the  files  Kexam­
       ple.com.+003+26160.key and Kexample.com.+003+26160.private


       dnssec-makekeyset(8),   dnssec-signkey(8),    dnssec-sign­
       zone(8),  BIND 9 Administrator Reference Manual, RFC 2535,
       RFC 2845, RFC 2539.


       Internet Software Consortium

BIND9                     June 30, 2000          DNSSEC-KEYGEN(8)

An undefined database error occurred. SELECT distinct pages.pagepath,pages.pageid FROM pages, page2command WHERE pages.pageid = page2command.pageid AND commandid =




Security Code
Security Code
Type Security Code

Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.

Help if you can!

Amazon Wish List

Did You Know?
You can get all the latest Site and Linux news by checking out our news page.


Tell a Friend About Us

Bookmark and Share

Web site powered by PHP-Nuke

Is this information useful? At the very least you can help by spreading the word to your favorite newsgroups, mailing lists and forums.
All logos and trademarks in this site are property of their respective owner. The comments are property of their posters. Articles are the property of their respective owners. Unless otherwise stated in the body of the article, article content (C) 1994-2013 by James Mohr. All rights reserved. The stylized page/paper, as well as the terms "The Linux Tutorial", "The Linux Server Tutorial", "The Linux Knowledge Base and Tutorial" and "The place where you learn Linux" are service marks of James Mohr. All rights reserved.
The Linux Knowledge Base and Tutorial may contain links to sites on the Internet, which are owned and operated by third parties. The Linux Tutorial is not responsible for the content of any such third-party site. By viewing/utilizing this web site, you have agreed to our disclaimer, terms of use and privacy policy. Use of automated download software ("harvesters") such as wget, httrack, etc. causes the site to quickly exceed its bandwidth limitation and are therefore expressly prohibited. For more details on this, take a look here

PHP-Nuke Copyright © 2004 by Francisco Burzi. This is free software, and you may redistribute it under the GPL. PHP-Nuke comes with absolutely no warranty, for details, see the license.
Page Generation: 0.13 Seconds