Dnskeygen
(DNS Key Generator) is a tool to generate and maintain keys for DNS Security
within the DNS (Domain Name System).
Dnskeygen
can generate public and private keys to authenticate zone data, and shared
secret keys to be used for Request/Transaction signatures.
-tag -width Fl
Fl D
Dnskeygen will generate a
DSA/DSS
key.
size
must be one of [512, 576, 640, 704, 768, 832, 896, 960, 1024].
Fl H
Dnskeygen will generate an
HMAC-MD5
key.
size
must be between 128 and 504.
Fl R
Dnskeygen will generate an
RSA
key.
size
must be between 512 and 4096.
Fl F
(RSA only)
Use a large exponent for key generation.
Fl z Fl h Fl u
These flags define the type of key being generated: Zone (DNS validation) key,
Host (host or service) key or User (e.g. email) key, respectively.
Each key is only allowed to be one of these.
Fl a
Indicates that the key
CANNOT
be used for authentication.
Fl c
Indicates that the key
CANNOT
be used for encryption.
Fl p Ar num
Sets the key's protocol field to
num
; the default is
3
(DNSSEC) if
Fl z
or
Fl h
is specified and
2
(EMAIL) otherwise. Other accepted values are
1
(TLS),
4
(IPSEC), and
255
(ANY).
Fl s Ar num
Sets the key's strength field to
num;
the default is
0.
Fl n Ar name
Sets the key's name to
name.
Dnskeygen
stores each key in two files:
K<name>+<alg>+<footprint>.private
and
K<name>+<alg>+<footprint>.key
The file
K<name>+<alg>+<footprint>.private
contains the private key in a portable format. The file
K<name>+<alg>+<footprint>.key
contains the public key in the DNS zone file format:
Ar <name> IN KEY <flags> <algorithm> <protocol> <exponent|modulus>