Joseph S D Yao wrote: > It turned out that this latter file was needed, but for some > inexplicable reason perhaps having to do with library routines [I have > not gone chasing down the code], it ALSO wants the "mynet.private" file!
The nsupdate manpages mentions this behaviour in the "BUGS" section: | BUGS | The TSIG key is redundantly stored in two separate files. This | is a consequence of nsupdate using the DST library for its | cryptographic operations, and may change in future releases. Maybe the dig manpage should, too, until it changes in future releases. Hauke.
--- dig.1.orig 2009-08-22 13:41:49.000000000 +0200
+++ dig.1 2009-08-22 14:44:52.000000000 +0200
@@ -200,9 +200,10 @@
.PP
To sign the DNS queries sent by
\fBdig\fR
-and their responses using transaction signatures (TSIG), specify a TSIG key file using the
+and their responses using transaction signatures (TSIG), specify a pair of TSIG key files using the
\fB\-k\fR
-option. You can also specify the TSIG key itself on the command line using the
+option, which can be generated by
+\fBdnssec\-keygen\fR. You can also specify the TSIG key itself on the command line using the
\fB\-y\fR
option;
\fIhmac\fR
@@ -561,6 +562,8 @@
.SH "BUGS"
.PP
There are probably too many query options.
+.PP
+The TSIG key is redundantly stored in two separate files. This is a consequence of dig using the DST library for its cryptographic operations, and may change in future releases.
.SH "COPYRIGHT"
Copyright \(co 2004\-2009 Internet Systems Consortium, Inc. ("ISC")
.br
signature.asc
Description: OpenPGP digital signature
_______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
