Re: dnssec-key 'unknown algorithm RSASHA512'
Oh, please do not forget to generate new my-tsig after sharing your
current with all of us.
Next time please use named-checkconf -px named.conf.tsigkeys to filter
out secrets.
As Anand already wrote, shared keys are not asymmetric keys generated by
dnssec-keygen. That have been split since 9.16 into separate generators
focused only on shared keys. Use tsig-keygen or ddns-confgen to create
shared keys. dnssec-keygen is now only for generating keys with .private
part, which are used in DNSSEC signing only, used in zone files. Usually
not for anything related to ACLs, as for example dynamic updates.
ddns-confgen is exactly for that.
Cheers, Petr
On 1/11/24 12:58, trgapp16 via bind-users wrote:
Hello,
Bind version - 9.18.12
-->This is the command I used for generating dnssec-keygen keys -
root@dhcpt: /etc/bind# dnssec-keygen -a ECDSAP256SHA256 -n ZONE example.com
Kexample.com.+013+43215.key
Kexample.com.+013+43215.private
root@dhcpt:/etc/bind# cat Kexample.com.+013+43215.private
Private-key-format: v1.3
Algorithm: 13 (ECDSAP256SHA256)
PrivateKey: ESkrVALONh7Rj4UZVsOy54Y2SIJiY5HYhoQdxJLuWPk=
Created: 20240111045202
Publish: 20240111045202
Activate: 20240111045202
-->With help of the private key i generated one file with name
"named.conf.tsigkeys" at
/etc/bind -
root@dhcpt:/etc/bind# cat named.conf.tsigkeys
key "my-tsig" {
algorithm "ECDSAP256SHA256";
secret "ESkrVALONh7Rj4UZVsOy54Y2SIJiY5HYhoQdxJLuWPk=";
};
--> below is the error received when i restart named service
root@dhcpt:/etc/bind# named-checkconf
/etc/bind/named.conf.tsigkeys:2: unknown algorithm 'ECDSAP256SHA256'
Any help is greatly appreciated.
Regards,
Mounika
On Thu, 11 Jan 2024 15:49:18 +1100, Mark Andrews wrote
Firstly show what you are actually doing. It it too much for you to actually
cut-and-paste what you are doing?
Secondly BIND 9.18 is at 9.18.22. Version 9.18.8 is seriously out of date.
On 11 Jan 2024, at 15:21, pvs via bind-users wrote:
Hello,
I'm using ubuntu 22.04 server on which bind 9.18.8 service is running.
I'm trying to generate dnssec-key by using the command "dnssec-keygen -a
RSASHA512
-b 2048 -n zone example.com"
After doing this, it is generating both public key and private key. When I
generate
a file with aprivate key in /etc/bind directory, it is throwing error 'unknown
algorithm 'RSASHA512'
Same error is thrown when tried with other algorithms like ECDSAP256SHA256,
RSASHA1,
RSASHA256 etc
Any help is greatly appreciated.
--
Regards,
पं. विष्णु शंकर P. Vishnu Sankar
टीम लीडर Team Leader-Network Operations
सी-डॉट C-DOT
इलैक्ट्रॉनिक्स सिटी फेज़ I Electronics City Phase I
होसूर रोड बेंगलूरु Hosur Road Bengaluru – 560100
फोन Ph 91 80 25119466
--
Disclaimer :
This email and any files transmitted with it are confidential and intended
solely
for the use of the individual or entity to whom they are addressed.
If you are not the intended recipient you are notified that disclosing, copying,
distributing or taking any action in reliance on the contents of this
information is
strictly prohibited.
The sender does not accept liability for any errors or omissions in the
contents of
this message, which arise as a result.
--
Visithttps://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this
list
ISC funds the development of this software with paid support subscriptions.
Contact
us athttps://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET:ma...@isc.org
--
Visithttps://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us athttps://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
### Please consider the environment and print this email only if necessary . Go
Green
###
Disclaimer :
This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you are not the intended recipient you are notified that disclosing,
copying, distributing or taking any action in reliance on the contents of this
information is strictly prohibited. The sender does not accept liability
for any errors or omissions in the contents of this message, which arise as a
result.
--
Open WebMail Project (http://openwebmail.org)
--
Petr Menšík
Software Engineer, RHEL
Red Hat,https://www.redhat.com/
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development
Re: dnssec-key 'unknown algorithm RSASHA512'
On 11/01/2024 12:58, trgapp16 via bind-users wrote:
Hi Mounika,
[snip]
-->With help of the private key i generated one file with name
"named.conf.tsigkeys" at
/etc/bind -
root@dhcpt:/etc/bind# cat named.conf.tsigkeys
key "my-tsig" {
algorithm "ECDSAP256SHA256";
secret "ESkrVALONh7Rj4UZVsOy54Y2SIJiY5HYhoQdxJLuWPk=";
};
--> below is the error received when i restart named service
root@dhcpt:/etc/bind# named-checkconf
/etc/bind/named.conf.tsigkeys:2: unknown algorithm 'ECDSAP256SHA256'
ECDSAP256SHA256 is not a valid algorithm for TSIG keys. You're better
off generating TSIG keys with the "tsig-keygen" command that ships with
BIND. Check out its man page for more details on the algorithms you can use.
Regards,
Anand
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: dnssec-key 'unknown algorithm RSASHA512'
Hello,
Bind version - 9.18.12
-->This is the command I used for generating dnssec-keygen keys -
root@dhcpt: /etc/bind# dnssec-keygen -a ECDSAP256SHA256 -n ZONE example.com
Kexample.com.+013+43215.key
Kexample.com.+013+43215.private
root@dhcpt:/etc/bind# cat Kexample.com.+013+43215.private
Private-key-format: v1.3
Algorithm: 13 (ECDSAP256SHA256)
PrivateKey: ESkrVALONh7Rj4UZVsOy54Y2SIJiY5HYhoQdxJLuWPk=
Created: 20240111045202
Publish: 20240111045202
Activate: 20240111045202
-->With help of the private key i generated one file with name
"named.conf.tsigkeys" at
/etc/bind -
root@dhcpt:/etc/bind# cat named.conf.tsigkeys
key "my-tsig" {
algorithm "ECDSAP256SHA256";
secret "ESkrVALONh7Rj4UZVsOy54Y2SIJiY5HYhoQdxJLuWPk=";
};
--> below is the error received when i restart named service
root@dhcpt:/etc/bind# named-checkconf
/etc/bind/named.conf.tsigkeys:2: unknown algorithm 'ECDSAP256SHA256'
Any help is greatly appreciated.
Regards,
Mounika
On Thu, 11 Jan 2024 15:49:18 +1100, Mark Andrews wrote
> Firstly show what you are actually doing. It it too much for you to actually
> cut-and-paste what you are doing?
>
> Secondly BIND 9.18 is at 9.18.22. Version 9.18.8 is seriously out of date.
>
> > On 11 Jan 2024, at 15:21, pvs via bind-users
> > wrote:
> >
> > Hello,
> >
> > I'm using ubuntu 22.04 server on which bind 9.18.8 service is running.
> > I'm trying to generate dnssec-key by using the command "dnssec-keygen -a
> > RSASHA512
-b 2048 -n zone example.com"
> >
> > After doing this, it is generating both public key and private key. When I
> > generate
a file with aprivate key in /etc/bind directory, it is throwing error 'unknown
algorithm 'RSASHA512'
> > Same error is thrown when tried with other algorithms like ECDSAP256SHA256,
> > RSASHA1,
RSASHA256 etc
> > Any help is greatly appreciated.
> >
> > --
> > Regards,
> >
> > पं. विष्णु शंकर P. Vishnu Sankar
> > टीम लीडर Team Leader-Network Operations
> > सी-डॉट C-DOT
> > इलैक्ट्रॉनिक्स सिटी फेज़ I Electronics City Phase I
> > होसूर रोड बेंगलूरु Hosur Road Bengaluru – 560100
> > फोन Ph 91 80 25119466
> > --
> > Disclaimer :
> > This email and any files transmitted with it are confidential and intended
> > solely
for the use of the individual or entity to whom they are addressed.
> > If you are not the intended recipient you are notified that disclosing,
> > copying,
distributing or taking any action in reliance on the contents of this
information is
strictly prohibited.
> > The sender does not accept liability for any errors or omissions in the
> > contents of
this message, which arise as a result.
> > --
> > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> > this
list
> >
> > ISC funds the development of this software with paid support subscriptions.
> > Contact
us at https://www.isc.org/contact/ for more information.
> >
> >
> > bind-users mailing list
> > bind-users@lists.isc.org
> > https://lists.isc.org/mailman/listinfo/bind-users
>
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
>
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
### Please consider the environment and print this email only if necessary . Go
Green
###
Disclaimer :
This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you are not the intended recipient you are notified that disclosing,
copying, distributing or taking any action in reliance on the contents of this
information is strictly prohibited. The sender does not accept liability
for any errors or omissions in the contents of this message, which arise as a
result.
--
Open WebMail Project (http://openwebmail.org)
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: dnssec-key 'unknown algorithm RSASHA512'
Firstly show what you are actually doing. It it too much for you to actually cut-and-paste what you are doing? Secondly BIND 9.18 is at 9.18.22. Version 9.18.8 is seriously out of date. > On 11 Jan 2024, at 15:21, pvs via bind-users wrote: > > Hello, > > I'm using ubuntu 22.04 server on which bind 9.18.8 service is running. > I'm trying to generate dnssec-key by using the command "dnssec-keygen -a > RSASHA512 -b 2048 -n zone example.com" > > After doing this, it is generating both public key and private key. When I > generate a file with aprivate key in /etc/bind directory, it is throwing > error 'unknown algorithm 'RSASHA512' > Same error is thrown when tried with other algorithms like ECDSAP256SHA256, > RSASHA1, RSASHA256 etc > Any help is greatly appreciated. > > -- > Regards, > > पं. विष्णु शंकर P. Vishnu Sankar > टीम लीडर Team Leader-Network Operations > सी-डॉट C-DOT > इलैक्ट्रॉनिक्स सिटी फेज़ I Electronics City Phase I > होसूर रोड बेंगलूरु Hosur Road Bengaluru – 560100 > फोन Ph 91 80 25119466 > -- > Disclaimer : > This email and any files transmitted with it are confidential and intended > solely for the use of the individual or entity to whom they are addressed. > If you are not the intended recipient you are notified that disclosing, > copying, distributing or taking any action in reliance on the contents of > this information is strictly prohibited. > The sender does not accept liability for any errors or omissions in the > contents of this message, which arise as a result. > -- > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from > this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
dnssec-key 'unknown algorithm RSASHA512'
Hello, I'm using ubuntu 22.04 server on which bind 9.18.8 service is running. I'm trying to generate dnssec-key by using the command "dnssec-keygen -a RSASHA512 -b 2048 -n zone example.com" After doing this, it is generating both public key and private key. When I generate a file with aprivate key in /etc/bind directory, it is throwing error 'unknown algorithm 'RSASHA512' Same error is thrown when tried with other algorithms like ECDSAP256SHA256, RSASHA1, RSASHA256 etc Any help is greatly appreciated. -- Regards, पं. विष्णु शंकर P. Vishnu Sankar टीम लीडरTeam Leader-Network Operations सी-डॉट C-DOT इलैक्ट्रॉनिक्स सिटी फेज़ IElectronics City Phase I होसूर रोड बेंगलूरु Hosur Road Bengaluru – 560100 फोन Ph91 80 25119466 -- Disclaimer : This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. The sender does not accept liability for any errors or omissions in the contents of this message, which arise as a result. -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
