On Tue, Apr 19, 2016, at 05:19 PM, Evan Hunt wrote:
> The "bad key type" message is a bug; it's been there for a while
...
> KEY is in fact what *should* be there, but the collision-
> checking function is expectingly DNSKEY, and so it complains.
Ok, so the data's good; just the detection whines
> Sure that's what I was doing anyway.
>
> To be clean, I'm not saying it's bad.
>
> It's returning the "bad key type" .
>
> I'm just trying to understand what the problem is.
I'm sorry, I hadn't read your initial message clearly enough.
The "bad key type" message is a bug; it's been there
On Tue, Apr 19, 2016, at 04:25 PM, Evan Hunt wrote:
> It's not "bad", dnssec-keygen can generate TSIG keys fine, it's just that
> it's cumbersome to remember all the options, and the keys are generated in
> a format that isn't directly useful.
Sure that's what I was doing anyway.
To be clean,
On Tue, Apr 19, 2016 at 02:57:42PM -0700, jaso...@mail-central.com wrote:
> Looks like tsig-keygen is also from bind
>
> rpm -q --whatprovides /usr/sbin/dnssec-keygen /usr/sbin/tsig-keygen
> bind-utils-9.10.3P4-215.1.x86_64
> bind-utils-9.10.3P4-215.1.x86_64
>
>
On Tue, Apr 19, 2016, at 02:24 PM, Evan Hunt wrote:
> On Tue, Apr 19, 2016 at 07:40:38AM -0700, jaso...@mail-central.com wrote:
> > I'm working on generating TSIG keys for use with my bind server.
>
> I think you'll be happier if you use "tsig-keygen" instead of "dnssec-keygen".
Huh. Didn't
On Tue, Apr 19, 2016 at 07:40:38AM -0700, jaso...@mail-central.com wrote:
> I'm working on generating TSIG keys for use with my bind server.
I think you'll be happier if you use "tsig-keygen" instead of "dnssec-keygen".
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
I'm working on generating TSIG keys for use with my bind server.
When I generate a 2nd set of keys in a dir, I get a "bad key type" error,
DIR="/home/me/test/nsupdate"
HOST="myhost.example.com"
dnssec-keygen -V
dnssec-keygen 9.10.3-P4
cd $DIR
7 matches
Mail list logo
