Re: Format of 'dig -k' TSIG key file?

2009-08-22 Thread Hauke Lampe
Joseph S D Yao wrote: It turned out that this latter file was needed, but for some inexplicable reason perhaps having to do with library routines [I have not gone chasing down the code], it ALSO wants the mynet.private file! The nsupdate manpages mentions this behaviour in the BUGS section:

Re: Format of 'dig -k' TSIG key file?

2009-08-22 Thread Joseph S D Yao
On Sat, Aug 22, 2009 at 02:45:19PM +0200, Hauke Lampe wrote: Joseph S D Yao wrote: It turned out that this latter file was needed, but for some inexplicable reason perhaps having to do with library routines [I have not gone chasing down the code], it ALSO wants the mynet.private file!

Re: Format of 'dig -k' TSIG key file?

2009-08-21 Thread Joseph S D Yao
After some experimenting, here is the whole answer, hinted at by one response on this mailing list. On Thu, Jul 30, 2009 at 05:40:54PM -0400, Joseph S D Yao wrote: ... In dig(1), the '-k' option is said to require a TSIG key file as an option. I have a TSIG file with a comment header and the

Re: Format of 'dig -k' TSIG key file?

2009-07-31 Thread Mark Andrews
In message 20090730174054.h23...@gwyn.tux.org, Joseph S D Yao writes: I assume someone can answer this; but Google has not been able to be my friend on this one. In dig(1), the '-k' option is said to require a TSIG key file as an option. I have a TSIG file with a comment header and the

Re: Format of 'dig -k' TSIG key file?

2009-07-31 Thread Mark Elkins
On Thu, 2009-07-30 at 17:40 -0400, Joseph S D Yao wrote: What does work is: dig -y mynet.:Ain/tGonnaTellNoWay== axfr example.zone @other.example.zone but I really, really find this not altogether pleasant. This gets a bit more funkie when you are not using the default key-algorithm of

Re: Format of 'dig -k' TSIG key file?

2009-07-31 Thread Joseph S D Yao
On Fri, Jul 31, 2009 at 03:32:48PM +1000, Mark Andrews wrote: In message 20090730174054.h23...@gwyn.tux.org, Joseph S D Yao writes: ... Plus, I'm curious to know what 'dig -k' really wants to see. A keyfile as generated by dnssec-keygen -a HMAC-*. ... Of which there are two - a .key file

Re: Format of 'dig -k' TSIG key file?

2009-07-31 Thread Mark Andrews
In message 20090731171804.b23...@gwyn.tux.org, Joseph S D Yao writes: On Fri, Jul 31, 2009 at 03:32:48PM +1000, Mark Andrews wrote: In message 20090730174054.h23...@gwyn.tux.org, Joseph S D Yao writes: ... Plus, I'm curious to know what 'dig -k' really wants to see. A keyfile as

Re: Format of 'dig -k' TSIG key file?

2009-07-31 Thread Joseph S D Yao
On Sat, Aug 01, 2009 at 08:07:16AM +1000, Mark Andrews wrote: ... Network Working GroupD. Eastlake 3rd Request for Comments: 4635 Motorola Laboratories Category: Standards TrackAugust 2006 ... Yah,

Format of 'dig -k' TSIG key file?

2009-07-30 Thread Joseph S D Yao
I assume someone can answer this; but Google has not been able to be my friend on this one. In dig(1), the '-k' option is said to require a TSIG key file as an option. I have a TSIG file with a comment header and the following: key mynet. { algorithm hmac-md5; secret Ain/tGonnaTellNoWay==; };