Bind 9.14 and bind-tools 9.16

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Bind 9.14 and bind-tools 9.16

@lbutlr
With my install of bind 9.14 bindtools 9.16.0 was also installed.

This version is missing some (legacy) algorithms that I am still using on my system, specifically hmac-sha256

    dnssec-keygen [options] name

Version: 9.16.0
    name: owner of the key
Options:
    -a <algorithm>:
        RSASHA1 | NSEC3RSASHA1 |
        RSASHA256 | RSASHA512 |
        ECDSAP256SHA256 | ECDSAP384SHA384 |
        ED25519 | ED448 | DH
 
This is the only version of bind-tools in FreeBSD 12.1 AFAICT.

I need to generate hmac-sha256 for lets encrypt/dehydrated (at least that is what the documentation says).

dnssec-keygen -a HMAC-SHA512 -b 512 -n HOST -K <KEYPATH> _acme-challenge.<domain

--
"Are you pondering what I'm pondering?"
"I think so, Brain, but 'Snowball for Windows’?"


_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

RE: Bind 9.14 and bind-tools 9.16

Bind-Users forum mailing list
It looks to me as if you are trying to generate a TSIG key for DNS updates. Try using "tsig-keygen" instead.

Stuart

> -----Original Message-----
> From: bind-users [mailto:[hidden email]] On Behalf Of
> @lbutlr
> Sent: Monday, 2 March 2020 1:13 PM
> To: bind-users
> Subject: Bind 9.14 and bind-tools 9.16
>
> With my install of bind 9.14 bindtools 9.16.0 was also installed.
>
> This version is missing some (legacy) algorithms that I am still using on
> my system, specifically hmac-sha256
>
>     dnssec-keygen [options] name
>
> Version: 9.16.0
>     name: owner of the key
> Options:
>     -a <algorithm>:
>         RSASHA1 | NSEC3RSASHA1 |
>         RSASHA256 | RSASHA512 |
>         ECDSAP256SHA256 | ECDSAP384SHA384 |
>         ED25519 | ED448 | DH
>
> This is the only version of bind-tools in FreeBSD 12.1 AFAICT.
>
> I need to generate hmac-sha256 for lets encrypt/dehydrated (at least that
> is what the documentation says).
>
> dnssec-keygen -a HMAC-SHA512 -b 512 -n HOST -K <KEYPATH> _acme-
> challenge.<domain
>
> --
> "Are you pondering what I'm pondering?"
> "I think so, Brain, but 'Snowball for Windows’?"
>
>
> _______________________________________________
> Please visit
> https://urldefense.com/v3/__https://lists.isc.org/mailman/listinfo/bind-
> users__;!!N14HnBHF!v5sIUD50pNXv63eja8IZq6Nsp6hrn4TY2GnWaJB6TMF2WQNbTnrP1fC
> u0u1Snq24f4xJl5w$  to unsubscribe from this list
>
> bind-users mailing list
> [hidden email]
> https://urldefense.com/v3/__https://lists.isc.org/mailman/listinfo/bind-
> users__;!!N14HnBHF!v5sIUD50pNXv63eja8IZq6Nsp6hrn4TY2GnWaJB6TMF2WQNbTnrP1fC
> u0u1Snq24f4xJl5w$
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users