The trustedkeys Statement

The trusted-keys statement manually defines the public key for a remote domain when that key cannot be securely obtained from the network. Listing B.11 shows the BIND 8 and BIND 9 syntax for the trusted-keys statement.

Listing B.11: The trusted-keys Statement Syntax trusted-keys {

domain_name flags protocol algorithm key; [...]

domain_name The name of the remote domain.

flags, protocol, and algorithm Attributes of the authentication method used by the remote domain. These values are provided by the administrator of the remote domain. They are the flags, protocol, and algorithm field of the remote domain's KEY resource record, which in turn is generated on the remote server using the dnskeygen utility.

key A base-64 encoded string representing the remote domain's public key. This key is obtained from the administrator of the remote domain, who generates it using the dnskeygen utility.

To learn more about how public and private keys are used with DNS, and to learn more about the dnskeygen utility, see Linux DNS Server Administration by Craig Hunt, Sybex, 2001.

Was this article helpful?

0 0

Post a comment