Create a public private key pair
# dnssec-keygen -a HMAC-MD5 -n HOST -b 128 signed
The keys
# ls *signed* Ksigned.+157+22132.key Ksigned.+157+22132.private
# cat Ksigned.+157+29131.key signed. IN KEY 512 3 157 Dabcdr5JO39Z4321JeCh8g==
Add key(s) to the conf files,
eg:
on 1.1.1.1
key signed { algorithm hmac-md5; secret "Dabcdr5JO39Z4321JeCh8g=="; };
server 2.2.2.2 {
transfer-format many-answers;
keys { signed.; };
};
and on 2.2.2.2
key signed { algorithm hmac-md5; secret "Dabcdr5JO39Z4321JeCh8g=="; };
server 1.1.1.1 {
transfer-format many-answers;
keys { signed.; };
};
Bind9 signed zone transfers
