Create a public private key pair
# dnssec-keygen -a HMAC-MD5 -n HOST -b 128 signed
The keys
# ls *signed* Ksigned.+157+22132.key Ksigned.+157+22132.private
# cat Ksigned.+157+29131.key signed. IN KEY 512 3 157 Dabcdr5JO39Z4321JeCh8g==
Add key(s) to the conf files,
eg:
on 1.1.1.1
key signed { algorithm hmac-md5; secret "Dabcdr5JO39Z4321JeCh8g=="; }; server 2.2.2.2 { transfer-format many-answers; keys { signed.; }; };and on 2.2.2.2
key signed { algorithm hmac-md5; secret "Dabcdr5JO39Z4321JeCh8g=="; }; server 1.1.1.1 { transfer-format many-answers; keys { signed.; }; };
Bind9 signed zone transfers