I’ve been trying to generate TSIG keys that way I can perform nsupdate on the dns server for the specific zone.
After some reading I found out that “ECDSAP384SHA384” algorithm is recommended and that generation of TSIG keys takes a very long time. When I run the following command:
dnssec-keygen -a ECDSAP384SHA384 -b 4096 -n ZONE example.com dnssec-keygen -k KSK-a ECDSAP384SHA384 -b 4096 -n ZONE example.com
It generates the keys successfully, the only problem is, it does not take a very long time (>1 minute). I did a google search but most people complain about the opposite effect.
Is there any way I can test the integrity of the keys, the generation of the keys looks as follows:
dnssec-keygen -a ECDSAP384SHA384 -b 4096 -n ZONE Kexample.com Generating key pair. Kexample.com.+014+61829
submitted by /u/s3viour
Powered by WPeMatico