upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-06-11 10:10:00 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

The intermediate files produced by the dnssec tools have a different naming

Browse source 
convention than in 9.0.x
This commit is contained in:
Brian Wellington 2000-11-06 19:52:45 +00:00
parent a99166d1bf
commit bfb69095ae
1 changed files with 10 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
doc/arm/Bv9ARM-book.xml
View file

@ -2,7 +2,7 @@
<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
"http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd">
<!-- File: $Id: Bv9ARM-book.xml,v 1.27 2000/11/06 19:45:52 bwelling Exp $ -->
<!-- File: $Id: Bv9ARM-book.xml,v 1.28 2000/11/06 19:52:45 bwelling Exp $ -->
<book>
@ -1224,11 +1224,14 @@ allow-update { key host1-host2. ;};
of DNSSEC signed zones.</para>
<para>In order to set up a DNSSEC secure zone, there are a series
of steps which must be followed. <acronym>BIND</acronym> 9 ships with several tools
of steps which must be followed. <acronym>BIND</acronym> 9 ships
with several tools
that are used in this process, which are explained in more detail
below. In all cases, the "<option>-h</option>" option prints a
full list of parameters. Note that the DNSSEC tools require the
keyset and signedkey files to be in the working directory.</para>
keyset and signedkey files to be in the working directory, and
that the tools shipped with BIND 9.0.x are not fully compatible
with the current ones.</para>
<para>There must also be communication with the administrators of
the parent and/or child zone to transmit keys and signatures. A
@ -1302,10 +1305,10 @@ allow-update { key host1-host2. ;};
3600 and a signature validity period of 10 days starting from
now.</para>
<para><userinput>dnssec-makekeyset -t 3600 -e +86400 Kchild.example.+003+12345 Kchild.example.+003+23456</userinput></para>
<para><userinput>dnssec-makekeyset -t 3600 -e +864000 Kchild.example.+003+12345 Kchild.example.+003+23456</userinput></para>
<para>One output file is produced:
<filename>child.example.keyset</filename>. This file should be
<filename>keyset-child.example.</filename>. This file should be
transmitted to the parent to be signed. It includes the keys,
as well as signatures over the key set generated by the zone
keys themselves, which are used to prove ownership of the
@ -1328,10 +1331,10 @@ allow-update { key host1-host2. ;};
<para>The following command signs the child's key set with the
zone keys:</para>
<para><userinput>dnssec-signkey grand.child.example.keyset Kchild.example.+003+12345 Kchild.example.+003+23456</userinput></para>
<para><userinput>dnssec-signkey keyset-grand.child.example. Kchild.example.+003+12345 Kchild.example.+003+23456</userinput></para>
<para>One output file is produced:
<filename>grand.child.example.signedkey</filename>. This file
<filename>signedkey-grand.child.example.</filename>. This file
should be both transmitted back to the child and retained. It
includes all keys (the child's keys) from the keyset file and
signatures generated by this zone's zone keys.</para>