Once you have a console-enabled dnsdist, the first step to enable encryption is to generate a key with :func:`makeKey`::
- $ ./dnsdist -l 127.0.0.1:5300
+ $ ./dnsdist -l 127.0.0.1:5300 -C /dev/null
[..]
> makeKey()
setKey("ENCODED KEY")
+The example above tells :program:`dnsdist` not to load the default configuration file (``-C /dev/null``) to prevent it
+from trying to listen on privileged ports, connect to backends, etc. It also instructs :program:`dnsdist` not to listen
+on the default (privileged) port 53 of all available addresses but on an unprivileged and hopefully available
+port 5300 on the local interface instead (``-l 127.0.0.1:5300``).
+
The key does not have a specific format, so base-64 encoding 32 random bytes works as well::
$ dd if=/dev/random bs=1 count=32 status=none | base64
+or using ``openssl``::
+
+ $ openssl rand -base64 32
+
Then add the generated :func:`setKey` line to your dnsdist configuration file, along with a :func:`controlSocket`:
.. code-block:: lua