<refsection><info><title>EXAMPLE</title></info>
<para>
- To generate a 768-bit DSA key for the domain
+ To generate an ECDSAP256SHA256 key for the domain
<userinput>example.com</userinput>, the following command would be
issued:
</para>
- <para><userinput>dnssec-keygen -a DSA -b 768 -n ZONE example.com</userinput>
+ <para><userinput>dnssec-keygen -a ECDSAP256SHA256 -n ZONE example.com</userinput>
</para>
<para>
The command would print a string of the form:
</para>
- <para><userinput>Kexample.com.+003+26160</userinput>
+ <para><userinput>Kexample.com.+013+26160</userinput>
</para>
<para>
In this example, <command>dnssec-keygen</command> creates
- the files <filename>Kexample.com.+003+26160.key</filename>
+ the files <filename>Kexample.com.+013+26160.key</filename>
and
- <filename>Kexample.com.+003+26160.private</filename>.
+ <filename>Kexample.com.+013+26160.private</filename>.
</para>
</refsection>
<para>
The following command signs the <userinput>example.com</userinput>
- zone with the DSA key generated by <command>dnssec-keygen</command>
- (Kexample.com.+003+17247). Because the <command>-S</command> option
- is not being used, the zone's keys must be in the master file
+ zone with the ECDSAP256SHA256 key generated by key generated by
+ <command>dnssec-keygen</command> (Kexample.com.+013+17247).
+ Because the <command>-S</command> option is not being used,
+ the zone's keys must be in the master file
(<filename>db.example.com</filename>). This invocation looks
for <filename>dsset</filename> files, in the current directory,
so that DS records can be imported from them (<command>-g</command>).
</para>
<programlisting>% dnssec-signzone -g -o example.com db.example.com \
-Kexample.com.+003+17247
+Kexample.com.+013+17247
db.example.com.signed
%</programlisting>
<para>
projects / thirdparty / bind9.git / commitdiff
