dnssec-keygen command in Linux with Examples
Last Updated :
01 Sep, 2020
dnssec-keygen command is used to generate keys for DNSSEC (DNS Security Extensions). DNSSEC is an extension to the regular DNS (Domain Name System) technology but with added authentication for the DNS data. This authentication is carried out using public key cryptography technique and the above mentioned command produces the public/private key pair.
Syntax:
dnssec-keygen [options] name
Example:
dnssec-keygen gfg.org
In the above example, keys are generated for gfg.org. Since no options are provided, the default algorithm (RSASHA1) is used for generation and the keys are of the default size (1024 bits).
Working with dnssec-keygen command
1. -b (Key Size) option:
This option specifies the number of bits the key should contain. The size of the key depends upon the algorithm used.
- RSA Algorithm: 512-4096 bits
- DH Algorithm: 128-4096 bits
- DSA Algorithm: 512-1024 bits (multiples of 64)
- HMAC Algorithm: 1-512 bits
Example:
dnssec-keygen -b 1024 gfg.org
2. -a (Algorithm) option:
This option is used to select the crypt algorithm for the key generation. If an algorithm is specified like this, use of the -b to set key size is mandatory. The available algorithms are:
- RSAMD5
- RSASHA1 (default algorithm)
- RSASHA256
- RSASHA512
- DH
- DSA
- HMAC-MD5
- HMAC-SHA1
- HMAC-SHA224
- HMAC-SHA256
- HMAC-SHA384
- HMAC-SHA512
Example:
dnssec-keygen -a RSASHA1 -b 1024 gfg.org
3. -n (Name Type) option:
This option is used to specify the owner type of the key. The accepted values are:
Example:
dnssec-keygen -n ZONE gfg.org
4. -3 option:
This option mandates the creation of the keys using a NSEC3-capable algorithm. NSEC3RSASHA1 will be used by default if no algorithm is mentioned explicitly.
Example:
dnssec-keygen -a RSASHA256 -b 1024 -3 gfg.org
5. -f (Key Flag) option:
This is used to specify a flag for the generated key. The recognized flags are:
- KSK (Key Signing Key)
- REVOKE
Example :
dnssec-keygen -a RSASHA256 -b 1024 -f KSK gfg.org
6. -c (Class) option:
DNS could be partitioned according to the class. This option is used to specify the class that the DNS record should have. If you do not specify anything using this option, IN is used by default. The following are a list of DNS classes:
- IN (Internet) - Default Class
- CH (CHAOS)
- HS (Hesiod)
Example:
dnssec-keygen -c CH gfg.org
7. -t (Type) option:
This option is used to specify the type of the key. AUTHCONF is used by default if not specified explicitly. The possible types are:
- AUTHCONF
- NOAUTHCONF
- NOAUTH
- NOCONF
Example:
dnssec-keygen -a RSASHA256 -b 1024 -t NOAUTH gfg.org
Similar Reads
ed command in Linux with examples Linux 'ed' command is used to start the ed text editor, a very minimal fronted line-based text editor. The lines are very simple in relation to other text files, hence easy to work on, for creating as well as editing, display, and manipulation of files. Since it was the first editor that was include
4 min read
emacs command in Linux with examples Introduction to Emacs Editor in Linux/Unix Systems: The Emacs is referred to a family of editors, which means it has many versions or flavors or iterations. The most commonly used version of Emacs editor is GNU Emacs and was created by Richard Stallman. The main difference between text editors like
5 min read
dmidecode command in Linux with Examples The 'dmidecode' command, short for Desktop Management Interface table decoder, is a powerful utility in Linux that retrieves detailed information about your system's hardware components. This tool reads the DMI table and presents the data in a human-readable format, making it invaluable for system a
4 min read
dumpkeys command in Linux with examples 'dumpkeys' command in Linux is used for the dump keyboard translation tables. It writes to the standard output and the current contents of the keyboard driver's translation tables in the format specified by Keymaps. Part of the kbd package, it displays the key bindings, function key strings, and com
4 min read
as command in linux with examples as command is the portable GNU assembler in Linux. Using as command, we can read and assemble a source file. The main purpose of 'as' is to assemble the output of the GNU compiler of the C language.as command reads and assembles the .s File. Also, whenever you do not specify the file, it normally re
3 min read