Products
Support & Training
Resources
Partners
Home

The Men & Mice IP Address Management blog has educational, informational as well as product related material, both videos and articles for everyone and anyone interested in IP Address management, DNS, DHPC, IPv6, DNSSEC and more....

Subscribe via E-mail

Your email:

Ask the Experts!

Do you have a question about DNS, DHCP, IP Address Management, DNSSEC, IPv6 or anything really?

Then go ahead, Ask our Experts! It's FREE
The best thing is, you don't have to be a client of Men & Mice to ask a question!!

First Name *

Last Name *

Email (we will keep your email completely private) *

Questions or comments *

Ask the Expert" />

Latest Posts

Unparalleled support for DNS Servers and tightened Security
DNSSEC & DANE – E-Mail security reloaded
Introduction to the Men & Mice Web Service API
[Webinar] IETF 90 Report – DNS, DHCP, IPv6 and DANE
RIPE 68 report
Men & Mice Suite version 6.6 released
On-link vs Off-Link Packet Delivery: Unicast, Multicast, Anycast
Immediate ROI with the Men & Mice Suite during transition to Open Source DHCP
DNS wildcards demystified
Delve deep into DNSSEC

log a Support Request</a>." display="None" validationGroup="ISBBLatest" id="dnn__ctl5__ctl0_BigProblemCV" evaluationfunction="CustomValidatorEvaluateIsValid" style="color:Red;display:none;">

log a Support Request</a>." display="None" validationGroup="ISBBPopular" id="dnn__ctl6__ctl0_BigProblemCV" evaluationfunction="CustomValidatorEvaluateIsValid" style="color:Red;display:none;">

The Men & Mice Blog

Current Articles | RSS Feed

Generating TSIG key for BIND 10

Posted by Men & Mice on Fri, Feb 15, 2013

Email Article

The first Release Candidate of the new DNS and DHCP server from ISC, BIND 10 (bind10.isc.org) was released on February 15, 2013.

Men & Mice is monitoring and supporting the BIND 10 development, and as part of that, our engineers sometimes create little helpful tools to share with the community.

TSIG keys

TSIG is short for Transaction Signatures, defined in RFC 2845 "Secret Key Transaction Authentication for DNS (TSIG)". TSIG is primarily used to authenticate DNS zone transfer between DNS servers, and to secure dynamic DNS updates.

BIND 10 supports TSIG for both zone transfer and dynamic updates, but it does not contain a tool to create the TSIG keys. While it is possible to use the tools from BIND 9 (https://www.isc.org/wordpress/software/bind/) or ldns (ldns-keygen, www.nlnetlabs.nl/projects/ldns/), installing these tools along with BIND 10 might be too much overhead.

Men & Mice engineers have written a small tool in Python called b10-gentsigkey.py (https://github.com/menandmice/b10-gentsigkey).

The tool creates by default an HMAC-MD5 key with 128bits size and prints the key on the screen:

# b10-gentsigkey.py example.com
example.com:rc4VdlEPMFan4D+9icDEkg==:hmac-md5

b10-gentsigkey options:

Usage: b10-gentsigkey.py [--help | options] name

Options:

 -h, --help              show this help message and exit
 -a ALGORITHM, --algorithm=ALGORITHM
                         algorithm for the TSIG key
 -b SIZE, --bytes=SIZE
                         size of the key
 -f                      print bindctl CLI command

b10-gentsigkey supports all the TSIG algorithms that are also supported by BIND 10 ('hmac-md5', 'hmac-sha1', 'hmac-sha224', 'hmac-sha256', 'hmac-sha384', 'hmac-sha512').

Using the "-f" (Format) switch, the tool will print the bindctl command to enter the TSIG key into the BIND 10 configuration. That command can be copy-n-paste into the bindctl command line:

# b10-gentsigkey.py -a hmac-sha256 -b 256 -f example.de
config add tsig_keys/keys "example.de:M2nrsQWVEAuAfm67U2Gdfj2dFfJIPay9ZFMukXSSCiY=:hmac-sha256"
config commit

this output can be directly piped into bindctl:


# b10-gentsigkey.py -a hmac-sha1 -b 256 -f example.com | bindctl

We hope to bring a similar command into the BIND 10 CLI (bindctl), so that no external tool is required to create TSIG keys by an external tool.

Until then, enjoy this little tool.

If you are interested in learning more about BIND 10, Men & Mice is working close with ISC to deliver the first industry training on this new version of the BIND name server software in Amsterdam, Netherlands from February 20th - 21st, 2013. You can learn more about it from the Men & Mice BIND 10 workshop page.

Tags: BIND 10, TSIG keys

Comments

Post Comment
Name *
Email *
Website (optional)
Comment * Allowed tags: <a> link, <b> bold, <i> italics
Receive email when someone replies. Subscribe to this blog by email.

log a Support Request</a>." display="None" validationGroup="ISBizBlogger" id="dnn__ctl0__ctl0_BigProblemCV" evaluationfunction="CustomValidatorEvaluateIsValid" style="color:Red;display:none;">

Email article

Email To :
Your name :
Message : (maximum 200 characters)
</td></tr></table></div></div></div></div></div></div></div></div></div></div> <div style="position:absolute; z-index:98; top:0px; width:100%; padding-top:2px; background-color:#fafafa; border-bottom: 1px solid #bbb; -webkit-box-shadow: 0 4px 4px -2px #ccc; -moz-box-shadow: 0 4px 4px -2px #ccc; box-shadow: 0 4px 4px -2px #ccc;" class="container" id="h9xt2"> <div class="row"> <div class="col-md-3"> <form name="src" id="src" action="/index.php" method="post"> <div id="ricerca" class="ricerca"> <table style="margin: 9px 0 9px 0;"> <tr> <td> <a href="https://search.gipoco.com" title="free experimental uncensored search engine - home page"> <img src="/img/logo_mini.png" alt="free experimental uncensored search engine" class="logo"> </a> </td><td> <input type="button" id="srcbtn" value="🔍" alias-label="open search form" style="margin:5px 5px 5px 16px; color:#000;" onclick="document.getElementById('srcform').style.display='block';document.getElementById('srcbtn').style.display='none'"> </td><td> <div style="margin:4px 4px 4px 4px"> <a href="https://stats.gipoco.com" title="view page-rank and visitors counter and free website stats"> <script type="text/javascript"> /* <![CDATA[ / document.write('<img src="https://stats.gipoco.com/stat.php?c00=188&c01=188&c02=188&c30=170&c20=255&c21=0&l=&m=&refr=&x='+screen.width+'&y='+screen.height+'" alt="visitors counter and page-rank checker and web-site statistics" style="margin-left:9px; width:70px; height:26px; border: 1px solid #fff" />'); / ]]> */ </script> </a> </div> </td> </tr> </table> <table style="margin: 9px 0 9px 0; display:none" id="srcform"> <tr> <td> SEARCH: </td> <td> <input type="text" name="txt" aria-label="type something to search" size="11" style="margin-left:5px; color:#000;"> <input type="submit" value="🔍" alias-label="press to search" style="margin-left:5px; color:#000;"> </td> </tr> </table> </div> </form> </div> <div class="col-md-3"> <div style="margin-top:3px; font-size:16px; padding-bottom:15px;"> Related searches: <br/><a href="https://search.gipoco.com/search/display/" title="display" style="margin:4px;"><b> display </b></a> <a href="https://search.gipoco.com/search/support/" title="support" style="margin:4px;"><b> support </b></a> <a href="https://search.gipoco.com/search/example/" title="example" style="margin:4px;"><b> example </b></a> <a href="https://search.gipoco.com/search/dnssec/" title="dnssec" style="margin:4px;"><b> dnssec </b></a> <a href="https://search.gipoco.com/search/command/" title="command" style="margin:4px;"><b> command </b></a> </div> </div> <div class="col-md-5"> <div class="hidden-xs" style="margin-top:10px; font-size:13px;"> <strong>gipoco.com</strong> is neither affiliated with the authors of this page or responsible <br> for its contents. This is a safe-cache copy of the original web site. </div> <div class="visible-xs" style="margin-top:0; font-size:16px; margin-bottom:8px;"> <strong>gipoco.com</strong> is neither affiliated with the authors of this page nor responsible for its contents. This is a safe-cache copy of the original web site. </div> </div> <div class="col-md-1"> </div> </div> </div> <style> body{font-size:16px;line-height:1.5;padding-top:240px;} table td{font-size:16px;line-height:1.5;} </style> </div> </body> </html>

SUBSCRIBE