Commit acc3fa04 authored by Tony Finch's avatar Tony Finch Committed by Mark Andrews

A bit more cleanup in the dnssec-keygen manual

Remove another remnant of shared secret HMAC-MD5 support.

Explain that with currently recommended setups DNSKEY records are
inserted automatically, but you can still use $INCLUDE in other cases.
parent 48a7efaf
5186. [cleanup] More dnssec-keygen manual tidying. [GL !1678]
5185. [placeholder]
5184. [bug] Missing unlocks in sdlz.c. [GL #936]
......
......@@ -571,10 +571,12 @@
key.
</para>
<para>
The <filename>.key</filename> file contains a DNS KEY record
that
can be inserted into a zone file (directly or with a $INCLUDE
statement).
The <filename>.key</filename> file contains a DNSKEY or KEY record.
When a zone is being signed by <command>named</command>
or <command>dnssec-signzone</command> <option>-S</option>, DNSKEY
records are included automatically. In other cases,
the <filename>.key</filename> file can be inserted into a zone file
manually or with a <userinput>$INCLUDE</userinput> statement.
</para>
<para>
The <filename>.private</filename> file contains
......@@ -582,11 +584,6 @@
fields. For obvious security reasons, this file does not have
general read permission.
</para>
<para>
Both <filename>.key</filename> and <filename>.private</filename>
files are generated for symmetric cryptography algorithms such as
HMAC-MD5, even though the public and private key are equivalent.
</para>
</refsection>
<refsection><info><title>EXAMPLE</title></info>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment