ISC BIND TSIG and rndc Key Definition
The key statement can be used not only in the context of address match lists and of rndc keys within the rndc.conf file but also within named.conf and/or within the view statement block to define corresponding keys on the server as well as keys for transaction signatures, TSIG. The format of the key statement block is
| key key_name { | |
| algorithm algorithm; | |
| secret key; | |
| }; | |
where:
- key_name is the name of the key that can be referenced in controls, address_match_list, acl, and other allow statements.
- algorithm is the encryption algorithm used to create the key; currently, only hmac-md5 is supported.
- key is the secret key value.
Both 'ends' of the connection, whether two DNS servers, a DHCP server and a DNS server, or other control or update source and the DNS server must have matching key statements and corresponding key values in order to validate the digital signature of the message.