$ /usr/sbin/dnssec-keygen -a HMAC-SHA512 -b 128 -n HOST example.org
Kexample.org.+165+46294
$ cat Kexample.org.+165+46294.key
example.org. IN KEY 512 3 165 ZKiFXX3Q3Nj7TALud8n0fQ==
# <insert: copy/paste all sorts of stuff>
$ /usr/sbin/tsig-keygen example.org
key "example.org" {
algorithm hmac-sha256;
secret "3iwaUeF6pO5QUHR17/tVkNtZZZjpytzK0QWAH07wh5E=";
};
$ /usr/sbin/ddns-confgen
# To activate this key, place the following in named.conf, and
# in a separate keyfile on the system or systems from which nsupdate
# will be run:
key "ddns-key" {
algorithm hmac-sha256;
secret "KEyPhhvJbBroeT87yzWfGcBxTbSBPVGFhJyfmZEu0Wo=";
};
# Then, in the "zone" statement for each zone you wish to dynamically
# update, place an "update-policy" statement granting update permission
# to this key. For example, the following statement grants this key
# permission to update any name within the zone:
update-policy {
grant ddns-key zonesub ANY;
};
# After the keyfile has been placed, the following command will
# execute nsupdate using this key:
nsupdate -k <keyfile>