Novell LINUX ENTERPRISE SERVER 10 SP2 - INSTALLATION AND ADMINISTRATION Installation Manual page 656

Generate a TSIG key with the following command (for details, see
man dnssec-keygen):
dnssec-keygen -a hmac-md5 -b 128 -n HOST host1-host2
This creates two files with names similar to these:
Khost1-host2.+157+34265.private Khost1-host2.+157+34265.key
The key itself (a string like ejIkuCyyGJwwuN3xAteKgg==) is found in both files.
To use it for transactions, the second file (Khost1-host2.+157+34265.key)
must be transferred to the remote host, preferably in a secure way (using scp, for exam-
ple). On the remote server, the key must be included in the file /etc/named.conf
to enable a secure communication between host1 and host2:
key host1-host2. {
algorithm hmac-md5;
secret ";ejIkuCyyGJwwuN3xAteKgg==;
};
WARNING: File Permissions of /etc/named.conf
Make sure that the permissions of /etc/named.conf are properly restricted.
The default for this file is 0640, with the owner being root and the group
named. As an alternative, move the keys to an extra file with specially limited
permissions, which is then included from /etc/named.conf. To include an
external file, use:
include
Replace filename with an absolute path to your file with keys.
To enable the server host1 to use the key for host2 (which has the address
192.168.2.3 in this example), the server's /etc/named.conf must include the
following rule:
server 192.168.2.3 {
keys { host1-host2. ;};
};
Analogous entries must be included in the configuration files of host2.
638 Installation and Administration
"filename"