Configuring The Dns Server With The Public Key - Novell BUSINESS CONTINUITY CLUSTERING 1.2 - ADMINISTRATION Administration Manual

The -a option specifies the cryptographic algorithm. For dynamic DNS, this must be
HMAC-MD5.
The -b options specifies the number of bits in the key. You should use the strongest encryption
possible, which for HMAC-MD5 is 512.
The -n option is the name type. Because a computer is updating the DNS server, use the HOST
name type.
Replace cluster_dns_name with the name of the host. For BCC, the cluster node that hosts the
Novell Cluster Services Master IP Address resource updates the DNS server. Because this can
be any node in the cluster, use the fully qualified name of the cluster as the host name.
For example, enter
dnssec-keygen -a HMAC-MD5 -b 512 -n HOST
cluster1.clusters.site1.company.com
This generates the public and private key files:
Kcluster1.clusters.site1.company.com.+157+60303.key
Kcluster1.clusters.site1.company.com.+157+60303.private
where 60303 represents a randomly generated number created by the utility.
3 Store these files in a secure location, then continue with
Server with the Public Key," on page
The DNS administrator uses these keys to configure your master DNS server.
E.2.2 Configuring the DNS Server with the Public Key
Modify the DNS Server configuration to use the public TSIG key you generated in
"Creating the TSIG Keys for DNS Server Authentication," on page
key information directly in the
location where the key file can be protected.
1 On the DNS Server, open a terminal console, then log in as the
2 Open the
/etc/named.conf
configuration, then save the changes:
include "keys.conf";
3 Go the
/var/lib/named
4 In the
file, create a section for each public key you need to add.
keys.conf
The format of the key section is:
key <cluster_dns_name>. {
algorithm <cryptographic algorithm>;
secret "<the public key secret>";
};
The cluster_dns_name is the same name you used when creating the key with the dnssec-
keygen utility. This name is also found in the public key file that dnssec-keygen created.
The cryptographic algorithm must be HMAC-MD5.
The public key secret is the Base64-encoded secret found in the public key file that the dnssec-
keygen utility created. You can copy and paste the secret from the public key file to the
lib/named/keys.conf
151.
file, but it is more secure to place it in a separate
/etc/named.conf
file in a text editor, add the following line before the zone
directory, then use a text editor to create a
file
Section E.2.2, "Configuring the DNS
Section E.2.1,
150. You can place the public
user.
root
file.
keys.conf
Using Dynamic DNS with BCC 1.2 151
/var/