Open In App

We use cookies to ensure you have the best browsing experience on our website. By using our site, you acknowledge that you have read and understood our Cookie Policy & Privacy Policy

dnssec-keygen command in Linux with Examples

dnssec-keygen command is used to generate keys for DNSSEC (DNS Security Extensions). DNSSEC is an extension to the regular DNS (Domain Name System) technology but with added authentication for the DNS data. This authentication is carried out using public key cryptography technique and the above mentioned command produces the public/private key pair.

Syntax:



dnssec-keygen [options] name

Example:

dnssec-keygen gfg.org

In the above example, keys are generated for gfg.org. Since no options are provided, the default algorithm (RSASHA1) is used for generation and the keys are of the default size (1024 bits).



Working with dnssec-keygen command

1. -b (Key Size) option:

This option specifies the number of bits the key should contain. The size of the key depends upon the algorithm used.

Example:

dnssec-keygen -b 1024 gfg.org

2. -a (Algorithm) option:

This option is used to select the crypt algorithm for the key generation. If an algorithm is specified like this, use of the -b to set key size is mandatory. The available algorithms are:

Example:

dnssec-keygen -a RSASHA1 -b 1024 gfg.org

3. -n (Name Type) option:

This option is used to specify the owner type of the key. The accepted values are:

Example:

dnssec-keygen -n ZONE gfg.org

4. -3 option:

This option mandates the creation of the keys using a NSEC3-capable algorithm. NSEC3RSASHA1 will be used by default if no algorithm is mentioned explicitly.

Example:

dnssec-keygen -a RSASHA256 -b 1024 -3 gfg.org

5. -f (Key Flag) option:

This is used to specify a flag for the generated key. The recognized flags are:

Example :

dnssec-keygen -a RSASHA256 -b 1024 -f KSK gfg.org

6. -c (Class) option:

DNS could be partitioned according to the class. This option is used to specify the class that the DNS record should have. If you do not specify anything using this option, IN is used by default. The following are a list of DNS classes:

Example:

dnssec-keygen -c CH gfg.org

7. -t (Type) option:

This option is used to specify the type of the key. AUTHCONF is used by default if not specified explicitly. The possible types are: 

Example:

dnssec-keygen -a RSASHA256 -b 1024 -t NOAUTH gfg.org

Article Tags :
Linux-Unix
Recommended Articles
1. How To Generate SSH Key With ssh-keygen In Linux?
2. Ccat – Colorize Cat Command Output command in Linux with Examples
3. How to Display Command History in Linux | history Command
4. select command in Linux with examples
5. ZIP command in Linux with examples
6. atrm command in Linux with examples
7. comm command in Linux with examples
8. cmp Command in Linux with examples
9. expand Command in LINUX with examples
10. df Command in Linux with examples
11. tee command in Linux with examples
12. help Command in Linux with examples
13. fgrep command in Linux with examples
14. rcp Command in Linux with examples
15. less command in Linux with Examples
16. rm command in Linux with examples
17. xargs command in Linux with examples
18. md5sum Command in Linux with Examples
19. fmt command in Linux with examples
20. unexpand command in Linux with Examples
21. basename Command in Linux with examples
22. uniq command in Linux with examples
23. anacron command in linux with examples
24. for command in Linux with Examples
25. exit command in Linux with Examples