我正在配置 BIND9 以从Let's Encrypt获取通配符证书。当我尝试根据此处的说明生成 TSIG 密钥时,出现以下错误:
# dnssec-keygen -a HMAC-SHA512 -b 512 -n HOST keyname.
dnssec-keygen: fatal: unknown algorithm HMAC-SHA512
然后我读的帮助和文档有关dnssec-keygen,不存在所谓的算法HMAC-SHA512确实:
# dnssec-keygen -h
Usage:
dnssec-keygen [options] name
Version: 9.14.2
name: owner of the key
Options:
-K <directory>: write keys into directory
-a <algorithm>:
RSASHA1 | NSEC3RSASHA1 |
RSASHA256 | RSASHA512 |
ECDSAP256SHA256 | ECDSAP384SHA384 |
ED25519 | ED448 | DH
-3: use NSEC3-capable algorithm
-b <key size in bits>: …bind9 ×1