BIND Configuration File Guide--trusted-keys Statement


trusted-keys { 
  [ domain_name number number number string; ]

Definition and Usage

The trusted-keys statement is for use with DNSSEC-style security, originally specified in RFC 2065. DNSSEC is meant to provide three distinct services: key distribution, data origin authentication, and transaction and request authentication. A complete description of DNSSEC and its use is beyond the scope of this document, and readers interested in more information should start with RFC 2065 and then continue with the Internet Drafts.

Each trusted key is associated with a domain name. Its attributes are the non-negative integral flags, protocol, and algorithm, as well as a base-64 encoded string representing the key.

A trusted key is added when a public key for a non-authoritative zone is known, but cannot be securely obtained through DNS. This occurs when a signed zone is a child of an unsigned zone. Adding the trusted key here allows data signed by that zone to be considered secure.

[ BIND Config. File | BIND Home | ISC ]

Last Updated: $Id: trusted-keys.html,v 2000/06/09 23:12:35 wsanchez Exp $