Cisco Cisco Prime IP Express 8.3 Technical References

 

 

    key - Manage TSIG key objects

  Synopsis

 

    key list 
    key listnames
    key listbrief
    key <name> show
    key <name> create <secret> [<attribute>=<value>...]
    key <name> delete
    key <name> get <attribute>
    key <name> set <attribute>=<value> [<attribute>=<value> ...]
    key <name> unset <attribute> 
    
    

  Description

 

    The key command creates and manages transaction signature (TSIG)
    keys for DNS updates, zone transfers, queries, and recursions. 
    TSIG security, as defined in RFC 2845, enables both DNS and DHCP
    servers to authenticate DNS updates. TSIG security uses the 
    HMAC-MD5 (or keyed MD5) algorithm to generate a signature that 
    is used to authenticate the requests and responses. The DHCP 
    server uses TSIG keys to create TSIG resource records while 
    processing DNS updates.

    To configure TSIG security on a DHCP server, you must first 
    create a shared key, then enable DNS update for your scopes 
    by setting the dynamic-dns attribute to update-all). Also, 
    enable the dynamic-dns-tsig attribute for forward or reverse
    zones for the scope or on the server level. 

  Examples

 

  Status

 

  See Also
   
 
  Attributes
 
 

algorithm 

(hmac-md5=1) default = hmac-md5

 

The algorithm that this key is used with.  Currently we only
support hmac-md5.

 

id 

 

Displays an integer id for the key.

 

secret 

 required

 

A base64 encoded string used for transaction authentication.

 

security-type 

(TSIG=1) default = TSIG

 

The type of security that this key is going to be used for.
Currently we only support TSIG keys.

 

tenant-id