trusted-keys.html revision 15a44745412679c30a6d022733925af70a38b715
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<!--
- Copyright (C) 1999, 2000 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
- THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
- DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
- IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
- INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
- INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
- FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
- NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
- WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-->
<HTML>
<HEAD>
<TITLE>BIND trusted-keys Statement</TITLE>
</HEAD>
<BODY>
<H2>BIND Configuration File Guide--<CODE>trusted-keys</CODE> Statement</H2>
<HR>
<A NAME="Syntax"><H3>Syntax</H3></A>
<PRE>
trusted-keys {
[ <VAR><A HREF="docdef.html">domain_name</A></VAR> <VAR><A HREF="docdef.html">number</A></VAR> <VAR><A HREF="docdef.html">number</A></VAR> <VAR><A HREF="docdef.html">number</A></VAR> <VAR>string</VAR>; ]
};
</PRE>
<HR>
<A NAME="Usage"><H3>Definition and Usage</H3></A>
The <CODE>trusted-keys</CODE>
statement is for use with DNSSEC-style security, originally specified
in RFC 2065. DNSSEC is meant to
provide three distinct services: key distribution, data origin
authentication, and transaction and request authentication. A
complete description of DNSSEC and its use is beyond the scope of this
document, and readers interested in more information should start with
RFC 2065</A> and then continue with the
<A HREF="http://www.ietf.org/ids.by.wg/dnssec.html">
Internet Drafts</A>.</P>
<P>Each trusted key is associated with a domain name. Its attributes are
the non-negative integral <VAR>flags</VAR>, <VAR>protocol</VAR>, and
<VAR>algorithm</VAR>, as well as a base-64 encoded string representing
the key.</P>
A trusted key is added when a public key for a non-authoritative zone is
known, but cannot be securely obtained through DNS. This occurs when
a signed zone is a child of an unsigned zone. Adding the trusted
key here allows data signed by that zone to be considered secure.</P>
<HR>
<HR>
<ADDRESS>
</ADDRESS>
</BODY>
</HTML>