To create a TSIG key, you specify a name for the key, an algorithm, and the length of
the key in bits.
Address Manager can create the key value automatically, or you can
manually type a Base64-encoded string for the key. Use the manual option when you
need to add keys that already exist on your DNS and DHCP servers to Address Manager.
To add a TSIG key:
-
Select the Global tab in the sidebar, then select
Configurations.
-
Select the name of a configuation.
-
Select the TSIG keys tab.
-
Select New.
-
Under General, set the following parameters:
- Name—enter a name for the TSIG key. The name can't contain
spaces.
- Algorithm—select an algorithm for the key, either
hmac-md5, hmac-sha1, hmac-sha256. or
hmac-sha512.
- Length (bits)—select the length of the key, either 128,
256, or 512 bits.
- Auto generate secret—select the checkbox to generate the key
automatically. Keys created with this option can be regenerated with the
Emergency Rollover function. Alternatively, deselect this checkbox to
type or copy and paste the key manually in the Secret field that
is displayed. Keys created with this option cannot be regenerated with
the Emergency Rollover function.
- Secret—this field is displayed when you deselect the Auto
generate secret checkbox. Enter or copy and paste a
Base64-encoded key string in this field. The key must match the
algorithm and length options selected in the Algorithm and
Length fields.
-
In the Change control
section, add comments if required.
-
Select Create to create or add the TSIG key and return
to the TSIG keys tab, select or Create and add another to
create or add the TSIG key and re-open the Create TSIG key
window.