To create a TSIG key, you specify a name for the key, an algorithm, and the length of the key in bits.
Address Manager can create the key value automatically, or you can manually type a Base64-encoded string for the key. Use the manual option when you need to add keys that already exist on your DNS and DHCP servers to Address Manager.
To add a TSIG key:
- From the configuration drop-down menu, select a configuration.
- Select one of the following tabs: IP Space, DNS, Devices, TFTP, or Servers. Tabs remember the page you last worked on, so select the tab again to ensure you're on the Configuration information page.
- Click the TSIG Keys tab.
- Under TSIG Keys, click New.
Under General, set the key name, algorithm, and
- Name—enter a name for the TSIG key. The name cannot contain spaces.
- Algorithm—select an algorithm for the key, either
hmac-md5, hmac-sha1, hmac-sha256. or
- Forward and Reverse DHCP Zones only support hmac-md5 keys. If you want to secure Forward or Reverse DHCP Zones, you must create one or more TSIG keys with the hmac-md5 algorithm.
- TSIG keys that use the hmac-sha512 are only supported on DNS/DHCP Server v9.0.0 and greater.
- Length (bits)—select the length of the key, either 128, 256, or 512 bits.
Under Key Type, select an option for generating the key
- Auto-generate—select this option to generate the key automatically. Keys created with this option can be regenerated with the Emergency Rollover function.
- Enter manually—select this option to type or copy and paste the key manually in the Secret field. Keys created with this option cannot be regenerated with the Emergency Rollover function.
- Secret—this field is available for use when you select Enter manually. Enter or copy and paste a Base64-encoded key string in this field. The key must match the algorithm and length options selected in the Algorithm and Length (bits) fields.
- Under Change Control, add comments, if required.
- Click Add.