To create a TSIG key, you specify a name for the key, an algorithm, and the length of
the key in bits.
Address Manager can create the key value automatically, or you can
manually type a Base64-encoded string for the key. Use the manual option when you
need to add keys that already exist on your DNS and DHCP servers to Address Manager.
To add a TSIG key:
-
From the configuration drop-down menu, select a configuration.
-
Select one of the following tabs: IP Space,
DNS, Devices,
TFTP, or Servers. Tabs
remember the page you last worked on, so select the tab again to ensure
you're on the Configuration information page.
-
Click the TSIG Keys tab.
-
Under TSIG Keys, click New.
-
Under General, set the key name, algorithm, and
length:
- Name—enter a name for the TSIG key. The name
can't contain spaces.
- Algorithm—select an algorithm for the key, either
hmac-md5, hmac-sha1, hmac-sha256. or
hmac-sha512.
Note:
- Forward and Reverse DHCP Zones only support hmac-md5 keys. If you want to secure
Forward or Reverse DHCP Zones, you must create one or more TSIG keys with the
hmac-md5 algorithm.
- TSIG keys that use the hmac-sha512 are only supported on DNS/DHCP Server v9.0.0 and greater.
- Length (bits)—select the length of the key,
either 128, 256, or 512 bits.
-
Under Key Type, select an option for generating the key
value:
- Auto-generate—select this option to generate the
key automatically. Keys created with this option can be regenerated with
the Emergency Rollover function.
- Enter manually—select this option to type or copy
and paste the key manually in the Secret field. Keys created with this
option can't be regenerated with the Emergency Rollover function.
- Secret—this field is available for use when you
select Enter manually. Enter or copy and paste a
Base64-encoded key string in this field. The key must match the
algorithm and length options selected in the
Algorithm and Length
(bits) fields.
-
Under Change
Control, add comments, if required.
-
Click Add.