head 1.2; access; symbols RELENG_5_5_0_RELEASE:1.1.1.1.28.1 RELENG_5_5:1.1.1.1.28.1.0.6 RELENG_5_5_BP:1.1.1.1.28.1 RELENG_5_4_0_RELEASE:1.1.1.1.28.1 RELENG_5_4:1.1.1.1.28.1.0.4 RELENG_5_4_BP:1.1.1.1.28.1 RELENG_4_11_0_RELEASE:1.1.1.1 RELENG_4_11:1.1.1.1.0.30 RELENG_4_11_BP:1.1.1.1 RELENG_5_3_0_RELEASE:1.1.1.1.28.1 RELENG_5_3:1.1.1.1.28.1.0.2 RELENG_5_3_BP:1.1.1.1.28.1 RELENG_5:1.1.1.1.0.28 RELENG_5_BP:1.1.1.1 RELENG_4_10_0_RELEASE:1.1.1.1 RELENG_4_10:1.1.1.1.0.26 RELENG_4_10_BP:1.1.1.1 RELENG_5_2_1_RELEASE:1.1.1.1 RELENG_5_2_0_RELEASE:1.1.1.1 RELENG_5_2:1.1.1.1.0.24 RELENG_5_2_BP:1.1.1.1 v8_3_7:1.1.1.1 RELENG_4_9_0_RELEASE:1.1.1.1 RELENG_4_9:1.1.1.1.0.22 RELENG_4_9_BP:1.1.1.1 v8_3_6:1.1.1.1 RELENG_5_1_0_RELEASE:1.1.1.1 RELENG_5_1:1.1.1.1.0.20 RELENG_5_1_BP:1.1.1.1 RELENG_4_8_0_RELEASE:1.1.1.1 RELENG_4_8:1.1.1.1.0.18 RELENG_4_8_BP:1.1.1.1 v8_3_4:1.1.1.1 RELENG_5_0_0_RELEASE:1.1.1.1 RELENG_5_0:1.1.1.1.0.16 RELENG_5_0_BP:1.1.1.1 RELENG_4_7_0_RELEASE:1.1.1.1 RELENG_4_7:1.1.1.1.0.14 RELENG_4_7_BP:1.1.1.1 RELENG_4_6_2_RELEASE:1.1.1.1 RELENG_4_6_1_RELEASE:1.1.1.1 v8_3_3:1.1.1.1 RELENG_4_6_0_RELEASE:1.1.1.1 RELENG_4_6:1.1.1.1.0.12 RELENG_4_6_BP:1.1.1.1 v8_3_2_t1b:1.1.1.1 RELENG_4_5_0_RELEASE:1.1.1.1 RELENG_4_5:1.1.1.1.0.10 RELENG_4_5_BP:1.1.1.1 RELENG_4_4_0_RELEASE:1.1.1.1 RELENG_4_4:1.1.1.1.0.8 RELENG_4_4_BP:1.1.1.1 v8_2_4:1.1.1.1 RELENG_4_3_0_RELEASE:1.1.1.1 RELENG_4_3:1.1.1.1.0.6 RELENG_4_3_BP:1.1.1.1 v8_2_3:1.1.1.1 RELENG_4_2_0_RELEASE:1.1.1.1 v8_2_3_t6b:1.1.1.1 ISC:1.1.1 RELENG_4_1_1_RELEASE:1.1.1.1 PRE_SMPNG:1.1.1.1 RELENG_4_1_0_RELEASE:1.1.1.1 RELENG_3_5_0_RELEASE:1.1.1.1.2.1 RELENG_4_0_0_RELEASE:1.1.1.1 RELENG_4:1.1.1.1.0.4 RELENG_4_BP:1.1.1.1 RELENG_3_4_0_RELEASE:1.1.1.1.2.1 RELENG_3:1.1.1.1.0.2 v8_2_2_p5:1.1.1.1; locks; strict; comment @# @; 1.2 date 2004.09.24.19.48.40; author des; state dead; branches; next 1.1; 1.1 date 99.11.30.02.41.50; author peter; state Exp; branches 1.1.1.1; next ; 1.1.1.1 date 99.11.30.02.41.50; author peter; state Exp; branches 1.1.1.1.2.1 1.1.1.1.28.1; next ; 1.1.1.1.2.1 date 99.12.13.15.05.41; author peter; state Exp; branches; next ; 1.1.1.1.28.1 date 2004.09.26.03.09.22; author des; state dead; branches; next ; desc @@ 1.2 log @Retire the BIND 8 sources. @ text @ BIND trusted-keys Statement

BIND Configuration File Guide--trusted-keys Statement

Syntax

 
trusted-keys { 
  [ domain_name number number number string; ]
};

Definition and Usage

 The trusted-keys statement is for use with DNSSEC-style security, originally specified in RFC 2065. DNSSEC is meant to provide three distinct services: key distribution, data origin authentication, and transaction and request authentication. A complete description of DNSSEC and its use is beyond the scope of this document, and readers interested in more information should start with RFC 2065 and then continue with the Internet Drafts.

Each trusted key is associated with a domain name. Its attributes are the non-negative integral flags, protocol, and algorithm, as well as a base-64 encoded string representing the key.

A trusted key is added when a public key for a non-authoritative zone is known, but cannot be securely obtained through DNS. This occurs when a signed zone is a child of an unsigned zone. Adding the trusted key here allows data signed by that zone to be considered secure.

[ BIND Config. File | BIND Home | ISC ]

Last Updated: $Id: trusted-keys.html,v 1.4 1999/09/15 20:28:02 cyarnell Exp $
@ 1.1 log @Initial revision @ text @@ 1.1.1.1 log @Import bind v8.2.2.p5, minus the crypto for the time being. The bind package does have BXA export approval, but the licensing strings on the dnssafe code are a bit unpleasant. The crypto is easy to restore and bind will run without it - just without full dnssec support. Obtained from: The Internet Software Consortium (www.isc.org) @ text @@ 1.1.1.1.28.1 log @MFC: BIND 9 and related bits. Approved by: re @ text @@ 1.1.1.1.2.1 log @MFC: bind 8.2.2.p5 Urged by: imp, alfred, and a whole bunch of other folks. Approved by: jkh (a few days ago) @ text @@