tsig-keygen - TSIG key generation tool
NAME SYNOPSIS DESCRIPTION OPTIONS SEE ALSO Author CopyrightNAME
tsig-keygen − TSIG key generation tool
SYNOPSIS
tsig−keygen [−a algorithm] [−h] [name]
DESCRIPTION
tsig−keygen is an utility that generates keys for use with TSIG (Transaction Signatures) as defined in RFC 2845 <https://datatracker .ietf.org/doc/html/rfc2845.html>. The resulting keys can be used, for example, to secure dynamic DNS updates to a zone, or for the rndc <# std-iscman-rndc> command channel.
A domain name can be specified on the command line to be used as the name of the generated key. If no name is specified, the default is tsig−key.
OPTIONS
−a algorithm
This option specifies the algorithm to use for the TSIG key. Available choices are: hmac−md5, hmac−sha1, hmac−sha224, hmac−sha256, hmac−sha384, and hmac−sha512. The default is hmac−sha256. Options are case−insensitive, and the "hmac−" prefix may be omitted.
|
−h |
This option prints a short summary of options and arguments. |
SEE ALSO
nsupdate(1) <#std-iscman-nsupdate>, named.conf(5) <#std-iscman-named .conf>, named(8) <#std-iscman-named>, BIND 9 Administrator Reference Manual.
Author
Internet Systems Consortium
Copyright
2026, Internet Systems Consortium