TSIG-KEYGEN(8) BIND 9 TSIG-KEYGEN(8)
NAME
tsig-keygen - TSIG key generation tool
SYNOPSIS
tsig-keygen [-a algorithm] [-h] [name]
DESCRIPTION
tsig-keygen is an utility that generates keys for use with TSIG (Trans-
action Signatures) as defined in RFC 2845 <https://datatracker.ietf.org/
doc/html/rfc2845.html>. The resulting keys can be used, for example, to
secure dynamic DNS updates to a zone, or for the rndc <#std-iscman-rndc>
command channel.
A domain name can be specified on the command line to be used as the
name of the generated key. If no name is specified, the default is
tsig-key.
OPTIONS
-a algorithm
This option specifies the algorithm to use for the TSIG key.
Available choices are: hmac-md5, hmac-sha1, hmac-sha224,
hmac-sha256, hmac-sha384, and hmac-sha512. The default is
hmac-sha256. Options are case-insensitive, and the "hmac-" prefix
may be omitted.
-h This option prints a short summary of options and arguments.
SEE ALSO
nsupdate(1) <#std-iscman-nsupdate>, named.conf(5) <#std-iscman-named
.conf>, named(8) <#std-iscman-named>, BIND 9 Administrator Reference
Manual.
Author
Internet Systems Consortium
Copyright
2026, Internet Systems Consortium
9.20.21-1~deb13u1-Debian 2026-03-13 TSIG-KEYGEN(8)
Generated by dwww version 1.16 on Sun Mar 29 14:56:15 CEST 2026.