curvedns-keygen creates a pair of CurveDNS public and private keys in
the directory ./env used by tinydns, rbldns and/or walldns in their own
environment setup by tinydns-conf, rbldns-conf and/or walldns-conf.
The public key is given as file name uz5..... including the
hexadecimal public key as content.
The private key is binary stored in CURVEDNS_PRIVATE_KEY. This file is
read by the respective servers to answer DNSCurve encrypted queries and
replying to those guaranteeing the confidentiality of the exchanged DNS
Upon call of curvedns-keygen both the public and the private key are
generated, stored, and displayed together with their hexademcimal
values on the console. The last step can be avoided (for automatic
generation) directing the output to /dev/null. New keys require to
remove the previous keys before, thus they are not overwritten.
The file CURVEDNS_PRIVATE_KEY should be readable ONLY by the servers
which can be achieved while generating those as root user.
The public key uz5..... needs to be delegated as your name server's
primary hostname to the superior name server together with the server's
IPv4 and/or IPv6 address (glue) in order to serve as 'trust anchor'.
curvedns-keygen exits 0 in case the keys have been generated and 100 if
errors during generation were encountered. Error code indicate memory
tinydns-conf(8), rbldns-conf(8), walldns-conf(8)
Man(1) output converted with