key_id StatementThe key_id statement defines a secret shared key for use with TSIG. It consists of its name, algorithm and key contents.
Supported algoritms:
You need to use bind or ldns utils to generate TSIG keys. Unfortunately, Knot DNS does not have any own generation utilities yet.
$ dnssec-keygen -a HMAC-SHA256 -b 256 -n HOST foobar.example.com
Kfoobar.example.com.+163+21239
$ cat Kfoobar.example.com.+163+21239.key
foobar.example.com. ( IN KEY 512 3 163
rqv2WRyDgIUaHcJi03Zssor9jtG1kOpb3dPywxZfTeo= )
Key generated in previous paragraph would be written as:
keys {
foobar.example.com. hmac-sha256
"rqv2WRyDgIUaHcJi03Zssor9jtG1kOpb3dPywxZfTeo=";
}