* Create SIG0 keypair (note the asymetric algorithm and -T KEY)

  dnssec-keygen -a RSASHA512 -b 2048 -n HOST -T KEY mail.svr02.mucip.net

<code>
-rw------- 1 root root    1777 Aug 27 22:53 Kmail.svr02.mucip.net.+010+62877.private
-rw-r--r-- 1 root root     393 Aug 27 22:53 Kmail.svr02.mucip.net.+010+62877.key
</code>

  * Add the content of .key into the appropriate zone

  * Assign permissions in update-policy

Note the local-ddns part that matches the behaviour of ''update-policy local''

<code>
        update-policy {
                grant local-ddns wildcard * ANY;
                grant mail.svr02.mucip.net wildcard * TXT;
        };
</code>