dnskeygen -H 256 -h -n 2000011501.linuxservers.tsigkey.
Generating 256 bit HMAC-MD5 Key for 2000011501.linuxservers.tsigkey.
Generated 256 bit Key for 2000011501.linuxservers.tsigkey. id=0 alg=157 flags=513

$ ls *tsigkey*
K2000011501.linuxservers.tsigkey.+157+00000.key
K2000011501.linuxservers.tsigkey.+157+00000.private

$ cat K2000011501.linuxservers.tsigkey.+157+00000.private
Private-key-format: v1.2
Algorithm: 157 (HMAC)
Key: HW/WyHCn8q312B7tzjAx3X2XmmZG86AqHQmn+QyB6CA=
-H 256 sets the key size, in the range 1-512. -h requests creation of a host
key. -n 2000011501.linuxservers.tsigkey. specifies the name of the key.

The name of each key needs to be unique. i.e. two keys should not share the
same name, hence the slightly unusual name I've given it.

=======================================================	named.conf
key 2000011501.linuxservers.tsigkey. {
	algorithm "hmac-md5";
	secret "HW/WyHCn8q312B7tzjAx3X2XmmZG86AqHQmn+QyB6CA=";
};
On server1 use:

server 10.0.0.2 {   # 10.0.0.2 is the IP address of server2
	keys {
	"2000011501.linuxservers.tsigkey.";
	};
};

and on server2 use:

server 10.0.0.1 {   # 10.0.0.1 is the IP address of server1
	keys {
	"2000011501.linuxservers.tsigkey.";
	};
};
-----------------------------------------------------
ndc reconfig
-----------------------------------------------------
acl this-machine {
	127.0.0.1;
};
	 
 acl private-networks {
	10.0.0.0/8;
	172.16.0.0/12;
	192.168.0.0/16;
};
				  
zone "kung.foo" in {
	type master;
	file "zone/kung.foo";
	allow-query { this-machine; private-networks; };
	allow-transfer { this-machine; private-networks; };
};