Careful key generation is a sometimes overlooked but absolutely essential element in any cryptographically secure system. The strongest algorithms used with the longest keys are still of no use if an adversary can guess enough to lower the size of the likely key space so that it can be exhaustively searched. Suggestions will be found in RFC 1750.
It is strongly recommended that key generation also occur off-line, perhaps on the machine used to sign zones (see Section 7.2).