Jump to first page
 -13
Transaction Signature: TSIG
nTSIG (RFC 2845)
uauthorizing dynamic updates & zone transfers
uauthentication of caching forwarders
ucan be used without deploying other features of DNSSEC
nOne-way hash function over:
uDNS question or answer
u& the timestamp
nSigned with Òshared secretÓ key
nUsed in server configuration, not in zone file
Additional notes:
¥ Always use TSIG to secure zone transfers between primary and secondary.
¥ Dynamic updates and DNSSEC opens up specific set of problems.
¥ Shared secret also called symmetric key cryptography.
¥ Symmetric key cryptography is fast. It can be used Ôon the flyÕ.