FQDNs in masters-list (was: Help: Secondary for...)

Kevin Darcy kcd at daimlerchrysler.com
Wed Mar 7 18:47:45 UTC 2001

Mark.Andrews at nominum.com wrote:

> > >>>>> "Kevin" == Kevin Darcy <kcd at daimlerchrysler.com> writes:
> >
> >     Kevin> Well, actually, TSIG-authenticated Dynamic Updates work
> >     Kevin> fine, but this is rather beside the point: the original
> >     Kevin> suggestion called for signed *NOTIFYs*, not Dynamic
> >     Kevin> Updates. Signed NOTIFYs are technically illegal, but a
> >     Kevin> slight extension to RFC 1996 would permit them.
>         TSIG covers all messages message types.  If that is not clear
>         from the RFC then it should be made clear (I havn't re-read it).

Sure, TSIG covers all message types, but NOTIFY specifies sending only empty
Additional Sections. Since the Additional Section is where the TSIG record
lives, TSIG-authenticated NOTIFYs are technically illegal (although
non-TSIG aware servers shouldn't have a problem with these, since NOTIFY
recipients must ignore non-empty Additional Sections).

As I said, this would be a slight extension...

- Kevin

More information about the bind-users mailing list