FQDNs in masters-list (was: Help: Secondary for...)
kcd at daimlerchrysler.com
Wed Mar 7 18:47:45 UTC 2001
Mark.Andrews at nominum.com wrote:
> > >>>>> "Kevin" == Kevin Darcy <kcd at daimlerchrysler.com> writes:
> > Kevin> Well, actually, TSIG-authenticated Dynamic Updates work
> > Kevin> fine, but this is rather beside the point: the original
> > Kevin> suggestion called for signed *NOTIFYs*, not Dynamic
> > Kevin> Updates. Signed NOTIFYs are technically illegal, but a
> > Kevin> slight extension to RFC 1996 would permit them.
> TSIG covers all messages message types. If that is not clear
> from the RFC then it should be made clear (I havn't re-read it).
Sure, TSIG covers all message types, but NOTIFY specifies sending only empty
Additional Sections. Since the Additional Section is where the TSIG record
lives, TSIG-authenticated NOTIFYs are technically illegal (although
non-TSIG aware servers shouldn't have a problem with these, since NOTIFY
recipients must ignore non-empty Additional Sections).
As I said, this would be a slight extension...
More information about the bind-users