TSIG/IP Transactions

Danny Mayer mayer at gis.net
Sun Jun 2 13:51:44 UTC 2002

At 12:36 PM 5/31/02, rwatson at OFDA.NET wrote:
>So, what is the carot for using TSIG signed transactions if only to make the
>zone marginally more secure?

If your ISP's can't support TSIG, you should either tell them that they need
to upgrade or find yourself a new ISP.  TSIG has been around for a long time
so anyone not able to support TSIG is running a version of BIND or other DNS
Server which is full of security holes. If you are concerned enough to want to
use TSIG, you should be concerned that the slaves you want to use are running
DNS software with all the latest security fixes.


More information about the bind-users mailing list