Reasons no to use TSIG?
Walkenhorst, Benjamin
Benjamin.Walkenhorst at telekom.de
Wed Oct 6 10:59:09 UTC 2004
Hello everyone,
I am exploring the possibilities TSIG offers; for the environment I work
in TSIG seems fine, since it is easy to set up and offers a reasonable degree
of security from employees doing zone transfers or hammering my machines
with recursive queries.
And since I am about to use TSIG as widely as possible, I would like to know
if there are any reasons not to use TSIG.
I can think of just one: TSIG cannot be used to verify zone-content the way DNSSEC
can. Also, regular queries don't get covered by this.
But otherwise?
(In case it matters, we currently have a test setup where TSIG is used for
"allow-transfer {}" and "allow-notify {}".)
Benjamin Walkenhorst
More information about the bind-users
mailing list