Do I need TSIG for zone transfer on an intranet env?

Joseph S D Yao jsdy at
Fri Jun 30 20:26:55 UTC 2006

On Wed, Jun 28, 2006 at 06:15:31PM -0700, April wrote:
> that's true .. however how many people in Securiy really know DNS?  ;-)
> What I should ask probably is in general, should ACL or TSIG be
> implemented in an intranet env?

I do.  It helps me check off a box that someone comes to ask me about
every once in a while, and it is virtually no trouble at all.

The trouble comes when you need to schedule regular key updates, and
figuring out how to do that if you don't have remote 'ssh' access

Joe Yao
   This message is not an official statement of OSIS Center policies.

More information about the bind-users mailing list