TSIG

Niall O'Reilly Niall.oReilly at ucd.ie
Wed Mar 14 14:45:34 UTC 2007


On 14 Mar 2007, at 13:19, Sangoi, Nehal (GE Supply, consultant) wrote:
> How to implement TSIG in Bind 8 and later?

	I never tried with BIND 8.

	I've had no difficulty setting up TSIG with (successive releases of)  
BIND 9.

	All I had to do was
	 - read the relevant sections of the ARM twice or so;
	 - choose the name of the key for each pair of organizations involved;
	 - have the slave partner generate the key (locating responsibility for
	   the key and related master access with the slave partner);
	 - arrange secure communication of the key (eg: PGP-protected e-mail);
	 - place key definitions in a separate configuration file with tighter
	   access restrictions than the named.conf, and use 'include' to refer
	   to the separate file;
	 - add key references in 'server' blocks in named.conf;
	 - (NB) make sure the date and time on the systems involved were kept
	   synchronized (using NTP).

	This is all "top-of-the-head" from memory.  I hope I haven't either  
left
	anything significant out or made any errors.

	



More information about the bind-users mailing list