TSIG / SIG0 / <something> for securing stub -> recursive server.

[Warren Kumari]

Hi all,

I'm not sure if I'm just missing something obvious, but I haven't  
figured out a clean way to accomplish this.

For various reasons I would like to be able to query my own nameserver  
while traveling -- I don't want to make it an open recursive, so I  
figured I should just be able to use something like TSIG / SIG(0) /   
something...

Configuring BIND to require TSIG for queries is fairly simple, but I  
am not having any luck figuring out how to make the stub resolver  
generate TSIG queries. A quick grep'ing of libresolv leads me to  
believe that it may be doable, but a quick peer at the code made my  
head hurt...

I would like this to "just work" on OS X and Linux -- does anyone know  
if there is support for this?

W

P.S:

Yes, I realize that I *could* accomplish this by running a nameserver  
locally (which I happen to do anyway, but...) or tunneling my DNS  
traffic over SSH / IPSec / etc, but none of these seem elegant...


--
Some people are like Slinkies......Not really good for anything but  
they still bring a smile to your face when you push them down the  
stairs.