TKEY and zone transfer

Evan Hunt each at
Wed Jan 30 15:52:52 UTC 2013

> > Also, generate a TSIG key to use for the initial TKEY negotiation.
> I thought the point of TKEY was to upgrade from slow public key
> authentication to fast secret key authentication, i.e. that you would
> start off by authenticating the client with SIG(0).

TKEY should work with SIG(0), but I don't have any code to show you
that generates SIG(0)-signed TKEY requests -- keycreate.c in the test
suite uses TSIG, so I adapted the recipe to that.

(Unless some other DNS implementation provides a tool for this purpose?
If you know of one, please let me know.)

Evan Hunt -- each at
Internet Systems Consortium, Inc.

More information about the bind-users mailing list