Recursive server forwarding dynamic updates

Phil Mayers p.mayers at
Wed Oct 2 11:02:26 UTC 2013

On 02/10/13 11:31, Mark Andrews wrote:

> Also TSIG signatures are preserved when UPDATE requests are forwarded.
> TSIG was designed to allow signed messages to be forwarded.  The
> ID field is not covered by the the TSIG to allow the message to be
> forwarded.  The slave does NOT have to know the shared TSIG secret

Interesting, I did not know that.

Presumably this is only true for "stateless" TSIG mechanisms, and not 
those involving TKEY e.g. GSSAPI?

More information about the bind-users mailing list