tsig indicates error

Anand Buddhdev anandb at ripe.net
Mon Jul 27 08:08:05 UTC 2015

On 24/07/15 17:52, Mark Elkins wrote:

> TSIG is a step towards better security. Rather learn how to use it than
> go backwards. I see TSIG as a step towards DNSSEC...

I also agree with this principle. At the RIPE NCC we've been trying to
get all the operators we provide secondary for to use TSIG. It's an
uphill struggle. Some don't even know how to generate the keys, while
others configure it incorrectly, or have the incorrect time on the
server. Nevertheless, we're getting there, and I'm hopeful that these
operators have slightly better configurations as a result of our
insistence on TSIG.


More information about the bind-users mailing list