Quick dynamic DNS?

Grant Taylor gtaylor at tnetconsulting.net
Fri Dec 25 01:21:55 UTC 2020

On 12/24/20 3:05 PM, Mark Andrews wrote:
> TSIG, GSS-TSIG and SIG(0) are all secure mechanisms to update DNS 
> zones.

Thank you for the follow up Mark.

It's good to know that they are secure mechanisms.

With all the churn in the TLS space, I can't keep up with it, much less 
have any idea how the concepts cross pollinate to other things.

> MacOS uses TSIG to update the DNS.
> Windows uses GSS-TSIG in active directory.


Jan-Piet Mens has a good article on this.

> SIG(0) is in future work for home net updating records added on a 
> first come basis.  It can also be used to update records added by 
> other means as long as the KEY records where added at the same time.

Would you please elaborate what you mean by "on a first come basis"?  Is 
it simply the first person to put a KEY record, or someone that has 
knowledge there of?

Thank you for enlightening me.

Grant. . . .
unix || die

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4013 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20201224/7897c270/attachment.bin>

More information about the bind-users mailing list