On 24/07/15 17:52, Mark Elkins wrote: > TSIG is a step towards better security. Rather learn how to use it than > go backwards. I see TSIG as a step towards DNSSEC...
I also agree with this principle. At the RIPE NCC we've been trying to get all the operators we provide secondary for to use TSIG. It's an uphill struggle. Some don't even know how to generate the keys, while others configure it incorrectly, or have the incorrect time on the server. Nevertheless, we're getting there, and I'm hopeful that these operators have slightly better configurations as a result of our insistence on TSIG. Regards, Anand _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users