On 12/24/20 3:05 PM, Mark Andrews wrote:
TSIG, GSS-TSIG and SIG(0) are all secure mechanisms to update DNS zones.
Thank you for the follow up Mark. It's good to know that they are secure mechanisms.With all the churn in the TLS space, I can't keep up with it, much less have any idea how the concepts cross pollinate to other things.
MacOS uses TSIG to update the DNS. Windows uses GSS-TSIG in active directory.
*nod* Jan-Piet Mens has a good article on this.
SIG(0) is in future work for home net updating records added on a first come basis. It can also be used to update records added by other means as long as the KEY records where added at the same time.
Would you please elaborate what you mean by "on a first come basis"? Is it simply the first person to put a KEY record, or someone that has knowledge there of?
Thank you for enlightening me. -- Grant. . . . unix || die
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
