I run bind on my authoritative nameservers. I run linux on a number of laptops. When these laptops are provided a DHCP address, they use SIG(0) to authenticate a forwards zone update to update their current (DHCP provided) IPv4 address into the Zone. I've been doing this for years - ever since Johan Ihrén taught me how to do so on his DNS training courses. A number of other people may also be doing this for the same reason. This is totally automatic - just once in a while, I update the SIG(0) "password".
If there is another newer way that does the same - I'd be willing to look at it - otherwise I enjoy this current methodology. On 19/06/2018 23:41, Wellington, Brian wrote: > SIG(0) was implemented in BIND 9 back when BIND 9 was basically the only > modern implementation, and no one used it then. The fact that no servers > have implemented it since then means that there really isn’t any demand. > > Brian > >> On Jun 19, 2018, at 2:20 PM, Mark Andrews <ma...@isc.org> wrote: >> >> SIG(0) is much superior for machines updating their own data to TSIG as you >> don’t need a secondary storage for the TSIG key. You can replace a master >> server without having to worry about transferring TSIG secrets off a dead >> machine. You just copy the zone from a slave and go. >> >> There are other scenarios where it is also superior like automaton >> delegating In the reverse tree. >> >> No I don’t think it should go. >> >> It should be widely implemented so it can be used. There is a lot of self >> fulfilling prophecy in the DNS of people will never is this so we won’t >> implement it. >> >> -- >> Mark Andrews >> >>> On 20 Jun 2018, at 06:48, Ondřej Surý <ond...@isc.org> wrote: >>> >>> Hi, >>> >>> as far as I could find on the Internet there are only SIG(0) implementation >>> in handful DNS implementations - BIND, PHP Net_DNS2 PHP library, >>> Net::DNS(::Sec) Perl library, trust_dns written in Rust and perhaps others >>> I haven’t found; no mentions of real deployment was found over the Internet >>> (but you can blame Google for that)... >>> >>> Do people think the SIG(0) is something that we should keep in DNS and it >>> will be used in the future or it is a good candidate for throwing off the >>> boat? >>> >>> Ondrej >>> -- >>> Ondřej Surý >>> ond...@isc.org >>> >>> _______________________________________________ >>> DNSOP mailing list >>> DNSOP@ietf.org >>> https://www.ietf.org/mailman/listinfo/dnsop >> _______________________________________________ >> DNSOP mailing list >> DNSOP@ietf.org >> https://www.ietf.org/mailman/listinfo/dnsop > > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop -- Mark James ELKINS - Posix Systems - (South) Africa m...@posix.co.za Tel: +27.128070590 Cell: +27.826010496 For fast, reliable, low cost Internet in ZA: https://ftth.posix.co.za
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
