At Wed, 07 Jan 2009 09:51:07 +1000, Da Rock wrote:
>
> I'm trying to find some more clarification on how to use kerberos for
> dnssec. I thought it may have been possible a while ago, was told there
> was only tsig, then found a reference to it in the Administrators guide.
>
> I've been trying to find a tutorial or howto (or at least something) on
> google but with no luck at all.
>
> Anyone here that could help?
You're confusing DNS object security with DNS channel security.
There's a (hideously complex) specification for using Kerberos to
provide DNS channel security ("GSS-TSIG"). There is no mechanism for
using Kerberos to provide DNS object security ("DNSSEC"), nor is there
likely to be.
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
