Two short questions: 1. When I use a TSIG Keys and sniff the pakets during e.g. a zone transfer, are the records still in plain text? If not, do I need DNSSEC then? 2. Why exacly is it better to use TSIG to avoid man-in-the-middle attacks ? (instead of acls)