tsig

[Gamer]

Two short questions:

1. When I use a TSIG Keys and sniff the pakets during e.g. a zone
transfer, are the records still in plain text? If not, do I need DNSSEC
then?

2. Why exacly is it better to use TSIG to avoid man-in-the-middle
attacks ? (instead of acls)