Bind9 Kerberos authentication
Rob Austein
Rob_Austein at isc.org
Wed Jan 7 18:29:01 UTC 2009
At Wed, 07 Jan 2009 09:51:07 +1000, Da Rock wrote:
>
> I'm trying to find some more clarification on how to use kerberos for
> dnssec. I thought it may have been possible a while ago, was told there
> was only tsig, then found a reference to it in the Administrators guide.
>
> I've been trying to find a tutorial or howto (or at least something) on
> google but with no luck at all.
>
> Anyone here that could help?
You're confusing DNS object security with DNS channel security.
There's a (hideously complex) specification for using Kerberos to
provide DNS channel security ("GSS-TSIG"). There is no mechanism for
using Kerberos to provide DNS object security ("DNSSEC"), nor is there
likely to be.
More information about the bind-users
mailing list