TKEY and zone transfer
Evan Hunt
each at isc.org
Wed Jan 30 15:52:52 UTC 2013
> > Also, generate a TSIG key to use for the initial TKEY negotiation.
>
> I thought the point of TKEY was to upgrade from slow public key
> authentication to fast secret key authentication, i.e. that you would
> start off by authenticating the client with SIG(0).
TKEY should work with SIG(0), but I don't have any code to show you
that generates SIG(0)-signed TKEY requests -- keycreate.c in the test
suite uses TSIG, so I adapted the recipe to that.
(Unless some other DNS implementation provides a tool for this purpose?
If you know of one, please let me know.)
--
Evan Hunt -- each at isc.org
Internet Systems Consortium, Inc.
More information about the bind-users
mailing list