Concise Guide to DNS and BIND, The

Security Enhancements

BIND 9 has several security enhancements.

TSIG

TSIG is how BIND signs transactions. In Chapter 9, "Dynamic DNS," I explained how TSIG is used to sign dynamic update requests. BIND 9 supports TSIG for queries, the NOTIFY protocol, and zone transfers. It enables you to know who sent the information and that it has not been changed in transit.

BIND 9's software for creating keys has been renamed and changed somewhat. Whereas the BIND 8 version of the key generator required a FQDN for host keys, the BIND 9 documentation recommends naming keys after both the hosts that share it. Say I want to make a shared key for ns.penguin.bv and ns.walruss.bv. However, because the names are identical, I use the next part of their names, ...

Get Concise Guide to DNS and BIND, The now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Concise Guide to DNS and BIND, The by Nicolai Langfeldt

Security Enhancements

TSIG

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly