Configuring TSIG keys

Configuring TSIG keys

Configuring TSIG keys

 

TSIG (Transaction Signature)

TSIG is a security protocol used in the Domain Name System (DNS) to provide authenticated and secure communications between DNS servers and between DNS servers and clients. TSIG uses shared secret keys and cryptographic signatures to validate that the DNS messages are authentic and have not been tampered with. It's primarily used for

  1. Securing Zone Transfers: Ensuring that AXFR zone transfers occur only between authorized servers.
  2. Securing Dynamic Updates: Authenticating requests to update DNS records dynamically, especially in Dynamic DNS (DDNS) environments.
  3. Authenticating DNS Queries and Responses: Verifying the authenticity of both the query and the response in DNS transactions.
  4. TSIG adds an additional layer of security to DNS operations that is not provided by standard DNS, which by itself has no mechanism for authenticating the source or integrity of DNS data.

    TSIG Key Templates in DDI Central

    The Key Templates are saved under the TSIG Key Templates tab on the Config page with the following fields as shown below:

    Key Name

    The Key Name is mainly used to identify the key across the primary and secondary name servers. Ensure a unique name is assigned to the key.

    Algorithm

    TSIG Algorithm serves essentially as a cryptographic hash function that executes HMAC operations to generate the TSIG key value. Currently, CloudDNS supports the following algorithms HMAC MD5, HMAC SHA1, HMAC SHA224, HMAC SHA256, HMAC SHA384, and HMAC SHA512 to generate the TSIG key.

    Secret Key

    The secret key value is an encoded base64 string with a maximum value of 255 characters that acts as a shared signature to provide transaction-level authentication for the name servers during zone transfer operations.


                  New to ADSelfService Plus?

                    • Related Articles

                    • Configuring TSIG keys

                      TSIG (Transaction Signature) TSIG is a security protocol used in the Domain Name System (DNS) to provide authenticated and secure communications between DNS servers and between DNS servers and clients. TSIG uses shared secret keys and cryptographic ...
                    • Configuring ACL

                      Configuring ACL (Access Control List) An ACL in the context of network administration is a set of rules that control network traffic and limit access to networks and network resources based on predefined criteria. In DNS servers like ISC BIND, ACLs ...
                    • Configuring DNSSEC

                      DNSSEC DNSSEC, short for Domain Name System Security Extensions, is a suite of specifications for securing certain kinds of information provided by the Domain Name System (DNS). It is designed to protect against a range of DNS attacks such as cache ...
                    • Configuring Microsoft DNS Resource Records

                      Configuring DNS Resource Records(RR) DNS records hold information about domain names, and their associated IP addresses. They are stored in authoritative DNS servers and consist of a series of text files written in DNS syntax, a string of characters ...
                    • Configuring Linux DNS Resource Records

                      Configuring DNS Records DNS records hold information about domain names, and their associated IP addresses. They are stored in authoritative DNS servers and consist of a series of text files written in DNS syntax, a string of characters that directs ...