TSIG

E192672

TSIG (Transaction SIGnature) is a security protocol used in DNS to authenticate and protect DNS messages between servers using shared secret keys and message authentication codes.

All labels observed (1)

Label Occurrences
TSIG canonical 1

How this entity was disambiguated

Statements (48)

Predicate Object
instanceOf DNS security protocol
authentication mechanism
authenticationModel symmetric key
category DNS authentication
network security protocol
definedIn RFC 2845
differenceFrom DNSSEC uses public key cryptography
TSIG uses shared symmetric keys
errorHandling uses TSIG error codes in DNS responses
fullName Transaction SIGnature
implementedBy BIND
Knot DNS
Windows Server
surface form: Microsoft DNS Server

NSD
PowerDNS
includes MAC over DNS header and data
timestamp in signature
keyManagement manually configured shared secrets
positionInMessage additional section of DNS message
protects DNS messages between servers
provides integrity protection
message authentication
protection against spoofed DNS messages
recordClass ANY
recordType TSIG RR
relatedTo DNSSEC
reliesOn time-based signatures
representedAs DNS resource record
requires pre-shared key configuration on both DNS peers
scope DNS zone transfers
dynamic DNS updates
server-to-server DNS communication
securityProperty does not provide confidentiality
helps prevent replay attacks via timestamps
protects against message tampering
standardizedBy Internet Engineering Task Force
surface form: IETF
status widely implemented in DNS servers
supports HMAC-MD5
HMAC-SHA1
HMAC
surface form: HMAC-SHA256
usedFor securing AXFR zone transfers
securing IXFR zone transfers
securing dynamic updates (RFC 2136)
usedIn Domain Name System
uses HMAC
MAC over DNS message
message authentication codes
shared secret keys

How these facts were elicited

Referenced by (1)

Full triples — surface form annotated when it differs from this entity's canonical label.

DNSSEC relatedStandard TSIG