On Mon, Feb 25, 2019 at 05:04:01PM +0100, Otto Moerbeek wrote:
> I've done some work in a related area, bootstrapping ntpd while using
> a DNSSEC enabled resolver. If the time is off, that does not work atm.
> That work was never finished because of reasons.
*nod* yeah time is a decisive factor. Right now I have the time, but who
knows when it will change (my resume is somewhere in processing).
> But I think the TSIG use case is pretty limited. Who uses it other
> than for zone transfers?
BIND users like me use it. It's a good solution when you're on a dynamic
IP and don't want to use the ISP's nameservers. I use two vps's instead for
my lookups. TSIG is having a passworded access to recursive DNS.
Another potential user of TSIG is dynamic dns updaters, you know isc-dhcpd
updates BIND via dynamic DNS.
Inside the OpenBSD community people probably don't use it other than for zone
transfers though since I think TSIG for queries is lacking in unbound, but I'm
only guessing here. I did some googling years ago and found that there was
not much interest in putting it in unbound, but my memory is weak on this.
> -Otto
Best Regards,
-peter
No comments:
Post a Comment