"Transaction signatures (TSIG) is a mechanism used to secure DNS
messages and to provide secure server-to-server communication. This
includes zone transfer, notify, and recursive query messages. TSIG
uses shared secrets and a one-way hash function to authenticate DNS
messages, particularly responses and updates.
"This tutorial discusses the security mechanisms implemented in
BIND to secure DNS messages and name servers using TSIG
configurations."