[ Thanks to Ken Guest
for this link. ]
“The Domain Name System (DNS) is a replicated, distributed,
hierarchical database of information that is a core service needed
for the modern internet to function. If you’re new to the Domain
Name System please read Thomas Bridge’s article. This article is
primarily aimed at those familiar with basic DNS concepts and the
operation and configuration of a DNS server.”
“This article concentrates on BIND, the de-facto standard
implementation of DNS. Other implementations can achieve the same
results using these directions, however the instructions and
examples below are for administrators of a BIND 8.x or BIND 9.x
nameserver.”
“The DNS works on a question-answer model. If a client needs
information from the DNS it sends a question to a DNS server and
the server returns an answer. Until recently it was only possible
for a server to examine a question and determine whether or not to
answer it based on the IP address the question originated from.
This is not ideal. Authentication using source IP address alone is
considered insecure. Transaction Signatures, or TSIG for short, add
cryptographic signatures as a method of authenticating a DNS
conversation. It uses a shared secret to establish trust between
the communicating parties.”