Transaction signatures (TSIG) is a mechanism used to secure DNS messages and to provide secure server-to-server communication. This includes zone transfer, notify, and recursive query messages. TSIG uses shared secrets and a one-way hash function to authenticate DNS messages, particularly responses and updates.
This tutorial discusses the security mechanisms implemented in BIND to secure DNS messages and name servers using TSIG configurations.
