README
¶
Name
tsig - validate incoming TSIG signed messages
Description
With tsig, you can define TSIG secret keys. Using those keys, tsig validates incoming TSIG messages. This is only done for notifies and zone transfers. It does not itself sign messages; it is up to the respective handler sending those to use the data added to the context by tsig. See the "Context" section for details.
Syntax
tsig NAME ALGORITHM SECRET
- SECRET must be base64 encoded. NAME is the name of the key (this is a domain name, and may thus
contain dots). And ALGORITHM is the key's algorithm like
hmac-sha512for instance. See theHmac*constants in the dns package.
Examples
example.org {
tsig example.org.key hmac-sha512 NoTCJU+DMqFWywaPyxSijrDEA/eC3nK0xi3AMEZuPVk=
dbhost ... {
# ...
}
}
Context
The tsig handler adds the following keys to the context:
| Key | Type | Example | Description |
|---|---|---|---|
tsig/status |
bool |
true | The validation status of TSIG. |
tsig/name |
string |
example.org.key. | Name, as configured. |
tsig/secret |
string |
No...Pkv= | Secret, as configured. |
tsig/algorithm |
string |
hmac-sha512. | Algorithm, as configured. |
Each of these can be used by respective "upstream" handlers to sign messages. Note tsig does not register a
tsig/msgfunc as these are unconditionally executed by all handlers that returns a message.
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type Tsig ¶
func (*Tsig) HandlerFunc ¶
func (t *Tsig) HandlerFunc(next dns.HandlerFunc) dns.HandlerFunc
Source Files
Click to show internal directories.
Click to hide internal directories.