Hello everyone,

I am exploring the possibilities TSIG offers; for the environment I work
in TSIG seems fine, since it is easy to set up and offers a reasonable degree
of security from employees doing zone transfers or hammering my machines
with recursive queries.

And since I am about to use TSIG as widely as possible, I would like to know
if there are any reasons not to use TSIG.

I can think of just one: TSIG cannot be used to verify zone-content the way DNSSEC
can. Also, regular queries don't get covered by this.

But otherwise?
(In case it matters, we currently have a test setup where TSIG is used for
"allow-transfer {}" and "allow-notify {}".)

Benjamin Walkenhorst