In addition, they support the TSIG protocol, which allows DNS clients to establish a secure session with the server to publish Dynamic DNS records or to request secure DNS lookups without incurring the cost and complexity of full DNSSEC support.
A modified GSS-TSIG - using the Windows Kerberos Server - was implemented by Microsoft Windows Active Directory servers and clients called Secure Dynamic Update.
•
RFC 4635 was circulated to allow RFC 3174 Secure Hash Algorithm (SHA1) hashing and FIPS PUB 180-2 SHA-2 hashing to replace MD5.
TSIG |
Microsoft developed alternative technology (GSS-TSIG) based on Kerberos authentication.