summaryrefslogtreecommitdiffstats
path: root/doc/arm/sig0.inc.rst
diff options
context:
space:
mode:
Diffstat (limited to 'doc/arm/sig0.inc.rst')
-rw-r--r--doc/arm/sig0.inc.rst28
1 files changed, 28 insertions, 0 deletions
diff --git a/doc/arm/sig0.inc.rst b/doc/arm/sig0.inc.rst
new file mode 100644
index 0000000..048dbea
--- /dev/null
+++ b/doc/arm/sig0.inc.rst
@@ -0,0 +1,28 @@
+.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+..
+.. SPDX-License-Identifier: MPL-2.0
+..
+.. This Source Code Form is subject to the terms of the Mozilla Public
+.. License, v. 2.0. If a copy of the MPL was not distributed with this
+.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
+..
+.. See the COPYRIGHT file distributed with this work for additional
+.. information regarding copyright ownership.
+
+SIG(0)
+------
+
+BIND partially supports DNSSEC SIG(0) transaction signatures as
+specified in :rfc:`2535` and :rfc:`2931`. SIG(0) uses public/private keys to
+authenticate messages. Access control is performed in the same manner as with
+TSIG keys; privileges can be granted or denied in ACL directives based
+on the key name.
+
+When a SIG(0) signed message is received, it is only verified if
+the key is known and trusted by the server. The server does not attempt
+to recursively fetch or validate the key.
+
+SIG(0) signing of multiple-message TCP streams is not supported.
+
+The only tool shipped with BIND 9 that generates SIG(0) signed messages
+is :iscman:`nsupdate`.
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-04 03:13:16 +0000