TSIG Key Management

With the Managed DNS Service, you can use TSIG to transfer zones securely.
On the "TSIG Key Management" screen, you can add and delete TSIG keys. It is also possible to display a list of set TSIG keys.

[ Note ]

  • Be very careful not to leak TSIG keys externally. If there is a possibility that a TSIG key has been leaked externally, we strongly recommend that you create a new TSIG key and replace the old one with the new one.
  • Note that TSIG keys you have created cannot be imported to this service.

[ Reference ]

  • TSIG (Transaction SIGnature) means e-signing on DNS messages, and is a system for preventing the manipulation of data on communication routes (Note that TSIG differs from DNSSEC). Refer to RFC8945 for more information.
  • The hash algorithm that can be used for this service is "hmac-sha256" only.

Add TSIG Key

You can add a TSIG key. You cannot use a TSIG key just by creating one. To use a TSIG key, you need to set a TSIG key in the section of Common Settings and then apply the common settings to zone settings.

  1. Click "Add TSIG Key."
  2. Fill in "TSIG Key Name" and "Comment," and then click "Add."

    ItemDescription
    TSIG Key NameA TSIG key name is required. Once set, you cannot change the name. ".xxxx.d-53.net." at the end is a fixed string that is assigned to each contract.
    CommentYou can enter an arbitrary string.
Set TSIG Key
  1. Click a key name in the TSIG key list.
  2. Detailed information about the TSIG key will appear. In the detailed information, you can delete the TSIG key, edit the comment, and display the TSIG key.

    ItemDescription
    Basic SettingsTSIG Key NameDisplays the TSIG key name. You cannot change the TSIG key name.
    Comment

    Displays the comment you specified arbitrarily at the time of key creation. Click "" to edit the comment.

    Hash AlgorithmDisplays the hash algorithm. You cannot change the hash algorithm.
    Secret
    TSIG KeyExamples

    By selecting a TSIG key example, you can display samples for setting a TSIG key through implementing a typical DNS server (BIND, NSD, Knot). In addition, click "" to copy the sample settings to the clipboard.

Delete TSIG Key
[ Note ]

You cannot restore a TSIG key that has been deleted once before.

  1. Click a key name in the TSIG key list.
  2. Detailed information about the TSIG key will appear. Click "Delete."
Check a List of Common Settings

You can display a list of common settings to which the TSIG key being displayed is applied.

  1. Click a key name in the TSIG key list.
  2. Click "" and then click "List of Applied Common Settings."