Closed tlhackque closed 1 year ago
DNS updates (as required for Let's Encrypt SSL certificates), especially with split views, are best secured with TSIG rather than by IP address.
This requires the ability to provide a TSIG file containing the required key.
See the bind9 documentation for details.
If you're using nsupdate to send the updates, the -k switch specifies the key file. For that, see the nsupdate doc.
nsupdate
-k
DNS updates (as required for Let's Encrypt SSL certificates), especially with split views, are best secured with TSIG rather than by IP address.
This requires the ability to provide a TSIG file containing the required key.
See the bind9 documentation for details.
If you're using
nsupdateto send the updates, the-kswitch specifies the key file. For that, see the nsupdate doc.