%% You should probably cite rfc8945 instead of this I-D. @techreport{ietf-dnsop-rfc2845bis-08, number = {draft-ietf-dnsop-rfc2845bis-08}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-ietf-dnsop-rfc2845bis/08/}, author = {Francis Dupont and Stephen Morris and Paul A. Vixie and Donald E. Eastlake 3rd and Ólafur Guðmundsson and Brian Wellington}, title = {{Secret Key Transaction Authentication for DNS (TSIG)}}, pagetotal = 29, year = ** No value found for 'doc.pub_date.year' **, month = ** No value found for 'doc.pub_date' **, day = ** No value found for 'doc.pub_date.day' **, abstract = {This document describes a protocol for transaction level authentication using shared secrets and one way hashing. It can be used to authenticate dynamic updates to a DNS zone as coming from an approved client, or to authenticate responses as coming from an approved name server. No recommendation is made here for distributing the shared secrets: it is expected that a network administrator will statically configure name servers and clients using some out of band mechanism. This document obsoletes RFC2845 and RFC4635.}, }