TKEY record
Encyclopedia
TKEY is a record type of the Domain Name System
.
TKEY RRs can used in number of different modes to establish shared keys between a DNS resolver and Server
.
Domain name system
The Domain Name System is a hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities...
.
TKEY RRs can used in number of different modes to establish shared keys between a DNS resolver and Server
Name server
In computing, a name server is a program or computer server that implements a name-service protocol. It maps a human-recognizable identifier to a system-internal, often numeric, identification or addressing component....
.
TKEY record format
| Field | Description | Length (octet Octet (computing) An octet is a unit of digital information in computing and telecommunications that consists of eight bits. The term is often used when the term byte might be ambiguous, as there is no standard for the size of the byte.-Overview:... s) |
|---|---|---|
| NAME | Key name, which must be unique on client and server | (variable) |
| TYPE | TKEY (249) | 2 |
| CLASS | ANY (255) | 2 |
| TTL | 0 (since TKEY records must not be cached) | 4 |
| RDLENGTH | Length of RDATA field | 2 |
| RDATA | Variable-length structure containing the timestamp, algorithm, mode, hash data and error | (variable) |
Mode Field values
- 0 - Reserved
- 1 - Server assignment
- 2 - Diffie-Hellman exchange
- 3 - Generic Security Service Algorithm for Secret Key TransactionGeneric Security Service Algorithm for Secret Key TransactionGSS-TSIG is an extension to the TSIG DNS authentication protocol for secure key exchange. It is a GSS-API algorithm which uses Kerberos for passing security tokens to provide authentication, integrity and confidentiality.GSS-TSIG uses a mechanism like SPNEGO with Kerberos or NTLM...
- 4 - Resolver assignment
- 5 - key deletion
- 6-65534 - available
- 65535 - reserved;