TSIG
Encyclopedia
TSIG is a computer networking protocol defined
in RFC 2845. It is used primarily by the Domain Name System
(DNS) to provide a means of authenticating updates to a Dynamic DNS
database, although it can also be used between servers and for regular queries. TSIG uses shared secret keys and one-way hashing
to provide a cryptographically secure means of identifying each endpoint of a connection as being allowed to make or respond to a DNS update.
Although queries to DNS may be made anonymously (but see DNSSEC
), updates to DNS must be authenticated since they make lasting changes to the structure of the Internet naming system. The use of a key shared by the client making the update and the DNS server guarantees the authenticity of the update request. However, the update request may be passing over an insecure channel (the Internet). A one-way hashing function is used to prevent malicious observers from learning the secret key and using it to make their own modifications.
A timestamp is included in the TSIG protocol to prevent recorded responses from being reused, which would allow an attacker to breach the security of TSIG. This places a requirement on dynamic DNS servers and TSIG clients to contain an accurate clock. Since DNS servers are connected to a network, Network Time Protocol
may be used to provide an accurate time source.
DNS updates, like queries, normally are transported via UDP
since it requires lower overhead than TCP
. However, DNS servers support both UDP and TCP requests.
The response to a successful TSIG update will also be signed with a TSIG record. Failures are not signed to prevent an attacker from learning anything about the TSIG key using specially crafted update "probes".
The nsupdate
program can use TSIG to do DNS updates.
The TSIG record is in the same format as the other records in the update request. The meaning of the fields is described in RFC 1035.
As a result, a number of alternatives and extensions have been proposed.
in RFC 2845. It is used primarily by the Domain Name System
Domain name system
The Domain Name System is a hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities...
(DNS) to provide a means of authenticating updates to a Dynamic DNS
Dynamic DNS
Dynamic DNS or DDNS is a term used for the updating in real time of Internet Domain Name System name servers to keep up to date the active DNS configuration of their configured hostnames, addresses and other information....
database, although it can also be used between servers and for regular queries. TSIG uses shared secret keys and one-way hashing
One-way function
In computer science, a one-way function is a function that is easy to compute on every input, but hard to invert given the image of a random input. Here "easy" and "hard" are to be understood in the sense of computational complexity theory, specifically the theory of polynomial time problems...
to provide a cryptographically secure means of identifying each endpoint of a connection as being allowed to make or respond to a DNS update.
Although queries to DNS may be made anonymously (but see DNSSEC
DNSSEC
The Domain Name System Security Extensions is a suite of Internet Engineering Task Force specifications for securing certain kinds of information provided by the Domain Name System as used on Internet Protocol networks...
), updates to DNS must be authenticated since they make lasting changes to the structure of the Internet naming system. The use of a key shared by the client making the update and the DNS server guarantees the authenticity of the update request. However, the update request may be passing over an insecure channel (the Internet). A one-way hashing function is used to prevent malicious observers from learning the secret key and using it to make their own modifications.
A timestamp is included in the TSIG protocol to prevent recorded responses from being reused, which would allow an attacker to breach the security of TSIG. This places a requirement on dynamic DNS servers and TSIG clients to contain an accurate clock. Since DNS servers are connected to a network, Network Time Protocol
Network Time Protocol
The Network Time Protocol is a protocol and software implementation for synchronizing the clocks of computer systems over packet-switched, variable-latency data networks. Originally designed by David L...
may be used to provide an accurate time source.
DNS updates, like queries, normally are transported via UDP
User Datagram Protocol
The User Datagram Protocol is one of the core members of the Internet Protocol Suite, the set of network protocols used for the Internet. With UDP, computer applications can send messages, in this case referred to as datagrams, to other hosts on an Internet Protocol network without requiring...
since it requires lower overhead than TCP
Transmission Control Protocol
The Transmission Control Protocol is one of the core protocols of the Internet Protocol Suite. TCP is one of the two original components of the suite, complementing the Internet Protocol , and therefore the entire suite is commonly referred to as TCP/IP...
. However, DNS servers support both UDP and TCP requests.
Implementation
An update, as specified in RFC 2136, is a set of instructions to a DNS server. These include a header, the zone to be updated, the prerequisites that must be satisfied, and the record(s) to be updated. TSIG adds a final record, which includes a timestamp and the hash of the request. It also includes the name of the secret key that was used to sign the request. RFC 2535 has recommendations on the form of the name.The response to a successful TSIG update will also be signed with a TSIG record. Failures are not signed to prevent an attacker from learning anything about the TSIG key using specially crafted update "probes".
The nsupdate
Nsupdate
nsupdate is a computer network maintenance utility used by network administrators to request the name server of a DNS zone to update its database...
program can use TSIG to do DNS updates.
The TSIG record is in the same format as the other records in the update request. The meaning of the fields is described in RFC 1035.
| Field | Bytes | Description |
|---|---|---|
| NAME | max 256 | Key name, which must be unique on client and server |
| TYPE | 2 | TSIG (250) |
| CLASS | 2 | ANY (255) |
| TTL Time to live Time to live is a mechanism that limits the lifespan of data in a computer or network. TTL may be implemented as a counter or timestamp attached to or embedded in the data. Once the prescribed event count or timespan has elapsed, data is discarded. In computer networking, TTL prevents a data... |
4 | 0 (since TSIG records must not be cached) |
| RDLENGTH | 2 | Length of RDATA field |
| RDATA | variable | Structure containing the timestamp, algorithm and hash data |
Alternatives to TSIG
Although TSIG is widely deployed, there are several problems with the protocol:- It requires distributing secret keys to each host which must make updates.
- The HMAC-MD5 digest is only 128 bits.
- There are no levels of authority. Any host with the secret key may update any record.
As a result, a number of alternatives and extensions have been proposed.
- RFC 2137 specifies an update method using a public key "SIG" DNS record. A client holding the corresponding private key can sign the update request. This method matches the DNSSECDNSSECThe Domain Name System Security Extensions is a suite of Internet Engineering Task Force specifications for securing certain kinds of information provided by the Domain Name System as used on Internet Protocol networks...
method for secure queries. However, this method is deprecated by RFC 3007. - In , RFC 3645 proposed extending TSIG to allow the Generic Security Service (GSS) method of secure key exchange, eliminating the need for manually distributing keys to all TSIG clients. The method for distributing public keys as a DNS resource record (RR) is specified in RFC 2930, with GSS as one mode of this method. A modified GSS-TSIGGeneric Security Service Algorithm for Secret Key TransactionGSS-TSIG is an extension to the TSIG DNS authentication protocol for secure key exchange. It is a GSS-API algorithm which uses Kerberos for passing security tokens to provide authentication, integrity and confidentiality.GSS-TSIG uses a mechanism like SPNEGO with Kerberos or NTLM...
- using the Windows Kerberos Server - was implemented by Microsoft WindowsMicrosoft WindowsMicrosoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...
Active DirectoryActive DirectoryActive Directory is a directory service created by Microsoft for Windows domain networks. It is included in most Windows Server operating systems. Server computers on which Active Directory is running are called domain controllers....
servers and clients called Secure Dynamic Update. In combination with poorly configured DNS (with no Reverse Lookup Zone) using RFC 1918 addressing, reverse DNS updates using this authentication scheme are forwarded en masse to the root DNS servers and increase the traffic to root DNS servers in the course of doing sohttp://www.caida.org/outreach/papers/2003/dnsspectroscopy/. There is an anycastAnycastAnycast is a network addressing and routing methodology in which datagrams from a single sender are routed to the topologically nearest node in a group of potential receivers all identified by the same destination address.-Addressing methodologies:...
group which deals with this traffic to take it away from the root DNS servershttp://public.as112.net/. - RFC 2845, which defines TSIG, specifies only one allowed hashing function HMAC-MD5HMACIn cryptography, HMAC is a specific construction for calculating a message authentication code involving a cryptographic hash function in combination with a secret key. As with any MAC, it may be used to simultaneously verify both the data integrity and the authenticity of a message...
, which is no longer considered to be highly secure. , proposals are being circulated to allow RFC 3174 Secure Hash Algorithm (SHA1) hashing to replace MD5. The 160-bit digest generated by SHA1 should be more secure than the 128-bit digest generated by MD5MD5The MD5 Message-Digest Algorithm is a widely used cryptographic hash function that produces a 128-bit hash value. Specified in RFC 1321, MD5 has been employed in a wide variety of security applications, and is also commonly used to check data integrity...
. - RFC 2930, which defines TKEY, a DNS Record used to automatically distribute keys from a DNS server to DNS clients
- RFC 3645, Which defines GSS-TSIG which uses gss-api and TKEY to automatically distribute keys in gss-api mode
- The DNSCurveDNSCurveDNSCurve is a proposed new secure protocol for the Domain Name System , designed by Daniel J. Bernstein. The basic idea is to define a secure new transport layer protocol to replace TCP, called CurveCP, using elliptic curve cryptography on top of UDP then doing DNS queries inside CurveCP...
proposal has many similarities to TSIG.
External links
- RFC 2136 Dynamic Updates in the Domain Name System (DNS UPDATE)
- RFC 2845 Secret Key Transaction Authentication for DNS (TSIG)
- RFC 2930 Secret Key Establishment for DNS (TKEY RR)
- RFC 3645 Generic Security Service Algorithm for Secret Key Transaction Authentication for DNS (GSS-TSIG)
- RFC 3174 US Secure Hash Algorithm 1
- RFC 4635 HMAC SHA TSIG Algorithm Identifiers