0

it says TSIG and DNSSEC provide authentication. Does it mean whole DNS traffic would be encrypted so if I do packet capturing I would not be able to parse anything ?

Or DNS data is still plain text but it has a signature on it so I would be able to verify the data if it is authentic ?

I tried to search TSIG packet data diagram but no luck. Please help.

Jaeh
  • 123
  • 1
  • 3

1 Answers1

1

Both TSIG and DNSSEC provide authentication only.

The data is still unencrypted but signatures are added to allow verification.

Håkan Lindqvist
  • 33,741
  • 5
  • 65
  • 90