1.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") 2.. 3.. SPDX-License-Identifier: MPL-2.0 4.. 5.. This Source Code Form is subject to the terms of the Mozilla Public 6.. License, v. 2.0. If a copy of the MPL was not distributed with this 7.. file, you can obtain one at https://mozilla.org/MPL/2.0/. 8.. 9.. See the COPYRIGHT file distributed with this work for additional 10.. information regarding copyright ownership. 11 12SIG(0) 13------ 14 15BIND partially supports DNSSEC SIG(0) transaction signatures as 16specified in :rfc:`2535` and :rfc:`2931`. SIG(0) uses public/private keys to 17authenticate messages. Access control is performed in the same manner as with 18TSIG keys; privileges can be granted or denied in ACL directives based 19on the key name. 20 21When a SIG(0) signed message is received, it is only verified if 22the key is known and trusted by the server. The server does not attempt 23to recursively fetch or validate the key. 24 25SIG(0) signing of multiple-message TCP streams is not supported. 26 27The only tool shipped with BIND 9 that generates SIG(0) signed messages 28is :iscman:`nsupdate`. 29