DNS_TSIG_Key (object)¶
Configures a TSIG key
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
algorithm | string | “hmacmd5” | “hmacmd5”, “hmacsha1”, “hmacsha256” | Specifies the algorithm the system uses to authenticate AXFR zone transfer requests as coming from an approved DNS nameserver, or to authenticate AXFR zone transfers as coming from an approved back-end DNS authoritative server. The algorithm involves a cryptographic hash function in combination with a secret, which is specified in the Secret field. The default is HMAC MD5 (the Hash-based Message Authentication Code MD5). |
class* | string | “DNS_TSIG_Key” | ||
label | string | “^[^x00-x1fx22#&*<>?x5b-x5d`x7f]*$” | Optional friendly name for this object. Allows 0-64 chars, excluding a few likely to cause trouble with string searching, JS, TCL, or HTML | |
remark | string | “^[^x00-x1fx22x5cx7f]*$” | Arbitrary (brief) text pertaining to this object. Allows 0-64 chars, excluding only control characters, double-quote, and backslash. This is permissive enough that you should worry about XSS attacks | |
secret* | object | Specifies the secret used with the algorithm in the verification process. The secret must be generated by a third-party tool such as BIND’s keygen utility; the BIG-IP system does not generate the TSIG key secret.,A value: (a) in a cryptogram in this object; (b) in a cryptogram elsewhere in this declaration; or (c) available from a URL |
DNS_TSIG_Key.secret (object)¶
Specifies the secret used with the algorithm in the verification process. The secret must be generated by a third-party tool such as BIND’s keygen utility; the BIG-IP system does not generate the TSIG key secret. A value: (a) in a cryptogram in this object; (b) in a cryptogram elsewhere in this declaration; or (c) available from a URL
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
/*/ | ||||
allowReuse | boolean | false | true, false | If true, other declaration objects may reuse this value |