DNS_TSIG_Key (object)¶

Configures a TSIG key

Properties (* = required):

name	type(s)	default	allowed values	description
algorithm	string	“hmacmd5”	“hmacmd5”, “hmacsha1”, “hmacsha256”	Specifies the algorithm the system uses to authenticate AXFR zone transfer requests as coming from an approved DNS nameserver, or to authenticate AXFR zone transfers as coming from an approved back-end DNS authoritative server. The algorithm involves a cryptographic hash function in combination with a secret, which is specified in the Secret field. The default is HMAC MD5 (the Hash-based Message Authentication Code MD5).
class*	string		“DNS_TSIG_Key”
label	string		“^[^x00-x1fx22#&<>?x5b-x5d`x7f]$”	Optional friendly name for this object. Allows 0-64 chars, excluding a few likely to cause trouble with string searching, JS, TCL, or HTML
remark	string		“^[^x00-x1fx22x5cx7f]*$”	Arbitrary (brief) text pertaining to this object. Allows 0-64 chars, excluding only control characters, double-quote, and backslash. This is permissive enough that you should worry about XSS attacks
secret*	object			Specifies the secret used with the algorithm in the verification process. The secret must be generated by a third-party tool such as BIND’s keygen utility; the BIG-IP system does not generate the TSIG key secret.,A value: (a) in a cryptogram in this object; (b) in a cryptogram elsewhere in this declaration; or (c) available from a URL

DNS_TSIG_Key.secret (object)¶

Specifies the secret used with the algorithm in the verification process. The secret must be generated by a third-party tool such as BIND’s keygen utility; the BIG-IP system does not generate the TSIG key secret. A value: (a) in a cryptogram in this object; (b) in a cryptogram elsewhere in this declaration; or (c) available from a URL

Properties (* = required):

name	type(s)	default	allowed values	description
/*/
allowReuse	boolean	false	true, false	If true, other declaration objects may reuse this value

Previous Next