%% You should probably cite rfc8945 instead of this I-D. @techreport{ietf-dnsop-rfc2845bis-09, number = {draft-ietf-dnsop-rfc2845bis-09}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-ietf-dnsop-rfc2845bis/09/}, author = {Francis Dupont and Stephen Morris and Paul A. Vixie and Donald E. Eastlake 3rd and Ólafur Guðmundsson and Brian Wellington}, title = {{Secret Key Transaction Authentication for DNS (TSIG)}}, pagetotal = 22, year = 2020, month = jul, day = 10, abstract = {This document describes a protocol for transaction-level authentication using shared secrets and one-way hashing. It can be used to authenticate dynamic updates to a DNS zone as coming from an approved client or to authenticate responses as coming from an approved name server. No recommendation is made here for distributing the shared secrets; it is expected that a network administrator will statically configure name servers and clients using some out-of-band mechanism. This document obsoletes RFCs 2845 and 4635.}, }