Enabling TSIG Authentication

NS1 offers authentication using TSIG (Transaction Signature) when being used as a secondary zone. This feature is currently exclusive to the V2 Portal platform.

Configuring A Secondary Zone

(Enact the first 5 steps from this article https://ns1.com/articles/secondary-zones )

Enabling TSIG

Before completing the new zone, you will need to select enable TSIG. The next step is to supply a type of hash, a name for the key being created (an all lowercase key name is currently required), and the key itself. The key works as a password to authenticate the two DNS servers (AXFR) to securely communicate changes for zone records. The hash type and key will need to match between the primary and secondary DNS providers.


Once completed, save the new zone. The secondary zone will be created in a "pending" state -- it may take a few minutes for us to do the first synchronization against your primary server.