TSIG (Transaction Signature), also referred to as Secret Key Transaction Authentication, ensures that DNS packets originate from an authorized sender by using shared secret keys and one-way hashing to add a cryptographic signature to the DNS packets.

TSIG keys are used to enable DNS to authenticate updates to secondary zones. TSIG keys provide an added layer of security for IXFR  and AXFR  transactions. A TSIG key consists of a key name, a signing algorithm, and a secret. See RFC 2845 for more information. TSIG keys can also be managed in DNS Zone Management. See Zones for more information.