Vivek Gite submitted a nice article on implementing TSIG in BIND:
Transaction signatures (TSIG) is a mechanism used to secure DNS messages and to provide secure server-to-server communication. This includes zone transfer, notify, and recursive query messages. TSIG uses shared secrets and a one-way hash function to authenticate DNS messages, particularly responses and updates.This tutorial discusses the security mechanisms implemented in BIND v8.2+ / v9.x to secure DNS messages and name servers
Click-through to read more!
The link for this article located at is no longer available.