We need to move the TSIG keys out of named.conf into a database file. Key-directory is not the place for these. I really don't want to have millions of files in the default key directory. Using K* files for TSIG was a kludge. The database key should be + . The database data is the purge date (0 == don't purge) + shared secret in binary form + original TKEY name if appropriate. Any keys in named.conf just get added (marked not for purge). TKEY should write to this database. External tools could add / remove w/o going through rndc. We have a text based file format for TKEY/GSSAPI which should be modified to use this. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org