[ldns-users] TSIG trouble
Michael Sheldon
msheldon at godaddy.com
Wed May 12 23:18:57 UTC 2010
OK, managed to get everyone happy, dig, nsd and drill all agree on a
good signature...
Except if a tcp transmission is split into multiple packets.
The way I read the RFCs...
For a simple reply, the tsig MAC of the query is passed to
ldns_pkt_tsig_sign
For multi-packet replies (big AXFR), the digest of the preceding data is
used for subsequent packets. But, if I try using the tsig MAC of the
previous signed DNS packet, the signature fails in dig and nsd. It also
fails if I just keep using the query MAC.
Ideas?
Michael Sheldon
Dev-DNS Services
GoDaddy.com
More information about the ldns-users
mailing list