[ldns-users] TSIG trouble
msheldon at godaddy.com
Thu May 13 01:18:57 CEST 2010
OK, managed to get everyone happy, dig, nsd and drill all agree on a
Except if a tcp transmission is split into multiple packets.
The way I read the RFCs...
For a simple reply, the tsig MAC of the query is passed to
For multi-packet replies (big AXFR), the digest of the preceding data is
used for subsequent packets. But, if I try using the tsig MAC of the
previous signed DNS packet, the signature fails in dig and nsd. It also
fails if I just keep using the query MAC.
More information about the ldns-users