Closed
Description
I've been trying to upgrade from 2.1.7 to 3.x - tried 3.2.1 and 3.5.0.
After the library update, I've been getting invalid TSIG on what I believe to be the client (dnsjava) side, e.g.:
org.xbill.DNS.TSIG - BADSIG: signature verification failed, expected: Ixc3YzjiFwA8jFtWdNUKTg==, actual: hK02lniZl/vNnYxbpmWgHg==
org.xbill.DNS.SimpleResolver - TSIG verify: BADSIG
...
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 36150
;; flags: qr ; qd: 1 an: 0 au: 0 ad: 1
;; TSIG invalid
;; ZONE:
;; <zone>, type = SOA, class = IN
;; PREREQUISITES:
;; UPDATE RECORDS:
;; ADDITIONAL RECORDS:
<key> 0 ANY TSIG hmac-md5.sig-alg.reg.int. 1645621423 300 16 hK02lniZl/vNnYxbpmWgHg== NOERROR 0
On the other hand, named server logs seem to imply the query itself had a correct MAC (signer <key> approved)
Initially I thought this to be related to #100 - but that issue seems to relate to the query itself having an invalid signature, not the response.
Considering that the updates worked in 2.1.7 - do you perhaps know what could have changed?