@@ 9,6 9,7 @@ package dns
import (
"log/slog"
+ "time"
"github.com/miekg/dns"
)
@@ 19,6 20,19 @@ func handleDNSRequest(w dns.ResponseWriter, r *dns.Msg) {
m.Compress = false
m.SetEdns0(4096, true)
+ if r.IsTsig() != nil {
+ slog.Debug("Request is TSIG")
+ if w.TsigStatus() == nil {
+ slog.Debug("TSIG is valid")
+ // NOTE: The first argument here is the keyname.
+ m.SetTsig(r.Extra[len(r.Extra)-1].(*dns.TSIG).Hdr.Name, dns.HmacSHA256, 300, time.Now().Unix())
+ } else {
+ slog.Error("TSIG error", slog.String("status", w.TsigStatus().Error()))
+ // Stop processing the request if there was something wrong with TSIG.
+ return
+ }
+ }
+
switch r.Opcode {
case dns.OpcodeQuery:
parseQuery(m, r)