From 08a7a55902c758aaf1432ce557f0143715c363ee Mon Sep 17 00:00:00 2001
From: Jonni Liljamo <jonni@liljamo.com>
Date: Mon, 28 Oct 2024 22:03:00 +0200
Subject: [PATCH] feat: tsig

---
 internal/dns/handle.go | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/internal/dns/handle.go b/internal/dns/handle.go
index 951686b..792c90e 100644
--- a/internal/dns/handle.go
+++ b/internal/dns/handle.go
@@ -9,6 +9,7 @@ package dns
 
 import (
 	"log/slog"
+	"time"
 
 	"github.com/miekg/dns"
 )
@@ -19,6 +20,19 @@ func handleDNSRequest(w dns.ResponseWriter, r *dns.Msg) {
 	m.Compress = false
 	m.SetEdns0(4096, true)
 
+	if r.IsTsig() != nil {
+		slog.Debug("Request is TSIG")
+		if w.TsigStatus() == nil {
+			slog.Debug("TSIG is valid")
+			// NOTE: The first argument here is the keyname.
+			m.SetTsig(r.Extra[len(r.Extra)-1].(*dns.TSIG).Hdr.Name, dns.HmacSHA256, 300, time.Now().Unix())
+		} else {
+			slog.Error("TSIG error", slog.String("status", w.TsigStatus().Error()))
+			// Stop processing the request if there was something wrong with TSIG.
+			return
+		}
+	}
+
 	switch r.Opcode {
 	case dns.OpcodeQuery:
 		parseQuery(m, r)
-- 
2.44.1