From 5228f6dbcfa6b78bd5763f1e27e9ba9914eb98fb Mon Sep 17 00:00:00 2001 From: Ludovic Fernandez Date: Wed, 27 Apr 2022 17:46:39 +0200 Subject: [PATCH] rfc2136: fix TSIG secret (#1633) --- Makefile | 2 +- providers/dns/rfc2136/rfc2136.go | 7 +++++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/Makefile b/Makefile index 9ad13e5b..e59d8e69 100644 --- a/Makefile +++ b/Makefile @@ -20,7 +20,7 @@ clean: build: clean @echo Version: $(VERSION) - go build -v -trimpath -ldflags '-X "main.version=${VERSION}"' -o ${BIN_OUTPUT} ${MAIN_DIRECTORY} + go build -trimpath -ldflags '-X "main.version=${VERSION}"' -o ${BIN_OUTPUT} ${MAIN_DIRECTORY} image: @echo Version: $(VERSION) diff --git a/providers/dns/rfc2136/rfc2136.go b/providers/dns/rfc2136/rfc2136.go index 6d1d1ac5..e23f7f2a 100644 --- a/providers/dns/rfc2136/rfc2136.go +++ b/providers/dns/rfc2136/rfc2136.go @@ -180,10 +180,13 @@ func (d *DNSProvider) changeRecord(action, fqdn, value string, ttl int) error { // TSIG authentication / msg signing if len(d.config.TSIGKey) > 0 && len(d.config.TSIGSecret) > 0 { - key := dns.Fqdn(d.config.TSIGKey) + key := strings.ToLower(dns.Fqdn(d.config.TSIGKey)) alg := dns.Fqdn(d.config.TSIGAlgorithm) m.SetTsig(key, alg, 300, time.Now().Unix()) - c.TsigSecret = map[string]string{dns.Fqdn(d.config.TSIGKey): d.config.TSIGSecret} + + // secret(s) for Tsig map[], + // zonename must be in canonical form (lowercase, fqdn, see RFC 4034 Section 6.2) + c.TsigSecret = map[string]string{key: d.config.TSIGSecret} } // Send the query