From c3ca7d2c6d117edaec3a4ad498c11c6cde38089b Mon Sep 17 00:00:00 2001
From: Dominik Menke <dom@digineo.de>
Date: Sun, 27 Sep 2020 21:32:10 +0200
Subject: [PATCH] rfc2136: ensure algorithm is fully qualified (#1259)

The RFC specifies the algorithm to be fully-qualified,
but the CLI docs don't communicate this to the end user.
---
 providers/dns/rfc2136/rfc2136.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/providers/dns/rfc2136/rfc2136.go b/providers/dns/rfc2136/rfc2136.go
index a13c9289..a34ebfa8 100644
--- a/providers/dns/rfc2136/rfc2136.go
+++ b/providers/dns/rfc2136/rfc2136.go
@@ -181,7 +181,9 @@ func (d *DNSProvider) changeRecord(action, fqdn, value string, ttl int) error {
 
 	// TSIG authentication / msg signing
 	if len(d.config.TSIGKey) > 0 && len(d.config.TSIGSecret) > 0 {
-		m.SetTsig(dns.Fqdn(d.config.TSIGKey), d.config.TSIGAlgorithm, 300, time.Now().Unix())
+		key := dns.Fqdn(d.config.TSIGKey)
+		alg := dns.Fqdn(d.config.TSIGAlgorithm)
+		m.SetTsig(key, alg, 300, time.Now().Unix())
 		c.TsigSecret = map[string]string{dns.Fqdn(d.config.TSIGKey): d.config.TSIGSecret}
 	}