recently the linux-distribution i use (recent gentoo) upgraded the net-dns package to version 0.74 (from 0.66). from this time using TSIG on queries and updates does not work anymore. former i used:
$resolver = Net::DNS::Resolver->new(...);
$resolver->tsig( $keyname, $key );
# ($key as base64 representation)
or
$resolver->tsig( Net::DNS::RR->new( "$keyname TSIG $key" ) );
calling tsig now results in an expeption:
"zone file representation not defined for TSIG at /usr/lib/perl5/vendor_perl/5.18.2/i686-linux/Net/DNS/RR.pm line 683."
according to http://search.cpan.org/~nlnetlabs/Net-DNS-0.74/lib/Net/DNS/Resolver.pm#tsig
tsig() - Get or set the TSIG record used to automatically sign outgoing queries and updates.
my usage of tsig() should be correct.
using another way of pre-creating the tsig RR-Object with:
my $tsig = Net::DNS::RR->new( type => "TSIG", name => "KEYNAME", key => "KEY" );
$resolver->tsig($tsig);
results in "tsig verify failure (BADSIG)" Errors in BIND at server side.
using $tsig for update packets only:
my $update = Net::DNS::Update->new( ... );
$update->sign_tsig($tsig);
also does not work (BADSIG); the 'simpler' way
$update->sign_tsig($keyname, $key);
does work.
What is the correct way to use TSIG for both query and update packets with the resolver object in Net::DNS >= V0.74 ?
Perl Version is 5.18.2 .
what am i doing wrong ? - thanks a lot for your hints.