Problem transferring large zones

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi -

I¹ve discovered that when transferring in a zone that is too large to fit in
a single message and using a TSIG key to secure it, the transfer fails with
³last message must be signed.² This is because the TSIG.StreamVerifier
correctly calls key.verify() on the first and every 100th (at least)
message¹s signatures, but doesn¹t necessarily do this with the last message,
so when ZoneTransferIn.doxfr() notices this is the last message and checks
response.isVerified(), it fails. The trouble is that StreamVerifier can¹t
possibly know when it¹s operating on the last message to know that it must
call key.verify(), and by the time doxfr() figures it out it¹s too late.

I¹m willing to make the code fix, but I¹ve been fiddling with this all
afternoon and have yet to come up with a workable solution (other than
parsing all the records before checking the TSIG record, so that state ==
END, and then telling StreamVerifier.verify() that it must verify this
record via an added boolean parameter). I¹m looking for ideas...

-- 
Bill 