Re: Problem transferring large zones

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

On Jul 21, 2010, at 3:20 PM, Kocik, William wrote:

> I’ve discovered that when transferring in a zone that is too large to fit in a single message and using a TSIG key to secure it, the transfer fails with “last message must be signed.” This is because the TSIG.StreamVerifier correctly calls key.verify() on the first and every 100th (at least) message’s signatures, but doesn’t necessarily do this with the last message, so when ZoneTransferIn.doxfr() notices this is the last message and checks response.isVerified(), it fails. The trouble is that StreamVerifier can’t possibly know when it’s operating on the last message to know that it must call key.verify(), and by the time doxfr() figures it out it’s too late.
> 
> I’m willing to make the code fix, but I’ve been fiddling with this all afternoon and have yet to come up with a workable solution (other than parsing all the records before checking the TSIG record, so that state == END, and then telling StreamVerifier.verify() that it must verify this record via an added boolean parameter). I’m looking for ideas...

It's possible that I'm missing something, but I think the problem is different than what you're describing.  It looks like this change, added in 2.0.6:

        - The TSIG verification routines (TSIG.verify,
          TSIG.StreamVerifier.verify() now update the Message object with the
          status of the verification in addition to returning the status.

missed several places in StreamVerifier, and the state is never being updated for messages other than the first in the stream.  The released code is unable to complete any TSIG-signed zone transfer longer than a single message, regardless of whether or not every message is signed.

I just committed a fix for this, and my test program passes now.  Could you test the current (svn) code and see if it works now?

I don't think what you described is an issue - what should happen is that StreamVerifier verifies any message that contains a TSIG, whether the TSIG is required or not.  It checks to make sure that there haven't been more than 100 unsigned messages in a row, but it doesn't (and can't) skip any signed messages.

Brian