Re: Using the TSIG key to verify which client is sending the request

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

One of the parameter in the

tsig.verify(query, in, length, null)

is the query. Is it possible to make the verification without the complete
message?

Thanks,
Luis

On Thu, May 26, 2011 at 6:18 PM, Brian Wellington <bwe...@xb...>wrote:

>
> On May 26, 2011, at 7:23 AM, Luis Silva wrote:
>
> It worked, thanks.
>
> I've checked the algorithm and it requires the analyses of the complete
> message. Is that correct?
>
>
> I don't understand what you're asking.
>
> Brian
>
>
> On Wed, May 25, 2011 at 6:47 PM, Brian Wellington <bwe...@xb...>wrote:
>
>>
>> On May 25, 2011, at 3:52 AM, Luis Silva wrote:
>>
>> > I'm receiving in my DNS java server application a DNS query with a TSIG
>> record. Is it possible to extract the TSIG key from this record and verifies
>> the client based on the TSIG?
>>
>> It is possible to extract the TSIG record from the message, using
>> Message.getTSIG().  Mapping this to a key (comparing the name and algorithm)
>> and verifying the signature can be done in your application.  There's code
>> in jnamed which does this, and can be used for reference.
>>
>>        TSIGRecord queryTSIG = query.getTSIG();
>>        TSIG tsig = null;
>>        if (queryTSIG != null) {
>>                tsig = (TSIG) TSIGs.get(queryTSIG.getName());
>>                if (tsig == null ||
>>                    tsig.verify(query, in, length, null) != Rcode.NOERROR)
>>                        return formerrMessage(in);
>>        }
>>
>> Brian
>
>
>
>