From 2c26f25a151dd504b2664b1721c6a2cc75f3243a Mon Sep 17 00:00:00 2001
From: Kees Monshouwer <mind04@monshouwer.org>
Date: Mon, 21 Jul 2014 22:56:32 +0200
Subject: [PATCH] sign with the right TSIG key if there are multiple algorithms
 available

---
 pdns/tcpreceiver.cc | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/pdns/tcpreceiver.cc b/pdns/tcpreceiver.cc
index ccc8d6584a..2fad9907f7 100644
--- a/pdns/tcpreceiver.cc
+++ b/pdns/tcpreceiver.cc
@@ -581,7 +581,10 @@ int TCPNameserver::doAXFR(const string &target, shared_ptr<DNSPacket> q, int out
   q->getTSIGDetails(&trc, &tsigkeyname, 0);
 
   if(!tsigkeyname.empty()) {
-    string tsig64, algorithm;
+    string tsig64;
+    string algorithm=toLowerCanonic(trc.d_algoName);
+    if (algorithm == "hmac-md5.sig-alg.reg.int")
+      algorithm = "hmac-md5";
     Lock l(&s_plock);
     s_P->getBackend()->getTSIGKey(tsigkeyname, &algorithm, &tsig64);
     B64Decode(tsig64, tsigsecret);
-- 
2.47.2