MS DNS TSIG bug
nsupdate.c has this commented snippet:
#if 0
if (usegsstsig && answer->rcode == dns_rcode_noerror) {
/*
* For MS DNS that violates RFC 2845, section 4.2
*/
break;
}
#endif /* if 0 */
Even today MS DNS has the same problem and I wonder if bind can enable this code always? If not, put it under a #define/configure option so one does not need to patch the code.