From 6da24c839a957f0f9866d8025a6bf35256b2e451 Mon Sep 17 00:00:00 2001
From: Aki Tuomi <cmouse@cmouse.fi>
Date: Fri, 12 Jul 2019 12:34:45 +0300
Subject: [PATCH] packethandler: Compare TSIG key name using DNSName

Fixes #8070
---
 pdns/packethandler.cc | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/pdns/packethandler.cc b/pdns/packethandler.cc
index fc15f5aad..0b60e8144 100644
--- a/pdns/packethandler.cc
+++ b/pdns/packethandler.cc
@@ -873,8 +873,9 @@ int PacketHandler::processNotify(DNSPacket *p)
     }
     vector<string> meta;
     if (B.getDomainMetadata(p->qdomain,"AXFR-MASTER-TSIG",meta) && meta.size() > 0) {
-      if (!pdns_iequals(meta[0], p->getTSIGKeyname().toStringNoDot())) {
-        g_log<<Logger::Warning<<"Received secure NOTIFY for "<<p->qdomain<<" from "<<p->getRemote()<<": expected TSIG key '"<<meta[0]<<", got '"<<p->getTSIGKeyname()<<"' (Refused)"<<endl;
+      DNSName expected{meta[0]};
+      if (p->getTSIGKeyname() != expected) {
+        g_log<<Logger::Warning<<"Received secure NOTIFY for "<<p->qdomain<<" from "<<p->getRemote()<<": expected TSIG key '"<<expected<<"', got '"<<p->getTSIGKeyname()<<"' (Refused)"<<endl;
         return RCode::Refused;
       }
     }
-- 
2.40.0