DNS provider fails to include TSIG records in retransmit

[TheEnbyperor]

Terraform CLI and Provider Versions

Terraform v1.2.4
on linux_amd64
+ provider registry.terraform.io/hashicorp/dns v3.2.3

Terraform Configuration

provider "dns" {
  update {
    server        = "ns1.as207960.net"
    key_name      = "hexdns_zoneupdatesecret_63542e23930843aa9155cd603a7623a5.catwit.ch."
    key_algorithm = "hmac-sha512"
    key_secret    = "<snip>"
  }
}

resource "dns_a_record_set" "test1" {
  zone = "catwit.ch."
  name = "test1"
  addresses = [
    "192.168.0.1",
    "192.168.0.2",
    "192.168.0.3",
  ]
  ttl = 300
}

Expected Behavior

Sometimes a packet will be lost, or the server will take longer to respond than usual, this is normal. A retransmit is executed, which should be identical.

Actual Behavior

The retransmitted packet neglects to include a TSIG record, resulting in a REFUSED response.

Original packet (wireguard capture)

95	11.221765	172.20.187.70	45.129.95.255	DNS	333	Dynamic update 0x1e8f SOA catwit.ch A 192.168.0.3 A 192.168.0.1 A 192.168.0.2 TSIG

Retransmitted packet

106	13.224498	172.20.187.70	45.129.95.255	DNS	162	Dynamic update 0x1e8f SOA catwit.ch A 192.168.0.3 A 192.168.0.1 A 192.168.0.2

Steps to Reproduce

terraform apply against a server with packet loss or is slow to respond.

How much impact is this issue causing?

Medium

Logs

No response

Additional Information

In the case of a slow server adding the following to the config can help

    timeout       = "5s"

Code of Conduct

• I agree to follow this project's Code of Conduct