# File lib/dnsruby/resource/TSIG.rb, line 194
      def verify(query, response, response_bytes, buf="")
        #         4.6. Client processing of answer
        # 
        #    When a client receives a response from a server and expects to see a
        #    TSIG, it first checks if the TSIG RR is present in the response.
        #    Otherwise, the response is treated as having a format error and
        #    discarded.  The client then extracts the TSIG, adjusts the ARCOUNT,
        #    and calculates the keyed digest in the same way as the server.  If
        #    the TSIG does not validate, that response MUST be discarded, unless
        #    the RCODE is 9 (NOTAUTH), in which case the client SHOULD attempt to
        #    verify the response as if it were a TSIG Error response, as specified
        #    in [4.3].  A message containing an unsigned TSIG record or a TSIG
        #    record which fails verification SHOULD not be considered an
        #    acceptable response; the client SHOULD log an error and continue to
        #    wait for a signed response until the request times out.

        #  So, this verify method should simply remove the TSIG RR and calculate
        #  the MAC (using original request MAC if required).
        #  Should set tsigstate on packet appropriately, and return error.
        #  Side effect is packet is stripped of TSIG.
        #  Resolver (or client) can then decide what to do...

        msg_tsig_rr = response.tsig
        if (!verify_common(response))
          return false
        end

        new_msg_tsig_rr = generate(response, query, buf, response_bytes, msg_tsig_rr)

        if (msg_tsig_rr.mac == new_msg_tsig_rr.mac)
          response.tsigstate = :Verified
          response.tsigerror = RCode.NOERROR
          return true
        else
          response.tsigstate = :Failed
          response.tsigerror = RCode.BADSIG
          return false
        end
      end