diff --git a/client.go b/client.go
index 98f04d94..173623fc 100644
--- a/client.go
+++ b/client.go
@@ -295,8 +295,9 @@ func (w *reply) readClient(p []byte) (n int, err os.Error) {
 // signature is calculated.
 func (w *reply) Send(m *Msg) os.Error {
 	if m.IsTsig() {
-		// Do tsig
-
+                secret := m.Extra[len(m.Extra)-1].(*RR_TSIG).Hdr.Name
+                // hoeft er niet te zijn...
+		m, _ = TsigGenerate(m, w.Client().TsigSecret[secret], w.tsigTimersOnly)
 	}
 
 	out, ok := m.Pack()
diff --git a/tsig.go b/tsig.go
index f2506fc0..bd22719f 100644
--- a/tsig.go
+++ b/tsig.go
@@ -14,12 +14,6 @@ import (
 // and RFC 4635.
 // Basic use pattern of Tsig:
 //
-//      tsig := new(dns.Tsig)
-//      tsig.Name = "axfr."                      // The name of the key.
-//      tsig.Algorithm = dns.HmacMD5             // The HMAC to use.
-//      tsig.Fudge = 300                         // RFC recommends 300 here.
-//      tsig.TimeSigned = uint64(time.Seconds())      
-//      tsig.Secret = "so6ZGir4GPAqINNh9U5c3A==" // Secret encoded in base64.
 
 // HMAC hashing codes. These are transmitted as domain names.
 const (
@@ -79,15 +73,15 @@ func TsigGenerate(m *Msg, secret string, timersOnly bool) (*Msg, os.Error) {
 
 	h := hmac.NewMD5([]byte(rawsecret))
 	io.WriteString(h, string(buf))
+
 	t.MAC = hex.EncodeToString(h.Sum()) // Size is half!
+	t.MACSize = uint16(len(t.MAC) / 2)
 
 	t.Hdr = RR_Header{Name: rr.Hdr.Name, Rrtype: TypeTSIG, Class: ClassANY, Ttl: 0}
-	t.Fudge = t.Fudge
-	t.TimeSigned = t.TimeSigned
-	t.Algorithm = t.Algorithm
+	t.Fudge = rr.Fudge
+	t.TimeSigned = rr.TimeSigned
+	t.Algorithm = rr.Algorithm
 	t.OrigId = m.MsgHdr.Id
-	t.MAC = t.MAC
-	t.MACSize = uint16(len(t.MAC) / 2)
 
 	m.Extra = append(m.Extra, t)
         return m, nil