1Net::DNS::RR::TSIG(3) User Contributed Perl DocumentationNet::DNS::RR::TSIG(3)
2
6 Net::DNS::RR::TSIG - DNS TSIG resource record
7
9 "use Net::DNS::RR";
10
12 Class for DNS Transaction Signature (TSIG) resource records.
13
15 algorithm
16 $rr->algorithm($algorithm_name);
17 print "algorithm = ", $rr->algorithm, "\n";
18 Gets or sets the domain name that specifies the name of the algorithm.
20 The only algorithm currently supported is HMAC-MD5.SIG-ALG.REG.INT.
21 time_signed
23 $rr->time_signed(time);
24 print "time signed = ", $rr->time_signed, "\n";
25 Gets or sets the signing time as the number of seconds since 1 Jan 1970
27 00:00:00 UTC.
28 The default signing time is the current time.
30 fudge
32 $rr->fudge(60);
33 print "fudge = ", $rr->fudge, "\n";
34 Gets or sets the "fudge", i.e., the seconds of error permitted in the
36 signing time.
37 The default fudge is 300 seconds.
39 mac_size
41 print "MAC size = ", $rr->mac_size, "\n";
42 Returns the number of octets in the message authentication code (MAC).
44 The programmer must call a Net::DNS::Packet object's data method before
45 this will return anything meaningful.
46 mac
48 print "MAC = ", $rr->mac, "\n";
49 Returns the message authentication code (MAC) as a string of hex
51 characters. The programmer must call a Net::DNS::Packet object's data
52 method before this will return anything meaningful.
53 original_id
55 $rr->original_id(12345);
56 print "original ID = ", $rr->original_id, "\n";
57 Gets or sets the original message ID.
59 error
61 print "error = ", $rr->error, "\n";
62 Returns the RCODE covering TSIG processing. Common values are NOERROR,
64 BADSIG, BADKEY, and BADTIME. See RFC 2845 for details.
65 other_len
67 print "other len = ", $rr->other_len, "\n";
68 Returns the length of the Other Data. Should be zero unless the error
70 is BADTIME.
71 other_data
73 print "other data = ", $rr->other_data, "\n";
74 Returns the Other Data. This field should be empty unless the error is
76 BADTIME, in which case it will contain the server's time as the number
77 of seconds since 1 Jan 1970 00:00:00 UTC.
78 sig_data
80 my $sigdata = $tsig->sig_data($packet);
81 Returns the packet packed according to RFC2845 in a form for signing.
83 This is only needed if you want to supply an external signing function,
84 such as is needed for TSIG-GSS.
85 sign_func
87 sub my_sign_fn($$) {
88 my ($key, $data) = @_;
89 return some_digest_algorithm($key, $data);
91 }
92 $tsig->sign_func(\&my_sign_fn);
94 This sets the signing function to be used for this TSIG record.
96 The default signing function is HMAC-MD5.
98
100 This code is still under development. Use with caution on production
101 systems.
102 The time_signed and other_data fields should be 48-bit unsigned
104 integers (RFC 2845, Sections 2.3 and 4.5.2). The current
105 implementation ignores the upper 16 bits; this will cause problems for
106 times later than 19 Jan 2038 03:14:07 UTC.
107 The only builtin algorithm currently supported is
109 HMAC-MD5.SIG-ALG.REG.INT. You can use other algorithms by supplying an
110 appropriate sign_func.
111
113 Copyright (c) 2002 Michael Fuhr.
114 Portions Copyright (c) 2002-2004 Chris Reinhardt.
116 All rights reserved. This program is free software; you may
118 redistribute it and/or modify it under the same terms as Perl itself.
119
121 Most of the code in the Net::DNS::RR::TSIG module was contributed by
122 Chris Turbeville.
123 Support for external signing functions was added by Andrew Tridgell.
125
127 perl(1), Net::DNS, Net::DNS::Resolver, Net::DNS::Packet,
128 Net::DNS::Header, Net::DNS::Question, Net::DNS::RR, RFC 2845
129perl v5.10.1 2009-01-26 Net::DNS::RR::TSIG(3)