1Net::DNS::RR::TSIG(3) User Contributed Perl DocumentationNet::DNS::RR::TSIG(3)
2
3
4

NAME

6       Net::DNS::RR::TSIG - DNS TSIG resource record
7

SYNOPSIS

9           use Net::DNS;
10

DESCRIPTION

12       Class for DNS Transaction Signature (TSIG) resource records.
13

METHODS

15       The available methods are those inherited from the base class augmented
16       by the type-specific methods defined in this package.
17
18       Use of undocumented package features or direct access to internal data
19       structures is discouraged and could result in program termination or
20       other unpredictable behaviour.
21
22   algorithm
23           $algorithm = $rr->algorithm;
24
25       A domain name which specifies the name of the algorithm.
26
27   key
28           $key = $rr->key;
29
30       Key string in the format expected by the signing function.
31
32   time_signed
33           $time_signed = $rr->time_signed;
34
35       Signing time as the number of seconds since 1 Jan 1970 00:00:00 UTC.
36       The default signing time is the current time.
37
38   fudge
39           $fudge = $rr->fudge;
40
41       "fudge" represents the permitted error in the signing time.  The
42       default fudge is 300 seconds.
43
44   mac
45       Returns the message authentication code (MAC) as a string of hex
46       characters.  The programmer must call the Net::DNS::Packet data()
47       object method before this will return anything meaningful.
48
49   macbin
50           $macbin = $rr->macbin;
51
52       Binary message authentication code (MAC).
53
54   request_mac
55            $tsig->request_mac( $request->macbin );
56
57       Request message authentication code (MAC).
58
59   continuation
60            $tsig->continuation(1);
61
62       Flag which indicates continuation of a multi-message response.
63
64   original_id
65           $original_id = $rr->original_id;
66
67       The message ID from the header of the original packet.
68
69   error
70            $rcode = $tsig->error;
71
72       Returns the RCODE covering TSIG processing.  Common values are NOERROR,
73       BADSIG, BADKEY, and BADTIME.  See RFC 2845 for details.
74
75   other
76           $other = $rr->other;
77
78       This field should be empty unless the error is BADTIME, in which case
79       it will contain the server time as the number of seconds since 1 Jan
80       1970 00:00:00 UTC.
81
82   sign_func
83           $sign_func = $rr->sign_func;
84
85       This sets the signing function to be used for this TSIG record.  The
86       default signing function is HMAC-MD5.
87
88   sig_data
89            $sigdata = $tsig->sig_data($packet);
90
91       Returns the packet packed according to RFC2845 in a form for signing.
92       This is only needed if you want to supply an external signing function,
93       such as is needed for TSIG-GSS.
94

TSIG Keys

96       TSIG keys are symmetric HMAC-MD5 keys generated using the following
97       command:
98
99               $ dnssec-keygen -a HMAC-MD5 -b 512 -n HOST <keyname>
100
101               The key will be stored in the file K<keyname>+157+<keyid>.private
102
103           where
104               <keyname> is the DNS name of the key.
105
106               <keyid> is the (generated) numerical identifier used to distinguish this key.
107
108       It is recommended that the keyname be the fully qualified domain name
109       of the relevant host.
110

Configuring BIND Nameserver

112       The following lines must be added to the /etc/named.conf file:
113
114           key <keyname> {
115               algorithm HMAC-MD5;
116               secret "<keydata>";
117           };
118
119       <keyname> is the name of the key chosen when the key was generated.
120
121       <keydata> is the string found on the Key: line in the generated key
122       file.
123

ACKNOWLEDGMENT

125       Most of the code in the Net::DNS::RR::TSIG module was contributed by
126       Chris Turbeville.
127
128       Support for external signing functions was added by Andrew Tridgell.
129

BUGS

131       A 32-bit representation of time is used, contrary to RFC2845 which
132       demands 48 bits.  This design decision will need to be reviewed before
133       the code stops working on 7 February 2106.
134
135       HMAC-MD5.SIG-ALG.REG.INT is the only algorithm currently supported.
136       You can use other algorithms by supplying an appropriate sign_func.
137
139       Copyright (c)2002 Michael Fuhr.
140
141       Portions Copyright (c)2002-2004 Chris Reinhardt.
142
143       Package template (c)2009,2012 O.M.Kolkman and R.W.Franks.
144
145       All rights reserved.
146
147       This program is free software; you may redistribute it and/or modify it
148       under the same terms as Perl itself.
149

SEE ALSO

151       perl, Net::DNS, Net::DNS::RR, RFC2845
152
153
154
155perl v5.16.3                      2012-12-28             Net::DNS::RR::TSIG(3)
Impressum