1Net::DNS::RR::TSIG(3) User Contributed Perl DocumentationNet::DNS::RR::TSIG(3)
2
6 Net::DNS::RR::TSIG - DNS TSIG resource record
7
9 "use Net::DNS::RR";
10
12 Class for DNS Transaction Signature (TSIG) resource records.
13
15 algorithm
16 $rr->algorithm($algorithm_name);
18 print "algorithm = ", $rr->algorithm, "\n";
19 Gets or sets the domain name that specifies the name of the algorithm.
21 The only algorithm currently supported is HMAC-MD5.SIG-ALG.REG.INT.
22 time_signed
24 $rr->time_signed(time);
26 print "time signed = ", $rr->time_signed, "\n";
27 Gets or sets the signing time as the number of seconds since 1 Jan 1970
29 00:00:00 UTC.
30 The default signing time is the current time.
32 fudge
34 $rr->fudge(60);
36 print "fudge = ", $rr->fudge, "\n";
37 Gets or sets the "fudge", i.e., the seconds of error permitted in the
39 signing time.
40 The default fudge is 300 seconds.
42 mac_size
44 print "MAC size = ", $rr->mac_size, "\n";
46 Returns the number of octets in the message authentication code (MAC).
48 The programmer must call a Net::DNS::Packet object's data method before
49 this will return anything meaningful.
50 mac
52 print "MAC = ", $rr->mac, "\n";
54 Returns the message authentication code (MAC) as a string of hex char‐
56 acters. The programmer must call a Net::DNS::Packet object's data
57 method before this will return anything meaningful.
58 original_id
60 $rr->original_id(12345);
62 print "original ID = ", $rr->original_id, "\n";
63 Gets or sets the original message ID.
65 error
67 print "error = ", $rr->error, "\n";
69 Returns the RCODE covering TSIG processing. Common values are NOERROR,
71 BADSIG, BADKEY, and BADTIME. See RFC 2845 for details.
72 other_len
74 print "other len = ", $rr->other_len, "\n";
76 Returns the length of the Other Data. Should be zero unless the error
78 is BADTIME.
79 other_data
81 print "other data = ", $rr->other_data, "\n";
83 Returns the Other Data. This field should be empty unless the error is
85 BADTIME, in which case it will contain the server's time as the number
86 of seconds since 1 Jan 1970 00:00:00 UTC.
87 sig_data
89 my $sigdata = $tsig->sig_data($packet);
91 Returns the packet packed according to RFC2845 in a form for signing.
93 This is only needed if you want to supply an external signing function,
94 such as is needed for TSIG-GSS.
95 sign_func
97 sub my_sign_fn($$) {
99 my ($key, $data) = @_;
100 return some_digest_algorithm($key, $data);
102 }
103 $tsig->sign_func(\&my_sign_fn);
105 This sets the signing function to be used for this TSIG record.
107 The default signing function is HMAC-MD5.
109
111 This code is still under development. Use with caution on production
112 systems.
113 The time_signed and other_data fields should be 48-bit unsigned inte‐
115 gers (RFC 2845, Sections 2.3 and 4.5.2). The current implementation
116 ignores the upper 16 bits; this will cause problems for times later
117 than 19 Jan 2038 03:14:07 UTC.
118 The only builtin algorithm currently supported is
120 HMAC-MD5.SIG-ALG.REG.INT. You can use other algorithms by supplying an
121 appropriate sign_func.
122
124 Copyright (c) 2002 Michael Fuhr.
125 Portions Copyright (c) 2002-2004 Chris Reinhardt.
127 All rights reserved. This program is free software; you may redis‐
129 tribute it and/or modify it under the same terms as Perl itself.
130
132 Most of the code in the Net::DNS::RR::TSIG module was contributed by
133 Chris Turbeville.
134 Support for external signing functions was added by Andrew Tridgell.
136
138 perl(1), Net::DNS, Net::DNS::Resolver, Net::DNS::Packet,
139 Net::DNS::Header, Net::DNS::Question, Net::DNS::RR, RFC 2845
140perl v5.8.8 2007-08-01 Net::DNS::RR::TSIG(3)