sourCEntral - mobile manpages

pdf

Net::DNS::RR::TSIG

NAME

Net::DNS::RR::TSIG − DNS TSIG resource record

SYNOPSIS

"use Net::DNS::RR";

DESCRIPTION

Class for DNS Transaction Signature ( TSIG ) resource records.

METHODS

algorithm

    $rr−>algorithm($algorithm_name);
    print "algorithm = ", $rr−>algorithm, "\n";

Gets or sets the domain name that specifies the name of the algorithm. The only algorithm currently supported is HMAC−MD5 .SIG−ALG.REG.INT.

time_signed

    $rr−>time_signed(time);
    print "time signed = ", $rr−>time_signed, "\n";

Gets or sets the signing time as the number of seconds since 1 Jan 1970 00:00:00 UTC .

The default signing time is the current time.

fudge

    $rr−>fudge(60);
    print "fudge = ", $rr−>fudge, "\n";

Gets or sets the "fudge", i.e., the seconds of error permitted in the signing time.

The default fudge is 300 seconds.

mac_size

    print "MAC size = ", $rr−>mac_size, "\n";

Returns the number of octets in the message authentication code ( MAC ). The programmer must call a Net::DNS::Packet object’s data method before this will return anything meaningful.

mac

    print "MAC = ", $rr−>mac, "\n";

Returns the message authentication code ( MAC ) as a string of hex characters. The programmer must call a Net::DNS::Packet object’s data method before this will return anything meaningful.

original_id

    $rr−>original_id(12345);
    print "original ID = ", $rr−>original_id, "\n";

Gets or sets the original message ID .

error

    print "error = ", $rr−>error, "\n";

Returns the RCODE covering TSIG processing. Common values are NOERROR , BADSIG , BADKEY , and BADTIME . See RFC 2845 for details.

other_len

    print "other len = ", $rr−>other_len, "\n";

Returns the length of the Other Data. Should be zero unless the error is BADTIME .

other_data

    print "other data = ", $rr−>other_data, "\n";

Returns the Other Data. This field should be empty unless the error is BADTIME , in which case it will contain the server’s time as the number of seconds since 1 Jan 1970 00:00:00 UTC .

sig_data

     my $sigdata = $tsig−>sig_data($packet);

Returns the packet packed according to RFC2845 in a form for signing. This is only needed if you want to supply an external signing function, such as is needed for TSIG-GSS.

sign_func

     sub my_sign_fn($$) {
             my ($key, $data) = @_;
             return some_digest_algorithm($key, $data);
     }
     $tsig−>sign_func(\&my_sign_fn);

This sets the signing function to be used for this TSIG record.

The default signing function is HMAC−MD5 .

BUGS

This code is still under development. Use with caution on production systems.

The time_signed and other_data fields should be 48−bit unsigned integers ( RFC 2845, Sections 2.3 and 4.5.2). The current implementation ignores the upper 16 bits; this will cause problems for times later than 19 Jan 2038 03:14:07 UTC .

The only builtin algorithm currently supported is HMAC−MD5 .SIG−ALG.REG.INT. You can use other algorithms by supplying an appropriate sign_func.

COPYRIGHT

Copyright (c) 2002 Michael Fuhr.

Portions Copyright (c) 2002−2004 Chris Reinhardt.

All rights reserved. This program is free software; you may redistribute it and/or modify it under the same terms as Perl itself.

ACKNOWLEDGMENT

Most of the code in the Net::DNS::RR::TSIG module was contributed by Chris Turbeville.

Support for external signing functions was added by Andrew Tridgell.

SEE ALSO

perl(1), Net::DNS, Net::DNS::Resolver, Net::DNS::Packet, Net::DNS::Header, Net::DNS::Question, Net::DNS::RR, RFC 2845

pdf