Net::DNS::RR::TSIG(3) User Contributed Perl DocumentationNet::DNS::RR::TSIG(3)NAMENet::DNS::RR::TSIG - DNS TSIG resource record
SYNOPSIS
"use Net::DNS::RR";
DESCRIPTION
Class for DNS Transaction Signature (TSIG) resource records.
METHODS
algorithm
$rr->algorithm($algorithm_name);
print "algorithm = ", $rr->algorithm, "\n";
Gets or sets the domain name that specifies the name of the algorithm.
The only algorithm currently supported is HMAC-MD5.SIG-ALG.REG.INT.
time_signed
$rr->time_signed(time);
print "time signed = ", $rr->time_signed, "\n";
Gets or sets the signing time as the number of seconds since 1 Jan 1970
00:00:00 UTC.
The default signing time is the current time.
fudge
$rr->fudge(60);
print "fudge = ", $rr->fudge, "\n";
Gets or sets the "fudge", i.e., the seconds of error permitted in the
signing time.
The default fudge is 300 seconds.
mac_size
print "MAC size = ", $rr->mac_size, "\n";
Returns the number of octets in the message authentication code (MAC).
The programmer must call a Net::DNS::Packet object's data method before
this will return anything meaningful.
mac
print "MAC = ", $rr->mac, "\n";
Returns the message authentication code (MAC) as a string of hex
characters. The programmer must call a Net::DNS::Packet object's data
method before this will return anything meaningful.
original_id
$rr->original_id(12345);
print "original ID = ", $rr->original_id, "\n";
Gets or sets the original message ID.
error
print "error = ", $rr->error, "\n";
Returns the RCODE covering TSIG processing. Common values are NOERROR,
BADSIG, BADKEY, and BADTIME. See RFC 2845 for details.
other_len
print "other len = ", $rr->other_len, "\n";
Returns the length of the Other Data. Should be zero unless the error
is BADTIME.
other_data
print "other data = ", $rr->other_data, "\n";
Returns the Other Data. This field should be empty unless the error is
BADTIME, in which case it will contain the server's time as the number
of seconds since 1 Jan 1970 00:00:00 UTC.
sig_data
my $sigdata = $tsig->sig_data($packet);
Returns the packet packed according to RFC2845 in a form for signing.
This is only needed if you want to supply an external signing function,
such as is needed for TSIG-GSS.
sign_func
sub my_sign_fn($$) {
my ($key, $data) = @_;
return some_digest_algorithm($key, $data);
}
$tsig->sign_func(\&my_sign_fn);
This sets the signing function to be used for this TSIG record.
The default signing function is HMAC-MD5.
BUGS
This code is still under development. Use with caution on production
systems.
The time_signed and other_data fields should be 48-bit unsigned
integers (RFC 2845, Sections 2.3 and 4.5.2). The current
implementation ignores the upper 16 bits; this will cause problems for
times later than 19 Jan 2038 03:14:07 UTC.
The only builtin algorithm currently supported is
HMAC-MD5.SIG-ALG.REG.INT. You can use other algorithms by supplying an
appropriate sign_func.
COPYRIGHT
Copyright (c) 2002 Michael Fuhr.
Portions Copyright (c) 2002-2004 Chris Reinhardt.
All rights reserved. This program is free software; you may
redistribute it and/or modify it under the same terms as Perl itself.
ACKNOWLEDGMENT
Most of the code in the Net::DNS::RR::TSIG module was contributed by
Chris Turbeville.
Support for external signing functions was added by Andrew Tridgell.
SEE ALSOperl(1), Net::DNS, Net::DNS::Resolver, Net::DNS::Packet,
Net::DNS::Header, Net::DNS::Question, Net::DNS::RR, RFC 2845
perl v5.10.0 2008-02-08 Net::DNS::RR::TSIG(3)