Net::DNS::RR::TSIG(3) User Contributed Perl Documentation Net::DNS::RR::TSIG(3)
NAME
Net::DNS::RR::TSIG - DNS TSIG resource record
SYNOPSIS
"use Net::DNS::RR";
DESCRIPTION
Class for DNS Transaction Signature (TSIG) resource records.
METHODS
algorithm
$rr->algorithm($algorithm_name);
print "algorithm = ", $rr->algorithm, "\n";
Gets or sets the domain name that specifies the name of the algorithm. The only algorithm currently
supported is HMAC-MD5.SIG-ALG.REG.INT.
time_signed
$rr->time_signed(time);
print "time signed = ", $rr->time_signed, "\n";
Gets or sets the signing time as the number of seconds since 1 Jan 1970 00:00:00 UTC.
The default signing time is the current time.
fudge
$rr->fudge(60);
print "fudge = ", $rr->fudge, "\n";
Gets or sets the "fudge", i.e., the seconds of error permitted in the signing time.
The default fudge is 300 seconds.
mac_size
print "MAC size = ", $rr->mac_size, "\n";
Returns the number of octets in the message authentication code (MAC). The programmer must call a
Net::DNS::Packet object's data method before this will return anything meaningful.
mac
print "MAC = ", $rr->mac, "\n";
Returns the message authentication code (MAC) as a string of hex characters. The programmer must
call a Net::DNS::Packet object's data method before this will return anything meaningful.
original_id
$rr->original_id(12345);
print "original ID = ", $rr->original_id, "\n";
Gets or sets the original message ID.
error
print "error = ", $rr->error, "\n";
Returns the RCODE covering TSIG processing. Common values are NOERROR, BADSIG, BADKEY, and BADTIME.
See RFC 2845 for details.
other_len
print "other len = ", $rr->other_len, "\n";
Returns the length of the Other Data. Should be zero unless the error is BADTIME.
other_data
print "other data = ", $rr->other_data, "\n";
Returns the Other Data. This field should be empty unless the error is BADTIME, in which case it
will contain the server's time as the number of seconds since 1 Jan 1970 00:00:00 UTC.
sig_data
my $sigdata = $tsig->sig_data($packet);
Returns the packet packed according to RFC2845 in a form for signing. This is only needed if you want
to supply an external signing function, such as is needed for TSIG-GSS.
sign_func
sub my_sign_fn($$) {
my ($key, $data) = @_;
return some_digest_algorithm($key, $data);
}
$tsig->sign_func(\&my_sign_fn);
This sets the signing function to be used for this TSIG record.
The default signing function is HMAC-MD5.
BUGS
This code is still under development. Use with caution on production systems.
The time_signed and other_data fields should be 48-bit unsigned integers (RFC 2845, Sections 2.3 and
4.5.2). The current implementation ignores the upper 16 bits; this will cause problems for times
later than 19 Jan 2038 03:14:07 UTC.
The only builtin algorithm currently supported is HMAC-MD5.SIG-ALG.REG.INT. You can use other
algorithms by supplying an appropriate sign_func.
COPYRIGHT
Copyright (c) 2002 Michael Fuhr.
Portions Copyright (c) 2002-2004 Chris Reinhardt.
All rights reserved. This program is free software; you may redistribute it and/or modify it under
the same terms as Perl itself.
ACKNOWLEDGMENT
Most of the code in the Net::DNS::RR::TSIG module was contributed by Chris Turbeville.
Support for external signing functions was added by Andrew Tridgell.
SEE ALSO
perl(1), Net::DNS, Net::DNS::Resolver, Net::DNS::Packet, Net::DNS::Header, Net::DNS::Question,
Net::DNS::RR, RFC 2845
perl v5.8.8 2007-06-21 Net::DNS::RR::TSIG(3)
|