Net::DNS::RR::TSIG - DNS TSIG resource record
use Net::DNS::RR
;
Class for DNS Transaction Signature (TSIG) resource records.
$rr->algorithm($algorithm_name); print "algorithm = ", $rr->algorithm, "\n";
Gets or sets the domain name that specifies the name of the algorithm. The only algorithm currently supported is HMAC-MD5.SIG-ALG.REG.INT.
$rr->time_signed(time); print "time signed = ", $rr->time_signed, "\n";
Gets or sets the signing time as the number of seconds since 1 Jan 1970 00:00:00 UTC.
The default signing time is the current time.
$rr->fudge(60); print "fudge = ", $rr->fudge, "\n";
Gets or sets the "fudge", i.e., the seconds of error permitted in the signing time.
The default fudge is 300 seconds.
print "MAC size = ", $rr->mac_size, "\n";
Returns the number of octets in the message authentication code (MAC). The programmer must call a Net::DNS::Packet object's data method before this will return anything meaningful.
print "MAC = ", $rr->mac, "\n";
Returns the message authentication code (MAC) as a string of hex characters. The programmer must call a Net::DNS::Packet object's data method before this will return anything meaningful.
$rr->original_id(12345); print "original ID = ", $rr->original_id, "\n";
Gets or sets the original message ID.
print "error = ", $rr->error, "\n";
Returns the RCODE covering TSIG processing. Common values are NOERROR, BADSIG, BADKEY, and BADTIME. See RFC 2845 for details.
print "other len = ", $rr->other_len, "\n";
Returns the length of the Other Data. Should be zero unless the error is BADTIME.
print "other data = ", $rr->other_data, "\n";
Returns the Other Data. This field should be empty unless the error is BADTIME, in which case it will contain the server's time as the number of seconds since 1 Jan 1970 00:00:00 UTC.
my $sigdata = $tsig->sig_data($packet);
Returns the packet packed according to RFC2845 in a form for signing. This is only needed if you want to supply an external signing function, such as is needed for TSIG-GSS.
sub my_sign_fn($$) { my ($key, $data) = @_; return some_digest_algorithm($key, $data); }
$tsig->sign_func(\&my_sign_fn);
This sets the signing function to be used for this TSIG record.
The default signing function is HMAC-MD5.
This code is still under development. Use with caution on production systems.
The time_signed and other_data fields should be 48-bit unsigned integers (RFC 2845, Sections 2.3 and 4.5.2). The current implementation ignores the upper 16 bits; this will cause problems for times later than 19 Jan 2038 03:14:07 UTC.
The only builtin algorithm currently supported is HMAC-MD5.SIG-ALG.REG.INT. You can use other algorithms by supplying an appropriate sign_func.
Copyright (c) 2002 Michael Fuhr.
Portions Copyright (c) 2002-2004 Chris Reinhardt.
All rights reserved. This program is free software; you may redistribute it and/or modify it under the same terms as Perl itself.
Most of the code in the Net::DNS::RR::TSIG module was contributed by Chris Turbeville.
Support for external signing functions was added by Andrew Tridgell.
perl(1), Net::DNS, Net::DNS::Resolver, Net::DNS::Packet, Net::DNS::Header, Net::DNS::Question, Net::DNS::RR, RFC 2845