NAME
Net::DNS::RR::TSIG - DNS TSIG resource record
SYNOPSIS
"use Net::DNS::RR";DESCRIPTION
Class for DNS Transaction Signature (TSIG) resource records. MMEETTHHOODDSS aallggoorriitthhmm$rr->algorithm($algorithmname);
print "algorithm = ", $rr->algorithm, "\n";
Gets or sets the domain name that specifies the name of the algorithm.The only algorithm currently supported is HMAC-MD5.SIG-ALG.REG.INT.
ttiimmeessiiggnneedd$rr->timesigned(time);
print "time signed = ", $rr->timesigned, "\n";
Gets or sets the signing time as the number of seconds since 1 Jan 1970 00:00:00 UTC. The default signing time is the current time. ffuuddggee$rr->fudge(60);
print "fudge = ", $rr->fudge, "\n";
Gets or sets the "fudge", i.e., the seconds of error permitted in the signing time. The default fudge is 300 seconds. mmaaccssiizzeeprint "MAC size = ", $rr->macsize, "\n";
Returns the number of octets in the message authentication code (MAC). The programmer must call a Net::DNS::Packet object's data method before this will return anything meaningful. mmaaccprint "MAC = ", $rr->mac, "\n";
Returns the message authentication code (MAC) as a string of hex characters. The programmer must call a Net::DNS::Packet object's data method before this will return anything meaningful. oorriiggiinnaalliidd$rr->originalid(12345);
print "original ID = ", $rr->originalid, "\n";
Gets or sets the original message ID. eerrrroorrprint "error = ", $rr->error, "\n";
Returns the RCODE covering TSIG processing. Common values are NOERROR,
BADSIG, BADKEY, and BADTIME. See RFC 2845 for details. ootthheerrlleennprint "other len = ", $rr->otherlen, "\n";
Returns the length of the Other Data. Should be zero unless the error is BADTIME. ootthheerrddaattaaprint "other data = ", $rr->otherdata, "\n";
Returns the Other Data. This field should be empty unless the error is BADTIME, in which case it will contain the server's time as the number of seconds since 1 Jan 1970 00:00:00 UTC. ssiiggddaattaamy $sigdata = $tsig->sigdata($packet);
Returns the packet packed according to RFC2845 in a form for signing. This is only needed if you want to supply an external signing function,such as is needed for TSIG-GSS.
ssiiggnnffuunnccsub mysignfn($$) {
my ($key, $data) = @;
return somedigestalgorithm($key, $data);
}$tsig->signfunc(\&mysignfn);
This sets the signing function to be used for this TSIG record.The default signing function is HMAC-MD5.
BUGS
This code is still under development. Use with caution on production systems.The timesigned and otherdata fields should be 48-bit unsigned
integers (RFC 2845, Sections 2.3 and 4.5.2). The current implementation ignores the upper 16 bits; this will cause problems for times later than 19 Jan 2038 03:14:07 UTC. The only builtin algorithm currently supported isHMAC-MD5.SIG-ALG.REG.INT. You can use other algorithms by supplying an
appropriate signfunc. COPYRIGHT Copyright (c) 2002 Michael Fuhr.Portions Copyright (c) 2002-2004 Chris Reinhardt.
All rights reserved. This program is free software; you may redistribute it and/or modify it under the same terms as Perl itself. AACCKKNNOOWWLLEEDDGGMMEENNTTMost of the code in the Net::DNS::RR::TSIG module was contributed by
Chris Turbeville. Support for external signing functions was added by Andrew Tridgell.SEE ALSO
perl(1), Net::DNS, Net::DNS::Resolver, Net::DNS::Packet, Net::DNS::Header, Net::DNS::Question, Net::DNS::RR, RFC 2845perl v5.8.8 2007-06-21 Net::DNS::RR::TSIG(3)