To:
dnssec@cafax.se
cc:
mike@fuhr.org, team@nlnetlabs.nl, disi@ripe.net
From:
Olaf Kolkman <olaf@ripe.net>
Date:
Tue, 15 May 2001 13:25:22 +0200
Delivery-Date:
Wed May 16 07:59:05 2001
Sender:
owner-dnssec@cafax.se
Subject:
Net::DNS DNSSEC extensions V0.2
Dear Colleagues,
I've added extra features to and fixed some bugs in the DNSSEC
extensions I made to the PERL DNS Resolver Module Net::DNS.
You can get a patch against Mike Fuhr's development version of Net::DNS
from the tools section at http://www.ripe.net/disi/ the documentation
can be found at http://www.ripe.net/disi/Net/index.html
Version 0.12 of Net::DNS is in CPAN. The development version 0.19 (Feb
6, 2001) is available from http://www.fuhr.org/~mfuhr/perldns/.
Note that the DNSSEC extensions and the Version 0.19 are both under
development and not all possible interactions are tested.
--Olaf
--------------------
Main changes with respect to the previous patch I posted to dnssec@sigz.se.
- I have added a new constructor for the SIG object. Given a RRset and a
bind generated private key one can create a signature over the RRset.
(RSA signatures only, other algorithms will follow)
my $sigrr= create Net::DNS::RR::SIG(\@datarrset,$keypath);
- I fixed a bug in the original TTL handling which made signature
verification fail if the TTL in the datarr was not the original TTL
(i.e. when not querying authoritative servers.)