To:
dnssec@cafax.se
cc:
Michael Fuhr <mfuhr@dimensional.com>, disi@ripe.net
From:
Olaf Kolkman <olaf@ripe.net>
Date:
Thu, 13 Sep 2001 11:03:39 +0200
Sender:
owner-dnssec@cafax.se
Subject:
New version of the Net::DNS extensions.
Dear Colleagues,
A new version of the DNS-SEC extensions to Net::DNS is available.
The patch is directly available from
ftp://ncc.ripe.net/persons/olaf/patch-0.19-DNSSEC-0.3
and will be available from the tools section of www.ripe.net/disi.
Related is a presentation I gave on DNSSEC and Net::DNS at YAPC
Europe, the slides are available from the presentation section of
www.ripe.net/disi.
(it might take a few hours before the patch and the slides are
available from the RIPE website.)
If you are using these extensions please let me know. If you found
bugs or have feature requests let me know as well.
--Olaf Kolkman
The main differences between this version (0.19-DNSSEC-0.3) and the
previous version are:
- Added DSA signature creation
- Added t/09-dnssec.t to the test script with a number of consistency
checks.
- BUG KeyID set to 0 for null keys.
- BUG Sorting of canonical RDATA;
Data over which SIG was created was not sorted properly (RFC2535
sect 8.3) causing signature verification errors for RDATA within
a RRset having different length (e.g. some NS RRsets would not
verify.)
- Added DS support.
To play with the DS record on the Network you have to assign a QTYPE.
You can do this by uncommenting line 77 in Net/DNS.pm
This will assign QTYPE 93 to the DS RR.