{
    "content": [
        {
            "type": "text",
            "text": "# Net::DNS::RR::TSIG (perldoc)\n\n## NAME\n\nNet::DNS::RR::TSIG - DNS TSIG resource record\n\n## SYNOPSIS\n\nuse Net::DNS;\n$tsig = Net::DNS::RR::TSIG->create( $keyfile );\n$tsig = Net::DNS::RR::TSIG->create( $keyfile,\nfudge => 300\n);\n\n## DESCRIPTION\n\nClass for DNS Transaction Signature (TSIG) resource records.\n\n## Sections\n\n- **NAME**\n- **SYNOPSIS**\n- **DESCRIPTION**\n- **METHODS**\n- **Configuring BIND Nameserver**\n- **ACKNOWLEDGMENT**\n- **BUGS**\n- **COPYRIGHT**\n- **LICENSE**\n- **SEE ALSO**\n\nUse structuredContent.sections for detailed options, examples, and full documentation.\n"
        }
    ],
    "structuredContent": {
        "command": "Net::DNS::RR::TSIG",
        "section": "",
        "mode": "perldoc",
        "summary": "Net::DNS::RR::TSIG - DNS TSIG resource record",
        "synopsis": "use Net::DNS;\n$tsig = Net::DNS::RR::TSIG->create( $keyfile );\n$tsig = Net::DNS::RR::TSIG->create( $keyfile,\nfudge => 300\n);",
        "tldr_summary": null,
        "tldr_examples": [],
        "tldr_source": null,
        "flags": [],
        "examples": [],
        "see_also": [],
        "section_outline": [
            {
                "name": "NAME",
                "lines": 2,
                "subsections": []
            },
            {
                "name": "SYNOPSIS",
                "lines": 7,
                "subsections": []
            },
            {
                "name": "DESCRIPTION",
                "lines": 2,
                "subsections": []
            },
            {
                "name": "METHODS",
                "lines": 147,
                "subsections": []
            },
            {
                "name": "Configuring BIND Nameserver",
                "lines": 8,
                "subsections": []
            },
            {
                "name": "ACKNOWLEDGMENT",
                "lines": 7,
                "subsections": []
            },
            {
                "name": "BUGS",
                "lines": 3,
                "subsections": []
            },
            {
                "name": "COPYRIGHT",
                "lines": 10,
                "subsections": []
            },
            {
                "name": "LICENSE",
                "lines": 12,
                "subsections": []
            },
            {
                "name": "SEE ALSO",
                "lines": 4,
                "subsections": []
            }
        ],
        "sections": {
            "NAME": {
                "content": "Net::DNS::RR::TSIG - DNS TSIG resource record\n",
                "subsections": []
            },
            "SYNOPSIS": {
                "content": "use Net::DNS;\n$tsig = Net::DNS::RR::TSIG->create( $keyfile );\n\n$tsig = Net::DNS::RR::TSIG->create( $keyfile,\nfudge => 300\n);\n",
                "subsections": []
            },
            "DESCRIPTION": {
                "content": "Class for DNS Transaction Signature (TSIG) resource records.\n",
                "subsections": []
            },
            "METHODS": {
                "content": "The available methods are those inherited from the base class augmented by the type-specific\nmethods defined in this package.\n\nUse of undocumented package features or direct access to internal data structures is discouraged\nand could result in program termination or other unpredictable behaviour.\n\nalgorithm\n$algorithm = $rr->algorithm;\n$rr->algorithm( $algorithm );\n\nA domain name which specifies the name of the algorithm.\n\nkey\n$rr->key( $key );\n\nBase64 representation of the key material.\n\nkeybin\n$rr->keybin( $keybin );\n\nBinary representation of the key material.\n\ntimesigned\n$timesigned = $rr->timesigned;\n$rr->timesigned( $timesigned );\n\nSigning time as the number of seconds since 1 Jan 1970 00:00:00 UTC. The default signing time is\nthe current time.\n\nfudge\n$fudge = $rr->fudge;\n$rr->fudge( $fudge );\n\n\"fudge\" represents the permitted error in the signing time. The default fudge is 300 seconds.\n\nmac\n$rr->mac( $mac );\n\nMessage authentication code (MAC). The programmer must call the Net::DNS::Packet data() object\nmethod before this will return anything meaningful.\n\nmacbin\n$macbin = $rr->macbin;\n$rr->macbin( $macbin );\n\nBinary message authentication code (MAC).\n\npriormac\n$priormac = $rr->priormac;\n$rr->priormac( $priormac );\n\nPrior message authentication code (MAC).\n\npriormacbin\n$priormacbin = $rr->priormacbin;\n$rr->priormacbin( $priormacbin );\n\nBinary prior message authentication code.\n\nrequestmac\n$requestmac = $rr->requestmac;\n$rr->requestmac( $requestmac );\n\nRequest message authentication code (MAC).\n\nrequestmacbin\n$requestmacbin = $rr->requestmacbin;\n$rr->requestmacbin( $requestmacbin );\n\nBinary request message authentication code.\n\noriginalid\n$originalid = $rr->originalid;\n$rr->originalid( $originalid );\n\nThe message ID from the header of the original packet.\n\nerror\nvrfyerrstr\n$rcode = $tsig->error;\n\nReturns the RCODE covering TSIG processing. Common values are NOERROR, BADSIG, BADKEY, and\nBADTIME. See RFC8945 for details.\n\nother\n$other = $tsig->other;\n\nThis field should be empty unless the error is BADTIME, in which case it will contain the server\ntime as the number of seconds since 1 Jan 1970 00:00:00 UTC.\n\nsigfunction\nsub signingfunction {\nmy ( $keybin, $data ) = @;\n\nmy $hmac = Digest::HMAC->new( $keybin, 'Digest::MD5' );\n$hmac->add( $data );\nreturn $hmac->digest;\n}\n\n$tsig->sigfunction( \\&signingfunction );\n\nThis sets the signing function to be used for this TSIG record. The default signing function is\nHMAC-MD5.\n\nsigdata\n$sigdata = $tsig->sigdata($packet);\n\nReturns the packet packed according to RFC8945 in a form for signing. This is only needed if you\nwant to supply an external signing function, such as is needed for TSIG-GSS.\n\ncreate\n$tsig = Net::DNS::RR::TSIG->create( $keyfile );\n\n$tsig = Net::DNS::RR::TSIG->create( $keyfile,\nfudge => 300\n);\n\nReturns a TSIG RR constructed using the parameters in the specified key file, which is assumed\nto have been generated by tsig-keygen.\n\nverify\n$verify = $tsig->verify( $data );\n$verify = $tsig->verify( $packet );\n\n$verify = $tsig->verify( $reply,  $query );\n\n$verify = $tsig->verify( $packet, $prior );\n\nThe boolean verify method will return true if the hash over the packet data conforms to the data\nin the TSIG itself\n\nTSIG Keys\nThe TSIG authentication mechanism employs shared secret keys to establish a trust relationship\nbetween two entities.\n\nIt should be noted that it is possible for more than one key to be in use simultaneously between\nany such pair of entities.\n\nTSIG keys are generated using the tsig-keygen utility distributed with ISC BIND:\n\ntsig-keygen -a HMAC-SHA256 host1-host2.example.\n\nOther algorithms may be substituted for HMAC-SHA256 in the above example.\n\nThese keys must be protected in a manner similar to private keys, lest a third party masquerade\nas one of the intended parties by forging the message authentication code (MAC).\n",
                "subsections": []
            },
            "Configuring BIND Nameserver": {
                "content": "The generated key must be added to the /etc/named.conf configuration or a separate file\nintroduced by the $INCLUDE directive:\n\nkey \"host1-host2.example. {\nalgorithm hmac-sha256;\nsecret \"Secret+known+only+by+participating+entities=\";\n};\n",
                "subsections": []
            },
            "ACKNOWLEDGMENT": {
                "content": "Most of the code in the Net::DNS::RR::TSIG module was contributed by Chris Turbeville.\n\nSupport for external signing functions was added by Andrew Tridgell.\n\nTSIG verification, BIND keyfile handling and support for HMAC-SHA1, HMAC-SHA224, HMAC-SHA256,\nHMAC-SHA384 and HMAC-SHA512 functions was added by Dick Franks.\n",
                "subsections": []
            },
            "BUGS": {
                "content": "A 32-bit representation of time is used, contrary to RFC2845 which demands 48 bits. This design\ndecision will need to be reviewed before the code stops working on 7 February 2106.\n",
                "subsections": []
            },
            "COPYRIGHT": {
                "content": "Copyright (c)2000,2001 Michael Fuhr.\n\nPortions Copyright (c)2002,2003 Chris Reinhardt.\n\nPortions Copyright (c)2013,2020 Dick Franks.\n\nAll rights reserved.\n\nPackage template (c)2009,2012 O.M.Kolkman and R.W.Franks.\n",
                "subsections": []
            },
            "LICENSE": {
                "content": "Permission to use, copy, modify, and distribute this software and its documentation for any\npurpose and without fee is hereby granted, provided that the original copyright notices appear\nin all copies and that both copyright notice and this permission notice appear in supporting\ndocumentation, and that the name of the author not be used in advertising or publicity\npertaining to distribution of the software without specific prior written permission.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING\nBUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND\nNONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,\nDAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n",
                "subsections": []
            },
            "SEE ALSO": {
                "content": "perl, Net::DNS, Net::DNS::RR, RFC8945\n\nTSIG Algorithm Names <http://www.iana.org/assignments/tsig-algorithm-names>\n",
                "subsections": []
            }
        }
    }
}