Net::DNS::RR::TSIG - phpMan

Command: man perldoc info search(apropos)  

Sections
NAME SYNOPSIS DESCRIPTION METHODS ACKNOWLEDGMENT BUGS COPYRIGHT LICENSE SEE ALSO 
NAME
    Net::DNS::RR::TSIG - DNS TSIG resource record

SYNOPSIS
        use Net::DNS;
        $tsig = Net::DNS::RR::TSIG->create( $keyfile );

        $tsig = Net::DNS::RR::TSIG->create( $keyfile,
                                            fudge => 300
                                            );

DESCRIPTION
    Class for DNS Transaction Signature (TSIG) resource records.

METHODS
    The available methods are those inherited from the base class augmented
    by the type-specific methods defined in this package.

    Use of undocumented package features or direct access to internal data
    structures is discouraged and could result in program termination or
    other unpredictable behaviour.

  algorithm
        $algorithm = $rr->algorithm;
        $rr->algorithm( $algorithm );

    A domain name which specifies the name of the algorithm.

  key
        $rr->key( $key );

    Base64 representation of the key material.

  keybin
        $rr->keybin( $keybin );

    Binary representation of the key material.

  time_signed
        $time_signed = $rr->time_signed;
        $rr->time_signed( $time_signed );

    Signing time as the number of seconds since 1 Jan 1970 00:00:00 UTC. The
    default signing time is the current time.

  fudge
        $fudge = $rr->fudge;
        $rr->fudge( $fudge );

    "fudge" represents the permitted error in the signing time. The default
    fudge is 300 seconds.

  mac
        $rr->mac( $mac );

    Message authentication code (MAC). The programmer must call the
    Net::DNS::Packet data() object method before this will return anything
    meaningful.

  macbin
        $macbin = $rr->macbin;
        $rr->macbin( $macbin );

    Binary message authentication code (MAC).

  prior_mac
        $prior_mac = $rr->prior_mac;
        $rr->prior_mac( $prior_mac );

    Prior message authentication code (MAC).

  prior_macbin
        $prior_macbin = $rr->prior_macbin;
        $rr->prior_macbin( $prior_macbin );

    Binary prior message authentication code.

  request_mac
        $request_mac = $rr->request_mac;
        $rr->request_mac( $request_mac );

    Request message authentication code (MAC).

  request_macbin
        $request_macbin = $rr->request_macbin;
        $rr->request_macbin( $request_macbin );

    Binary request message authentication code.

  original_id
        $original_id = $rr->original_id;
        $rr->original_id( $original_id );

    The message ID from the header of the original packet.

  error
  vrfyerrstr
         $rcode = $tsig->error;

    Returns the RCODE covering TSIG processing. Common values are NOERROR,
    BADSIG, BADKEY, and BADTIME. See RFC8945 for details.

  other
         $other = $tsig->other;

    This field should be empty unless the error is BADTIME, in which case it
    will contain the server time as the number of seconds since 1 Jan 1970
    00:00:00 UTC.

  sig_function
        sub signing_function {
            my ( $keybin, $data ) = @_;

            my $hmac = Digest::HMAC->new( $keybin, 'Digest::MD5' );
            $hmac->add( $data );
            return $hmac->digest;
        }

        $tsig->sig_function( \&signing_function );

    This sets the signing function to be used for this TSIG record. The
    default signing function is HMAC-MD5.

  sig_data
         $sigdata = $tsig->sig_data($packet);

    Returns the packet packed according to RFC8945 in a form for signing.
    This is only needed if you want to supply an external signing function,
    such as is needed for TSIG-GSS.

  create
        $tsig = Net::DNS::RR::TSIG->create( $keyfile );

        $tsig = Net::DNS::RR::TSIG->create( $keyfile,
                                            fudge => 300
                                            );

    Returns a TSIG RR constructed using the parameters in the specified key
    file, which is assumed to have been generated by tsig-keygen.

  verify
        $verify = $tsig->verify( $data );
        $verify = $tsig->verify( $packet );

        $verify = $tsig->verify( $reply,  $query );

        $verify = $tsig->verify( $packet, $prior );

    The boolean verify method will return true if the hash over the packet
    data conforms to the data in the TSIG itself

TSIG Keys
    The TSIG authentication mechanism employs shared secret keys to
    establish a trust relationship between two entities.

    It should be noted that it is possible for more than one key to be in
    use simultaneously between any such pair of entities.

    TSIG keys are generated using the tsig-keygen utility distributed with
    ISC BIND:

        tsig-keygen -a HMAC-SHA256 host1-host2.example.

    Other algorithms may be substituted for HMAC-SHA256 in the above
    example.

    These keys must be protected in a manner similar to private keys, lest a
    third party masquerade as one of the intended parties by forging the
    message authentication code (MAC).

Configuring BIND Nameserver
    The generated key must be added to the /etc/named.conf configuration or
    a separate file introduced by the $INCLUDE directive:

        key "host1-host2.example. {
            algorithm hmac-sha256;
            secret "Secret+known+only+by+participating+entities=";
        };

ACKNOWLEDGMENT
    Most of the code in the Net::DNS::RR::TSIG module was contributed by
    Chris Turbeville.

    Support for external signing functions was added by Andrew Tridgell.

    TSIG verification, BIND keyfile handling and support for HMAC-SHA1,
    HMAC-SHA224, HMAC-SHA256, HMAC-SHA384 and HMAC-SHA512 functions was
    added by Dick Franks.

BUGS
    A 32-bit representation of time is used, contrary to RFC2845 which
    demands 48 bits. This design decision will need to be reviewed before
    the code stops working on 7 February 2106.

COPYRIGHT
    Copyright (c)2000,2001 Michael Fuhr.

    Portions Copyright (c)2002,2003 Chris Reinhardt.

    Portions Copyright (c)2013,2020 Dick Franks.

    All rights reserved.

    Package template (c)2009,2012 O.M.Kolkman and R.W.Franks.

LICENSE
    Permission to use, copy, modify, and distribute this software and its
    documentation for any purpose and without fee is hereby granted,
    provided that the original copyright notices appear in all copies and
    that both copyright notice and this permission notice appear in
    supporting documentation, and that the name of the author not be used in
    advertising or publicity pertaining to distribution of the software
    without specific prior written permission.

    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
    MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
    IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
    CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
    TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
    SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

SEE ALSO
    perl, Net::DNS, Net::DNS::RR, RFC8945

    TSIG Algorithm Names
    <http://www.iana.org/assignments/tsig-algorithm-names>

Generated by phpMan Author: Che Dong On Apache Under GNU General Public License - MarkDown Format
2026-05-23 05:19 @216.73.217.24 CrawledBy Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)
Valid XHTML 1.0 TransitionalValid CSS!

^_back to top