L.S. A new version DNSSEC extensions to the Perl Net::DNS is available from the DISI web pages at http://www.ripe.net/disi . The additional features w.r.t. Net::DNS are listed in the README.DNSSEC file which I've appended below. The DNSSEC extensions are available as a patch against the development version of Net::DNS: http://www.ripe.net/disi/SRC/patch-0.19-DNSSEC-0.4. A full tar ball of Net::DNS including DNSSEC is also available from the website at: http://www.ripe.net/disi/SRC/Net-DNS-0.19-DNSSEC-0.4.tar.gz Related is a presentation I gave on the subject on Yet Another Perl Conference (YAPC), slides are available at: http://www.ripe.net/disi/Talks/YAPC2001/index.htm. These slides might be a good start if you want to start using the package. Please let me know if you use the package, if you found any bugs or have feature requests. --Olaf ----------------------------------------------------- Olaf M. Kolkman | RIPE NCC DISI Project ----------- | --------------- RIPE NCC | Phone: +31 20 535 4444 Singel 258 | Fax: +31 20 535 4445 1016 AB Amsterdam | http://www.ripe.net/disi The Netherlands | OKolkman@ripe.net README.DNSSEC _________________________________________________________________________ + General info. + Since this file is available in your distribution You have extended the Net::DNS package with DNSSEC functionality. DNSSEC is defined in RFC 2535 and related packages. The extensions provide the following additional features on top of the original Net::DNS package (version 0.19). - SIG, KEY and NXT records. These are all implemented as RR objects. The cryptography has been implemented using Crypt::DSA, Crypt::RSA and related modules. - EDNS0 support: Implemented using the OPT pseudo RR object. - DS support: Experimental implementation of DS record. To play with the DS record on the Network you have to assign a QTYPE. You can do this by uncommenting line 77 in Net/DNS.pm This will assign QTYPE 93 to the DS RR. - CERT support: Courtesy of Mike Schiraldi <raldi@research.netsol.com> for VeriSign _________________________________________________________________________ + Bug reports and feature requests. + We do not maintain the Net::DNS package. Only the DNSSEC extensions described above. If you find bugs in the extensions or have DNSSEC feature request please mail to okolkman@ripe.net. _________________________________________________________________________ + Update + Please see www.ripe.net/disi for the latest versions. _________________________________________________________________________ + Dependencies. + The patches are dependent on the following CPAN modules. FileHandle => 2.00, IO::Socket => 1.26, IO::Select => 1.14, Socket => 1.72, MIME::Base64 => 2.11, Digest::MD5 => 2.12, Digest::HMAC_MD5 => 1.00, Crypt::RSA => 1.37, Crypt::DSA => 0.12, _________________________________________________________________________ + Version history. + 0.19-DNSSEC-0.4: Added CERT support: Courtesy of Mike Schiraldi <raldi@research.netsol.com> for VeriSign BUG Fixed MANIFEST file. make dist will result in proper module tar ball 0.19-DNSSEC-0.3: Solved patch problems that where due to the $Id: README.DNSSEC,v 1.2 2001/09/17 19:31:02 olaf Exp $ in headers not being from the original distribution. Added DSA signature creation Added DS support You have to uncomment line 77 in Net/DNS.pm to fully enable DS This will assign QTYPE 93 to the DS RR. That value is not assigned by IANA. Added this README.DNSSEC file Added t/09-dnssec.t to the test script with a number of consistency checks. after patching the original distribution direction perl Makefile.PL make test will call this function among other things. BUG KeyID set to 0 for null keys. BUG Sorting of canonical RDATA; Data over which SIG was created was not sorted properly (RFC2535 sect 8.3) causing signature verification errors for RDATA within a RRset having different length (e.g. some NS RRsets would not verify.) 0.19-DNSSEC-0.2: First somewhat public release.