Maintenance Blog

Dear all,

We have a release candidate for the upcoming 1.01 release of Net::DNS::SEC.

This is the companion distribution for Net::DNS 1.01. Since Net::DNS 1.01, all RRs related to DNSSEC have been migrated to Net::DNS. This distribution is now only needed to perform cryptographic operations: i.e. signature generation and verification.

For a complete list of changes and bugfixes see the CHANGES file.

If no issues arise, the actual release will follow Monday the 3th of August 2015.

I am very pleased to announce that we have just released version 1.01 of Net::DNS.

This is the first major release of Net::DNS since Michael Fuhr started this project in 1997. Since then many people have contributed to the Net::DNS project and shaped it into the distribution it is now. A very incomplete list of authors (from the Copyright sections of the modules) is: Rob Brown, Andreas Gustafsson, Olaf Kolkman, Sidney Markowitz, Robert Martin-Legene, Chris Reinhardt, Mike Schiraldi, and Andrew Tridgell. Thank you all, and also all the unmentioned people for contributing to, developing on and maintaining Net::DNS!

I took over maintenance of the distribution at NLnet Labs from Olaf Kolkman in 2012. Since then Dick Franks, who was always a prominent contributor has become the primary developer of the distribution.

In late 2012 a major architectural rework commenced, initially to support IDN, but later also to cleanup and to turn Net::DNS in an even more robust and readable code base with a clear and unambiguous interface. We have made this a major release because we consider this architectural rework and cleanup now stable and finished.

This release has the RRs integrated that were previously only available with Net::DNS::SEC, however without the signature generation and verification functions. To enable those functions Net::DNS::SEC still needs to be installed.

As part of the process, the whole of Net::DNS has been brought under the MIT license already used by Net::DNS::SEC. We requested and have received agreement and permission from all the principal authors to apply this license to their respective modules.

Besides the incorporation of the Net::DNS::SEC RRs, this release contains bug fixes and updates with current DNS parameters as usual. For a complete list of changes and bugfixes see the CHANGES file.

I am pleased to announce a release candidate for the upcoming 1.01 release of Net::DNS.

This is a candidate for the version with which we consider the architectural rework and cleanup, that has started late 2012, to be stable and finished.

This release has the RRs integrated that were previously only available with Net::DNS::SEC, however without the signature generation and verification functions. To enable those functions Net::DNS::SEC still needs to be installed.

As part of the process, the whole of Net::DNS has been brought under the MIT license already used by Net::DNS::SEC. We requested and have received agreement and permission from all the principal authors to apply this license to their respective modules.

Besides the incorporation of the Net::DNS::SEC RRs, this release contains bug fixes and updates with current DNS parameters as usual. For a complete list of changes and bugfixes see the CHANGES file.

If no issues arise, the actual release will follow Monday the 6th of July 2015.

We have just released version 0.83 of Net::DNS.

This release has (almost) only bug fixes and is intended to establish a clean baseline in preparation for the merge of the RRs that are currently only in Net::DNS::SEC. Note that for actual cryptographic operations Net::DNS::SEC will still be required.

Besides the bug fixes, in anticipating of the Net::DNS::SEC RRs rehousing, this release already has the new CSYNC RR from the draft-ietf-dnsop-child-syncronization on board for experimentation purposes.

For a complete list of changes and bugfixes see the CHANGES file.

We have a candidate for the upcoming bugfix release 0.83 of Net::DNS.

As discussed on the net-dns-users mailing list and also announced with the previous Net::DNS::SEC release, we are planning to merge the DNSSEC RR’s that are currently in the Net::DNS::SEC module (DS, DNSKEY, RRSIG etc.) into Net::DNS, though without the cryptographic operations. For the cryptographic operations (signing, verifying etc.), Net::DNS::SEC will still be required.

This release is intended to establish a clean Net::DNS baseline, before we start moving the RR’s over.

In anticipating of this move, this release already has the new CSYNC RR from the draft-ietf-dnsop-child-syncronization on board for experimentation purposes.

For a complete list of changes and bugfixes see the CHANGES file.

If no issues arise, the actual release will follow Thursday the 26th of February 2015.

We have a new Net::DNS::SEC release version 0.22.

This release introduces the following new features and improvements:

RRSIG::siginception and RRSIG::siginception in time values

RRSIG::siginception and RRSIG::siginception now return, besides the format date in string context like before, the date as seconds since epoch in numeric context.

ECDSA and GOST signature creation and verification

The optional Crypt::OpenSSL::EC, Crypt::OpenSSL::ECDSA and Digest::GOST need to be available to enable this feature.

Version requirements detection for optional modules

Besides the optional modules just mentioned, Crypt::OpenSSL::Random is an optional module which enables private key generation and Digest::BubbleBabble enables Net::DNS::RR::DS::babble

Besides these features, architectural modifications have been made to loosen the Net::DNS::RR::* classes from the Net::DNS::SEC package, so that they can be added to the regular Net::DNS in the future, although without cryptographic operations.

To this end, all cryptographic operations are now concentrated in their own modules Net::DNS::SEC::RSA, Net::DNS::SEC::DSA, Net::DNS::SEC::ECDSA and Net::DNS::SEC::ECCGOST.

An affected module of this rework is Net::DNS::SEC::Private. This module previously performed cryptographic operations with the generate_rsa, new_rsa_priv and dump_rsa_* methods.

The generate_rsa and new_rsa_priv methods are still available as before, but the dump_rsa_* methods are now available only if the generate_rsa or new_rsa_priv function were used to create the Net::DNS::SEC::Private object. This is different from previous behaviour (i.e. not backwards compatible).

For a complete list of changes and bugfixes see the CHANGES file.

We have a candidate for the upcoming 0.22 release of Net::DNS::SEC.
This release introduces the following new features and improvements:

RRSIG::siginception and RRSIG::siginception in time values

RRSIG::siginception and RRSIG::siginception now returns, besides the format date in string context like before, the date as seconds since epoch in numeric context.

ECDSA and GOST signature creation and verification

The optional Crypt::OpenSSL::EC, Crypt::OpenSSL::ECDSA and Digest::GOST need to be available to enable this feature.

Version requirements detection for optional modules

Besides the optional modules just mentioned, Crypt::OpenSSL::Random is an optional module which enables private key generation and Digest::BubbleBabble enables Net::DNS::RR::DS::babble

Besides these features, architectural modifications have been made to loosen the Net::DNS::RR::* classes from the Net::DNS::SEC package, so that they can be added to the regular Net::DNS in the future, although without cryptographic operations.

To this end, all cryptographic operations are now concentrated in their own modules Net::DNS::SEC::RSA, Net::DNS::SEC::DSA, Net::DNS::SEC::ECDSA and Net::DNS::SEC::ECCGOST.

An affected module of this rework is Net::DNS::SEC::Private.   This module previously performed cryptographic operations with the generate_rsa, new_rsa_priv and dump_rsa_* methods.