February 19, 2015, 8:54 pm
We have a candidate for the upcoming bugfix release 0.83 of Net::DNS.
As discussed on the net-dns-users mailing list and also announced with the previous Net::DNS::SEC release, we are planning to merge the DNSSEC RR’s that are currently in the Net::DNS::SEC module (DS, DNSKEY, RRSIG etc.) into Net::DNS, though without the cryptographic operations. For the cryptographic operations (signing, verifying etc.), Net::DNS::SEC will still be required.
This release is intended to establish a clean Net::DNS baseline, before we start moving the RR’s over.
In anticipating of this move, this release already has the new CSYNC RR from the draft-ietf-dnsop-child-syncronization on board for experimentation purposes.
For a complete list of changes and bugfixes see the CHANGES file.
If no issues arise, the actual release will follow Thursday the 26th of February 2015.
Category:
Releases |
Comments Off on Release candidate for Net::DNS 0.83
February 11, 2015, 2:11 pm
We have a new Net::DNS::SEC release version 0.22.
This release introduces the following new features and improvements:
- RRSIG::siginception and RRSIG::siginception in time values
- RRSIG::siginception and RRSIG::siginception now return, besides the format date in string context like before, the date as seconds since epoch in numeric context.
- ECDSA and GOST signature creation and verification
- The optional Crypt::OpenSSL::EC, Crypt::OpenSSL::ECDSA and Digest::GOST need to be available to enable this feature.
- Version requirements detection for optional modules
- Besides the optional modules just mentioned, Crypt::OpenSSL::Random is an optional module which enables private key generation and Digest::BubbleBabble enables Net::DNS::RR::DS::babble
Besides these features, architectural modifications have been made to loosen the Net::DNS::RR::* classes from the Net::DNS::SEC package, so that they can be added to the regular Net::DNS in the future, although without cryptographic operations.
To this end, all cryptographic operations are now concentrated in their own modules Net::DNS::SEC::RSA, Net::DNS::SEC::DSA, Net::DNS::SEC::ECDSA and Net::DNS::SEC::ECCGOST.
An affected module of this rework is Net::DNS::SEC::Private. This module previously performed cryptographic operations with the generate_rsa, new_rsa_priv and dump_rsa_* methods.
The generate_rsa and new_rsa_priv methods are still available as before, but the dump_rsa_* methods are now available only if the generate_rsa or new_rsa_priv function were used to create the Net::DNS::SEC::Private object. This is different from previous behaviour (i.e. not backwards compatible).
For a complete list of changes and bugfixes see the CHANGES file.
Category:
Releases |
Comments Off on Net::DNS::SEC 0.22 Released
February 4, 2015, 1:32 pm
We have a candidate for the upcoming 0.22 release of Net::DNS::SEC.
This release introduces the following new features and improvements:
- RRSIG::siginception and RRSIG::siginception in time values
- RRSIG::siginception and RRSIG::siginception now returns, besides the format date in string context like before, the date as seconds since epoch in numeric context.
- ECDSA and GOST signature creation and verification
- The optional Crypt::OpenSSL::EC, Crypt::OpenSSL::ECDSA and Digest::GOST need to be available to enable this feature.
- Version requirements detection for optional modules
- Besides the optional modules just mentioned, Crypt::OpenSSL::Random is an optional module which enables private key generation and Digest::BubbleBabble enables Net::DNS::RR::DS::babble
Besides these features, architectural modifications have been made to loosen the Net::DNS::RR::* classes from the Net::DNS::SEC package, so that they can be added to the regular Net::DNS in the future, although without cryptographic operations.
To this end, all cryptographic operations are now concentrated in their own modules Net::DNS::SEC::RSA, Net::DNS::SEC::DSA, Net::DNS::SEC::ECDSA and Net::DNS::SEC::ECCGOST.
An affected module of this rework is Net::DNS::SEC::Private. This module previously performed cryptographic operations with the generate_rsa, new_rsa_priv and dump_rsa_* methods.
The generate_rsa and new_rsa_priv methods are still available as before, but the dump_rsa_* methods are now available only if the generate_rsa or new_rsa_priv function were used to create the Net::DNS::SEC::Private object. This is different from previous behaviour.
Note that the Private.pm module had and has the following text at the top of its documentation: “The class is written to be used only in the context of the Net::DNS::RR::RRSIG create method. This class is not designed to interact with any other system.”
If you depend upon this module please let us know, preferably with a use case.
For a complete list of changes and bugfixes see the CHANGES file.
Please review this version carefully and regression-test it with your software. If no issues arise, the actual release will follow Wedensday the 11th of February 2015.