Maintenance Blog

Dear all,

We have a candidate for the upcoming 1.16 release of Net::DNS.

This release contains new and improved methods for NSEC and NSEC3 RRs to enquery about the name it covers, the types in its typemap, and in case of NSEC3 about the encloser, nextcloser and (unexpanded) wildcard.

Also, IPv6 support is from now only with the IO::Socket::IP module. Support for the IO::Socket::INET6 is removed (for which we have warned about since 1.12).

See also the Changes file.

Please review this candidate carefully. If no issues arise, the actual release will follow Sunday the 15th of July 2018.

Regression test results: https://www.net-dns.org/regression

Dear all,

We are pleased to announce the 1.09 release of Net::DNS::SEC.

Code has been reworked to anticipate the proposed removal of some features in future versions of OpenSSL, but is otherwise functionally identical to 1.08.

Test scripts have been modified to avoid filename conflicts which arise when tests are executed in parallel.

For a complete list of changes and bugfixes see the CHANGES file.

Dear all,

I am pleased to announce the 1.08 release of Net::DNS::SEC.

Code has been reworked to generate and verify signatures using the EVP interface which requires OpenSSL 1.0.0 or later.

Use of ED25519 and ED448 (algorithms 15 and 16) requires OpenSSL 1.1.1 or later.

ECC-GOST (obsolete GOST R 34.10-2001) signature verification requires the Digest::GOST package to be installed. The signature generation function has been removed.

For a complete list of changes and bugfixes see the CHANGES file.

Dear all,

We have a candidate for the 1.08 release of Net::DNS::SEC.

Code has been reworked to generate and verify signatures using the EVP interface which requires OpenSSL 1.0.0 or later.

Use of ED25519 and ED448 (algorithms 15 and 16) requires OpenSSL 1.1.1 or later.

ECC-GOST (obsolete GOST R 34.10-2001) signature verification requires the Digest::GOST package to be installed. The signature generation function has been removed.

For a complete list of changes and bugfixes see the CHANGES file.

Please review this candidate carefully. If no issues arise, the actual release will follow Friday the 11th of May 2018.

Dear all,

I am pleased to anounce the 1.07 release of Net::DNS::SEC.

During the hackathon at IETF101, we worked on validating and signing with the Ed25519 and Ed448 curves (algorithm 15 and 16) using OpenSSL’s official EVP interface. Unfortunately, the at the time available version 1.1.1-pre2 of OpenSSL was not yet completely ready for this, resulting in a *Epic fail* of our project! However, the foundation had been laid, and since then 1.1.1-pre3 and 1.1.1-pre4 have been released which do offer working support for the Edwards curves via the EVP interface.

This release contains a definite Net::DNS::SEC implementation of validating and signing with the Ed25519 and Ed488 curves when building against OpenSSL version 1.1.1-pre3 or higher. We believe this is the first main-stream “consumer” DNS library that offers both signing and validation for both the RFC8080 Edward-curves.

Besides the curve support, this release has also a single bugfix, to let Net::DNS::SEC install in architecture/build- dependent location.

For a complete list of changes and bugfixes see the CHANGES file.

Dear all,

I’m pleased to announce a new release, version 1.05 of Net::DNS::SEC.

This release contains an interim Net::DNS::SEC implementation of the Ed25519 and Ed488 curves (algorithm 15 and 16). However, it is provided as a building-kit from which some pieces have to come from a pre-build openssl-1.1.1* source tree.

Build instructions can be found in the include/Ed25519.h and include/Ed448.h files from the source tarball.

The current state of the Crypt::OpenSSL::RSA module (with respect to newer versions of OpenSSL), has made the private RSA key generation function of Net::DNS::SEC challenging (to say the least). Key generation with Net::DNS::SEC was already limited and restricted to RSA. This and readily available better private key generation tools, such as the BIND dnssec-keygen tool (which we already recommended), made us decide to drop this function.

This release has also a single bugfix, resolving an issue with missing attributes in private key files.

For a complete list of changes and bugfixes see the CHANGES file.

Dear all,

We have a candidate for the 1.05 release of Net::DNS::SEC.

This release contains an interim Net::DNS::SEC implementation of the Ed25519 and Ed488 curves (algorithm 15 and 16). However, it is provided as a building-kit from which some pieces have to come from a pre-build openssl-1.1.1* source tree.

Build instructions can be found in the include/Ed25519.h and include/Ed448.h files from the source tarball.

The current state of the Crypt::OpenSSL::RSA module (with respect to newer versions of OpenSSL), has made the private RSA key generation function of Net::DNS::SEC challenging (to say the least). Key generation with Net::DNS::SEC was already limited and restricted to RSA. This and readily available better private key generation tools, such as the BIND dnssec-keygen tool (which we already recommended), made us decide to drop this function.

This release has also a single bugfix, resolving an issue with missing attributes in private key files.

For a complete list of changes and bugfixes see the CHANGES file.

Please review this candidate carefully. If no issues arise, the actual release will follow Tuesday the 20th of March 2018.

Dear all,

We have a new release version 1.04 of Net::DNS::SEC.

Net::DNS::SEC is dependent on the Crypt::OpenSSL::(DSA|EDSA|RSA) modules for the cryptographic operations. Unfortunately these modules have not remained up-to-date with the underlying OpenSSL C library and are now non functional with OpenSSL releases from version 1.1.0 and higher.

This release contains a Perl foreign function interface on the OpenSSL libcrypto library directly and is no longer dependent on the Crypt::OpenSSL::(DSA|EDSA|RSA) modules, providing more flexibility in OpenSSL upgrade strategies.

Dear all,

We have a new release version 1.15 of Net::DNS.

This release has no bugs resolved nor any new features. Besides some minor code maintenance, this release only adds a Change notice to formalize the retirement of the GOST R 34.11-94 hash algorithm. However, the GOST algorithm will still work when a functional Digest::GOST module is present.

See also the Changes file.

Regression test results: https://www.net-dns.org/regression

Dear all,

We have a candidate for the 1.04 release of Net::DNS::SEC.

Net::DNS::SEC is dependent on the Crypt::OpenSSL::(DSA|ECDSA|RSA) modules for the cryptographic operations. Unfortunately these modules have not remained up-to-date with the underlying OpenSSL C library and are now non functional with OpenSSL releases from version 1.1.0 and higher.

This release contains a Perl foreign function interface on the OpenSSL libcrypto library directly and is no longer dependent on the Crypt::OpenSSL::(DSA|ECDSA|RSA) modules, providing more flexibility in OpenSSL upgrade strategies.

This is a non trivial architectural change. Therefore we ask you to review this candidate extra thoroughly. If no issues arise, the actual release will follow Wednesday the 14 February 2018.

For a complete list of changes and bugfixes see the CHANGES file.