Maintenance Blog

Dear all,

I am pleased to anounce the 1.07 release of Net::DNS::SEC.

During the hackathon at IETF101, we worked on validating and signing with the Ed25519 and Ed448 curves (algorithm 15 and 16) using OpenSSL’s official EVP interface. Unfortunately, the at the time available version 1.1.1-pre2 of OpenSSL was not yet completely ready for this, resulting in a *Epic fail* of our project! However, the foundation had been laid, and since then 1.1.1-pre3 and 1.1.1-pre4 have been released which do offer working support for the Edwards curves via the EVP interface.

This release contains a definite Net::DNS::SEC implementation of validating and signing with the Ed25519 and Ed488 curves when building against OpenSSL version 1.1.1-pre3 or higher. We believe this is the first main-stream “consumer” DNS library that offers both signing and validation for both the RFC8080 Edward-curves.

Besides the curve support, this release has also a single bugfix, to let Net::DNS::SEC install in architecture/build- dependent location.

For a complete list of changes and bugfixes see the CHANGES file.

Dear all,

I’m pleased to announce a new release, version 1.05 of Net::DNS::SEC.

This release contains an interim Net::DNS::SEC implementation of the Ed25519 and Ed488 curves (algorithm 15 and 16). However, it is provided as a building-kit from which some pieces have to come from a pre-build openssl-1.1.1* source tree.

Build instructions can be found in the include/Ed25519.h and include/Ed448.h files from the source tarball.

The current state of the Crypt::OpenSSL::RSA module (with respect to newer versions of OpenSSL), has made the private RSA key generation function of Net::DNS::SEC challenging (to say the least). Key generation with Net::DNS::SEC was already limited and restricted to RSA. This and readily available better private key generation tools, such as the BIND dnssec-keygen tool (which we already recommended), made us decide to drop this function.

This release has also a single bugfix, resolving an issue with missing attributes in private key files.

For a complete list of changes and bugfixes see the CHANGES file.

Dear all,

We have a candidate for the 1.05 release of Net::DNS::SEC.

This release contains an interim Net::DNS::SEC implementation of the Ed25519 and Ed488 curves (algorithm 15 and 16). However, it is provided as a building-kit from which some pieces have to come from a pre-build openssl-1.1.1* source tree.

Build instructions can be found in the include/Ed25519.h and include/Ed448.h files from the source tarball.

The current state of the Crypt::OpenSSL::RSA module (with respect to newer versions of OpenSSL), has made the private RSA key generation function of Net::DNS::SEC challenging (to say the least). Key generation with Net::DNS::SEC was already limited and restricted to RSA. This and readily available better private key generation tools, such as the BIND dnssec-keygen tool (which we already recommended), made us decide to drop this function.

This release has also a single bugfix, resolving an issue with missing attributes in private key files.

For a complete list of changes and bugfixes see the CHANGES file.

Please review this candidate carefully. If no issues arise, the actual release will follow Tuesday the 20th of March 2018.

Dear all,

We have a new release version 1.04 of Net::DNS::SEC.

Net::DNS::SEC is dependent on the Crypt::OpenSSL::(DSA|EDSA|RSA) modules for the cryptographic operations. Unfortunately these modules have not remained up-to-date with the underlying OpenSSL C library and are now non functional with OpenSSL releases from version 1.1.0 and higher.

This release contains a Perl foreign function interface on the OpenSSL libcrypto library directly and is no longer dependent on the Crypt::OpenSSL::(DSA|EDSA|RSA) modules, providing more flexibility in OpenSSL upgrade strategies.

Dear all,

We have a new release version 1.15 of Net::DNS.

This release has no bugs resolved nor any new features. Besides some minor code maintenance, this release only adds a Change notice to formalize the retirement of the GOST R 34.11-94 hash algorithm. However, the GOST algorithm will still work when a functional Digest::GOST module is present.

See also the Changes file.

Regression test results: https://www.net-dns.org/regression

Dear all,

We have a candidate for the 1.04 release of Net::DNS::SEC.

Net::DNS::SEC is dependent on the Crypt::OpenSSL::(DSA|ECDSA|RSA) modules for the cryptographic operations. Unfortunately these modules have not remained up-to-date with the underlying OpenSSL C library and are now non functional with OpenSSL releases from version 1.1.0 and higher.

This release contains a Perl foreign function interface on the OpenSSL libcrypto library directly and is no longer dependent on the Crypt::OpenSSL::(DSA|ECDSA|RSA) modules, providing more flexibility in OpenSSL upgrade strategies.

This is a non trivial architectural change. Therefore we ask you to review this candidate extra thoroughly. If no issues arise, the actual release will follow Wednesday the 14 February 2018.

For a complete list of changes and bugfixes see the CHANGES file.

Dear all,

We have a candidate for the fast track release of Net::DNS 1.15.

This release has no bugs resolved nor any new features. Besides some minor code maintenance, this release only adds a Change notice to formalize the retirement of the GOST R 34.11-94 hash algorithm. However, the GOST algorithm will still work when a functional Digest::GOST module is present.

See also the Changes file.

Actual release will follow Friday 9 February 2018.

Regression test results: https://www.net-dns.org/regression

Dear all,

We have a candidate for the upcoming 1.14 release of Net::DNS.

This release resolves an issue with inaccessibility of (sub)packages from .pm files containing more than one packages, due to changed file permissions caused by dropped or changed user permissions by a program.

Besides this issue, this release also expresses more clearly that the Net::DNS::Nameserver module is not, nor will ever be, a general-purpose DNS nameserver implementation.

Functionality of Net::DNS::Nameserver has been extended to have a default ReplyHandler that will serve a zone given with a ZoneFile optional argument to the constructor.

See also the Changes file.

Please review this candidate carefully. If no issues arise, the actual release will follow Thursday the 14th of December 2017.

Regression test results: https://www.net-dns.org/regression

Dear all,

We have a new release version 1.13 of Net::DNS.

This release allows queries for internationalized domains now also on platforms with Net::LibIDN2 (besides the already existing support with Net::LibIDN).

See also the Changes file.

Regression test results: https://www.net-dns.org/regression

Dear all,

We have a candidate for the upcoming 1.13 release of Net::DNS.

This release allows queries for internationalized domains (with non-ASCII characters) now also on platforms using CPAN Net::LibIDN2 (besides the already existing support with Net::LibIDN).

See also the Changes file.

Please review this candidate carefully. If no issues arise, the actual release will follow Wednesday the 18th of October 2017.

Regression test results: https://www.net-dns.org/regression