Archive for February 2015

Net::DNS 0.83 Released

We have just released version 0.83 of Net::DNS.

This release has (almost) only bug fixes and is intended to establish a clean baseline in preparation for the merge of the RRs that are currently only in Net::DNS::SEC. Note that for actual cryptographic operations Net::DNS::SEC will still be required.

Besides the bug fixes, in anticipating of the Net::DNS::SEC RRs rehousing, this release already has the new CSYNC RR from the draft-ietf-dnsop-child-syncronization on board for experimentation purposes.

For a complete list of changes and bugfixes see the CHANGES file.

link https://www.net-dns.org/download/Net-DNS-0.83.tar.gz
sha1 1e0f7a3640125c5d7511324e516620ae25cac99f
asc https://www.net-dns.org/download/Net-DNS-0.83.tar.gz.asc

Release candidate for Net::DNS 0.83

We have a candidate for the upcoming bugfix release 0.83 of Net::DNS.

As discussed on the net-dns-users mailing list and also announced with the previous Net::DNS::SEC release, we are planning to merge the DNSSEC RR’s that are currently in the Net::DNS::SEC module (DS, DNSKEY, RRSIG etc.) into Net::DNS, though without the cryptographic operations. For the cryptographic operations (signing, verifying etc.), Net::DNS::SEC will still be required.

This release is intended to establish a clean Net::DNS baseline, before we start moving the RR’s over.

In anticipating of this move, this release already has the new CSYNC RR from the draft-ietf-dnsop-child-syncronization on board for experimentation purposes.

For a complete list of changes and bugfixes see the CHANGES file.

If no issues arise, the actual release will follow Thursday the 26th of February 2015.

link http://www.net-dns.org/download/Net-DNS-0.82_03.tar.gz
sha1 8421aaf188a19d7bb489320c029485ef3969150e
asc http://www.net-dns.org/download/Net-DNS-0.82_03.tar.gz.asc

Net::DNS::SEC 0.22 Released

We have a new Net::DNS::SEC release version 0.22.

This release introduces the following new features and improvements:

RRSIG::siginception and RRSIG::siginception in time values
RRSIG::siginception and RRSIG::siginception now return, besides the format date in string context like before, the date as seconds since epoch in numeric context.
ECDSA and GOST signature creation and verification
The optional Crypt::OpenSSL::EC, Crypt::OpenSSL::ECDSA and Digest::GOST need to be available to enable this feature.
Version requirements detection for optional modules
Besides the optional modules just mentioned, Crypt::OpenSSL::Random is an optional module which enables private key generation and Digest::BubbleBabble enables Net::DNS::RR::DS::babble

Besides these features, architectural modifications have been made to loosen the Net::DNS::RR::* classes from the Net::DNS::SEC package, so that they can be added to the regular Net::DNS in the future, although without cryptographic operations.

To this end, all cryptographic operations are now concentrated in their own modules Net::DNS::SEC::RSA, Net::DNS::SEC::DSA, Net::DNS::SEC::ECDSA and Net::DNS::SEC::ECCGOST.

An affected module of this rework is Net::DNS::SEC::Private. This module previously performed cryptographic operations with the generate_rsa, new_rsa_priv and dump_rsa_* methods.

The generate_rsa and new_rsa_priv methods are still available as before, but the dump_rsa_* methods are now available only if the generate_rsa or new_rsa_priv function were used to create the Net::DNS::SEC::Private object. This is different from previous behaviour (i.e. not backwards compatible).

For a complete list of changes and bugfixes see the CHANGES file.

link https://www.net-dns.org/download/Net-DNS-SEC-0.22.tar.gz
sha1 29bdb3191f7115f08feae54938e24a9a9ff2b71d
asc https://www.net-dns.org/download/Net-DNS-SEC-0.22.tar.gz.asc

Release candidate for Net::DNS::SEC 0.22

We have a candidate for the upcoming 0.22 release of Net::DNS::SEC.
This release introduces the following new features and improvements:

RRSIG::siginception and RRSIG::siginception in time values
RRSIG::siginception and RRSIG::siginception now returns, besides the format date in string context like before, the date as seconds since epoch in numeric context.
ECDSA and GOST signature creation and verification
The optional Crypt::OpenSSL::EC, Crypt::OpenSSL::ECDSA and Digest::GOST need to be available to enable this feature.
Version requirements detection for optional modules
Besides the optional modules just mentioned, Crypt::OpenSSL::Random is an optional module which enables private key generation and Digest::BubbleBabble enables Net::DNS::RR::DS::babble

Besides these features, architectural modifications have been made to loosen the Net::DNS::RR::* classes from the Net::DNS::SEC package, so that they can be added to the regular Net::DNS in the future, although without cryptographic operations.

To this end, all cryptographic operations are now concentrated in their own modules Net::DNS::SEC::RSA, Net::DNS::SEC::DSA, Net::DNS::SEC::ECDSA and Net::DNS::SEC::ECCGOST.

An affected module of this rework is Net::DNS::SEC::Private.   This module previously performed cryptographic operations with the generate_rsa, new_rsa_priv and dump_rsa_* methods.

The generate_rsa and new_rsa_priv methods are still available as before, but the dump_rsa_* methods are now available only if the generate_rsa or new_rsa_priv function were used to create the Net::DNS::SEC::Private object.  This is different from previous behaviour.

Note that the Private.pm module had and has the following text at the top of its documentation: “The class is written to be used only in the context of the Net::DNS::RR::RRSIG create method. This class is not designed to interact with any other system.”

If you  depend upon this module please let us know, preferably with a use case.

For a complete list of changes and bugfixes see the CHANGES file.

Please review this version carefully and regression-test it with your software. If no issues arise, the actual release will follow Wedensday the 11th of February 2015.

link http://www.net-dns.org/download/Net-DNS-SEC-0.21_10.tar.gz
sha1 8f6951a0e4e6fa4d2dc7fbc4147a36945ed5631d