Net::DNS 1.17 Released

Dear all,

We have a new bugfix release, version 1.17 of Net::DNS.

This release contains three bugfixes, from which two were introduced in release 1.16.

  • A fix for broken name compression in rdata fields.
  • A fix for undefined typemap for NSEC3s on empty non-terminals.
  • A fix for AXFR for nameservers that start with a single SOA in a single packet (like PowerDNS).

See also the Changes file.

link https://www.net-dns.org/download/Net-DNS-1.17.tar.gz
sha256 9a79fd8fea1a708726c18d193ae4437479206ccb20ffa7f0971371e172e2c2e0
asc https://www.net-dns.org/download/Net-DNS-1.17.tar.gz.asc

Regression test results: https://www.net-dns.org/regression

Fast-track release candidate for Net::DNS 1.17

Dear all,

We have a fast-track release candidate for the upcoming 1.17 bugfix release of Net::DNS.

This release contains three bugfixes, from which two were introduced in release 1.16.

  • A fix for broken name compression in rdata fields.
  • A fix for undefined typemap for NSEC3s on empty non-terminals.
  • A fix for AXFR for nameservers that start with a single SOA in a single packet (like PowerDNS).

See also the Changes file.

Please review this candidate carefully. If no issues arise, the actual release will follow Wednesday the 25th of July 2018.

link https://www.net-dns.org/download/Net-DNS-1.16_01.tar.gz
sha256 035c3feb834683394505ed943eaf0fec89878960ad8acbd287fa9814aff47692
asc https://www.net-dns.org/download/Net-DNS-1.16_01.tar.gz.asc

Regression test results: https://www.net-dns.org/regression

Net::DNS Released

Dear all,

We have a new release version 1.16 of Net::DNS.

This release contains new and improved methods for NSEC and NSEC3 RRs to enquery about the name it covers, the types in its typemap, and in case of NSEC3 about the encloser, nextcloser and (unexpanded) wildcard.

Also, IPv6 support is from now only with the IO::Socket::IP module. Support for the IO::Socket::INET6 is removed (for which we have warned about since 1.12).

See also the Changes file.

link https://www.net-dns.org/download/Net-DNS-1.16.tar.gz
sha256 8163eebaf46d1a870b6f596684f345da7c3a7461d7dba2b85f23e02d8982ea37
asc https://www.net-dns.org/download/Net-DNS-1.16.tar.gz.asc

Regression test results: https://www.net-dns.org/regression

Release candidate for Net::DNS 1.16

Dear all,

We have a candidate for the upcoming 1.16 release of Net::DNS.

This release contains new and improved methods for NSEC and NSEC3 RRs to enquery about the name it covers, the types in its typemap, and in case of NSEC3 about the encloser, nextcloser and (unexpanded) wildcard.

Also, IPv6 support is from now only with the IO::Socket::IP module. Support for the IO::Socket::INET6 is removed (for which we have warned about since 1.12).

See also the Changes file.

Please review this candidate carefully. If no issues arise, the actual release will follow Sunday the 15th of July 2018.

link https://www.net-dns.org/download/Net-DNS-1.15_04.tar.gz
sha256 7538ca61a5d681cc3e7424f8fee64ce3d47525b192edec0ded4fa6d78b70b68f
asc https://www.net-dns.org/download/Net-DNS-1.15_04.tar.gz.asc

Regression test results: https://www.net-dns.org/regression

Net::DNS::SEC 1.09 released

Dear all,

We are pleased to announce the 1.09 release of Net::DNS::SEC.

Code has been reworked to anticipate the proposed removal of some features in future versions of OpenSSL, but is otherwise functionally identical to 1.08.

Test scripts have been modified to avoid filename conflicts which arise when tests are executed in parallel.

For a complete list of changes and bugfixes see the CHANGES file.

link https://www.net-dns.org/download/Net-DNS-SEC-1.09.tar.gz
sha256 58eee69f494bc8157ad7cc043737404090ab0e557600c7e556a1f6422b8808c6
asc https://www.net-dns.org/download/Net-DNS-SEC-1.09.tar.gz.asc

Net::DNS::SEC 1.08 released

Dear all,

I am pleased to announce the 1.08 release of Net::DNS::SEC.

Code has been reworked to generate and verify signatures using the EVP interface which requires OpenSSL 1.0.0 or later.

Use of ED25519 and ED448 (algorithms 15 and 16) requires OpenSSL 1.1.1 or later.

ECC-GOST (obsolete GOST R 34.10-2001) signature verification requires the Digest::GOST package to be installed. The signature generation function has been removed.

For a complete list of changes and bugfixes see the CHANGES file.

link https://www.net-dns.org/download/Net-DNS-SEC-1.08.tar.gz
sha256 996d4e8dfa0c810221e87f5d290ee12098bb38dd37e9b3fb6276f3b19627d57b
asc https://www.net-dns.org/download/Net-DNS-SEC-1.08.tar.gz.asc

Release candidate for Net::DNS::SEC 1.08

Dear all,

We have a candidate for the 1.08 release of Net::DNS::SEC.

Code has been reworked to generate and verify signatures using the EVP interface which requires OpenSSL 1.0.0 or later.

Use of ED25519 and ED448 (algorithms 15 and 16) requires OpenSSL 1.1.1 or later.

ECC-GOST (obsolete GOST R 34.10-2001) signature verification requires the Digest::GOST package to be installed. The signature generation function has been removed.

For a complete list of changes and bugfixes see the CHANGES file.

Please review this candidate carefully. If no issues arise, the actual release will follow Friday the 11th of May 2018.

link https://www.net-dns.org/download/Net-DNS-SEC-1.07_02.tar.gz
sha256 60c80b5b0052424f348324bd14e024e852d5962845debf98c8b28a6d7fbf4a20
asc https://www.net-dns.org/download/Net-DNS-SEC-1.07_02.tar.gz.asc

Net::DNS::SEC 1.07 released

Dear all,

I am pleased to anounce the 1.07 release of Net::DNS::SEC.

During the hackathon at IETF101, we worked on validating and signing with the Ed25519 and Ed448 curves (algorithm 15 and 16) using OpenSSL’s official EVP interface. Unfortunately, the at the time available version 1.1.1-pre2 of OpenSSL was not yet completely ready for this, resulting in a *Epic fail* of our project! However, the foundation had been laid, and since then 1.1.1-pre3 and 1.1.1-pre4 have been released which do offer working support for the Edwards curves via the EVP interface.

This release contains a definite Net::DNS::SEC implementation of validating and signing with the Ed25519 and Ed488 curves when building against OpenSSL version 1.1.1-pre3 or higher. We believe this is the first main-stream “consumer” DNS library that offers both signing and validation for both the RFC8080 Edward-curves.

Besides the curve support, this release has also a single bugfix, to let Net::DNS::SEC install in architecture/build- dependent location.

For a complete list of changes and bugfixes see the CHANGES file.

link http://www.net-dns.org/download/Net-DNS-SEC-1.07.tar.gz
sha256 39e92aae3d354007583843aa6b24ab74e8725c09ba952a87084529b5229aee94
asc http://www.net-dns.org/download/Net-DNS-SEC-1.07.tar.gz.asc

Net::DNS::SEC 1.05 Released

Dear all,

I’m pleased to announce a new release, version 1.05 of Net::DNS::SEC.

This release contains an interim Net::DNS::SEC implementation of the Ed25519 and Ed488 curves (algorithm 15 and 16). However, it is provided as a building-kit from which some pieces have to come from a pre-build openssl-1.1.1* source tree.

Build instructions can be found in the include/Ed25519.h and include/Ed448.h files from the source tarball.

The current state of the Crypt::OpenSSL::RSA module (with respect to newer versions of OpenSSL), has made the private RSA key generation function of Net::DNS::SEC challenging (to say the least). Key generation with Net::DNS::SEC was already limited and restricted to RSA. This and readily available better private key generation tools, such as the BIND dnssec-keygen tool (which we already recommended), made us decide to drop this function.

This release has also a single bugfix, resolving an issue with missing attributes in private key files.

For a complete list of changes and bugfixes see the CHANGES file.

link https://www.net-dns.org/download/Net-DNS-SEC-1.05.tar.gz
sha256 1e4cb2575b4d25a3bd9d0b20ed9db2464baacc22f315012a2ad5375574644b2e
asc https://www.net-dns.org/download/Net-DNS-SEC-1.05.tar.gz.asc

Release candidate for Net::DNS::SEC 1.05

Dear all,

We have a candidate for the 1.05 release of Net::DNS::SEC.

This release contains an interim Net::DNS::SEC implementation of the Ed25519 and Ed488 curves (algorithm 15 and 16). However, it is provided as a building-kit from which some pieces have to come from a pre-build openssl-1.1.1* source tree.

Build instructions can be found in the include/Ed25519.h and include/Ed448.h files from the source tarball.

The current state of the Crypt::OpenSSL::RSA module (with respect to newer versions of OpenSSL), has made the private RSA key generation function of Net::DNS::SEC challenging (to say the least). Key generation with Net::DNS::SEC was already limited and restricted to RSA. This and readily available better private key generation tools, such as the BIND dnssec-keygen tool (which we already recommended), made us decide to drop this function.

This release has also a single bugfix, resolving an issue with missing attributes in private key files.

For a complete list of changes and bugfixes see the CHANGES file.

Please review this candidate carefully. If no issues arise, the actual release will follow Tuesday the 20th of March 2018.

link http://www.net-dns.org/download/Net-DNS-SEC-1.04_04.tar.gz
sha256 68398915227a93e891e3eb7979dad82457dd454c6a25299d8c2813915f98b31d
asc http://www.net-dns.org/download/Net-DNS-SEC-1.04_04.tar.gz.asc