Net::DNS::SEC - DNSSEC extensions to Net::DNS
=============================================


IMPORTANT UPGRADE NOTE.

Please always read the Changes file. It is accessible
through: http://search.cpan.org/src/OLAF/Net-DNS-SEC/Changes

	
1. GENERAL INFO.

  This module implements DNS Resource Record types that are relevant
  for DNSSEC operations. This package implements RFC4034
  "Resource Records for the DNS Security Extensions" and RFC2931 "DNS
  Request and Transaction Signatures ( SIG(0)s )"

  RFC 3225 (Indicating Resolver Support of DNSSEC) support has been
  integrated into Net::DNS.

  The extensions provide the following additional features on top of
  the Net::DNS package (http://www.net-dns.org/). 

  - DS, DNSKEY, RRSIG, NSEC and NSEC3 records. These are all implemented
    as Net::DNS RR objects.  The cryptography has been implemented using
    Crypt::OpenSSL::DSA, Crypt::OpenSSL::RSA and related modules.

  The reason for not making these RRs a part of the regular Net::DNS
  distribution is that they rely on crypto modules that do not easily
  port.

  Also see the 'pod' documentation in: 
       Net::DNS::RR::DNSKEY
       Net::DNS::RR::DS
       Net::DNS::RR::NSEC
       Net::DNS::RR::NSEC3
       Net::DNS::RR::RRSIG
       Net::DNS::SEC::Private
  and for the use of SIG0 see:
       Net::DNS::Packet (sign_sig0)
       Net::DNS::RR::KEY
       Net::DNS::RR::SIG
       Net::DNS::SEC::Private


  On top of the RR classes defined above we also provide a class for
  handling keysets. Keysets are administrative files used by the BIND
  tools for keymaintenance tasks.  Net::DNS::Keyset provides an abstract
  interface for doing fun things with them.

2. Dependencies

  This package relies on Net-DNS version 0.69 or higher (also see CHANGES)
  which has features specifically designed to support Net::DNS::SEC.

  Among other straightforward routines you will need to have
  Crypt::OpenSSL::DSA and Crypt::OpenSSL::RSA installed.

  The package was initially developed on FreeBSD 4.5 with perl5.6.1, 
  as of version 0.11 development and testing where done on 
  MacOS 10.2.6 with perl, v5.8.0 built for darwin.


3. Install

  Use CPAN.

  perl -MCPAN -e shell;
  cpan> install Net::DNS::SEC
  

  Alternatively install this package manually:
    tar -xvzf Net-DNS-SEC-??.tar.gz
    cd  Net-DNS-SEC-??.tar.gz
    perl Makefile.PL
    make 
    make test
    make install

  'perl Makefile.PL' will test if all dependencies are in place. 
  'make test' will do some tests that should all succeed once all
  dependencies are satisfied. Please report failures during the test 
  phase.


4. Maintenance

  Please use the CPAN request tracker if you find bugs in the
  extensions or have DNSSEC feature request. The request tracker is 
  available through:

   https://rt.cpan.org/NoAuth/ReportBug.html?Queue=Net-DNS-SEC
  
  Net::DNS contains a number of hooks for Net::DNS::SEC in the
  Net::DNS package. If you have problems with Net::DNS in general see:
  http://www.net-dns.org/

  A snapshot of the development code is available through subversion:
	http://www.net-dns.org/svn/net-dns-sec/trunk

  Note that the code on the trunk may not be functional.


5. Staying up to date.

  Announcements about Net::DNS::SEC will be done on 
  http://www.net-dns.org/blog/. An RSS feed is available.


6. Demos
  demo/getkeyset.pl - is a small demonstration program that will get
                      fetch the keyset for a specified domain, stores
                      them and prints out the DS RRs to STD out.
  demo/make-signed-keyset - A script contributed by Wes Griffin creates 
                      a self-signed keyset from a BIND public key file 
                      specified on the command line.

  demo/key2ds      -  reads the key data from STDIN and print the 
                      corresponding DS record on STDOUT. Contributed by 
                      Miek Gieben


7. History

  The modules in this package have somewhat of a history as a set of 
  patches to the original Net::DNS package. 

  Version 0.02 is the first distribution of the DNSSEC security
  for CPAN.  See the Changes file for more information.


8. Acknowledgements

  Thanks to the numerous folk that took an interest during
  development.  People that contributed to bug fixes should be
  acknowledged in the Changes file. If I forgot to mention you there
  it is not out of bad intention.

  Thanks to Chris Reinardt for putting the hooks in Net::DNS and suggesting
  some improvements to the package.
  Thanks Ian Robertson and T.J. Mather for their support with the
  Crypt::OpenSSL::[RSA|DSA] modules.

  
9. COPYRIGHT

Copyright (c) 2001-2005 RIPE NCC.  Author Olaf M. Kolkman

All Rights Reserved


10. LICENSE

Permission to use, copy, modify, and distribute this software and its
documentation for any purpose and without fee is hereby granted, provided
that the above copyright notice appear in all copies and that both that
copyright notice and this permission notice appear in supporting
documentation, and that the name of the author not be used in advertising
or publicity pertaining to distribution of the software without specific
prior written permission.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
DEALINGS IN THE SOFTWARE.


------------------------------------------------------------------------------
$Id: README 1314 2015-02-06 09:59:09Z willem $