Infoblox::DNS::DnssecTrustedKey - DNSSEC trusted key object.
For recursively derived signed data, the DNS server can perform validation. In order to be secure, this validation relies on a set of trust anchors. These trust anchors and their associated trusted keys can be specified via the Infoblox::DNS::DnssecTrustedKey objects.
DNSSEC is based on DNS specifications RFC 4033, RFC 4034, and RFC 4035, which provide authentication protocol enhancements to secure DNS transactions.
my $dnssec_trusted_key=Infoblox::DNS::DnssecTrustedKey->new( algorithm => "RSAMD5"|"DSA"|"RSASHA1"|"NSEC3DSA"|"NSEC3RSASHA1"|"RSASHA256"|"RSASHA512"|"NSEC3RSASHA256"|"NSEC3RSASHA512"|1|3|5|6|7, #Required fqdn => $string, #Required key => $string, #Required secure_entry_point => "true"|"false" #Optional / Default is "true" );
This section describes all the functions that you can apply to a DnssecTrustedKey object.
Use this function to specify a list of DNSSEC keys for a grid object.
## Construct the trusted key object. When trying to implement this example replace with the actual public key of the signed zone. my $dnssec_key = Infoblox::DNS::DnssecTrustedKey->new( algorithm => "RSAMD5", fqdn => "example.com", key => "Zx1jVJl7C58GT/sc7Q3ucA==", secure_entry_point => "false" ); # Configure dnssec_trusted_keys on the grid DNS object my $response = $Grid_DNS->dnssec_trusted_keys([$dnssec_key]);
Use this function to specify a list of DNSSEC keys for a grid member object.
## Construct the trusted key object my $dnssec_key = Infoblox::DNS::DnssecTrustedKey->new( algorithm => "RSAMD5", fqdn => "example.com", key => "Zx1jVJl7C58GT/sc7Q3ucA==", secure_entry_point => "false" ); # Configure dnssec_trusted_keys on the grid DNS object my $response = $Grid_Member_DNS->dnssec_trusted_keys([$dnssec_key]);
Use this function to specify a list of DNSSEC keys for a DNS View object.
## Construct the trusted key object my $dnssec_key = Infoblox::DNS::DnssecTrustedKey->new( algorithm => "RSAMD5", fqdn => "example.com", key => "Zx1jVJl7C58GT/sc7Q3ucA==", secure_entry_point => "false" ); # Configure dnssec_trusted_keys on the grid DNS object my $response = $DNS_View->dnssec_trusted_keys([$dnssec_key]);
Use this method to set or retrieve a DNSSEC encryption algorithm.
Include the specified parameter to set the attribute value. Omit the parameter to retrieve the attribute value.
The public-key encryption algorithm. This can be either an integer or mnemonic. The following table shows the correlation between the integers and mnemonics for the algorithms supported by the appliance:
Value Algorithm Mnemonic
1 RSA/MD5 RSAMD5
3 DSA DSA
5 RSA/SHA-1 RSASHA1
6 NSEC3DSA NSEC3DSA
7 NSEC3RSA/SHA-1 NSEC3RSASHA1
For algorithms not listed above, only the mnemonic representation is supported.
If you specified a parameter, the method returns true when the modification succeeds, and returns false when the operation fails.
If you did not specify a parameter, the method returns the attribute value.
# Getting algorithm my $algorithm = $dnssec_key->algorithm(); # Modifying algorithm $dnssec_key->algorithm("DSA");
Use this method to set or retrieve the FQDN of the zone to which the key belongs.
Include the specified parameter to set the attribute value. Omit the parameter to retrieve the attribute value.
FQDN of the zone to which the trusted_key pertains, in DNS label order.
If you specified a parameter, the method returns true when the modification succeeds, and returns false when the operation fails.
If you did not specify a parameter, the method returns the attribute value.
# Getting fqdn my $zone = $dnssec_key->fqdn(); # Modifying algorithm $dnssec_key->fqdn("zone.example.com");
Use this method to add or retrieve the DNSSEC public key for the zone.
Include the specified parameter to set the attribute value. Omit the parameter to retrieve the attribute value.
Base-64 encoding of the key.
If you specified a parameter, the method returns true when the modification succeeds, and returns false when the operation fails.
If you did not specify a parameter, the method returns the attribute value.
# Getting key my $key = $dnssec_key->key(); # Modifying key $dnssec_key->key("AQPdWbrGbVv1eDhNgRhpJMPonJfA3reyEo82ekwRnjbX7+uBxB11BqL7LAB7/C+eb0vCtI53FwMhkkNkTmA6bI8B");
secure_entry_point()Use this method to set or retrieve the secure entry point value for the field.
Include the specified parameter to set the attribute value. Omit the parameter to retrieve the attribute value.
Set to "true" to enable the secure entry point, set to "false" to disable it. Default value of this parameter is "true".
If you specified a parameter, the method returns true when the modification succeeds, and returns false when the operation fails.
If you did not specify a parameter, the method returns the attribute value.
# Getting secure_entry_point my $sep = $dnssec_key->secure_entry_point(); # Modifying secure_entry_point $dnssec_key->secure_entry_point("false");
The following sample code demonstrates the different functions that can be applied to an object, such as add and modify. This sample also includes error handling for the operations.
##Preparation prior to a DnssecTrustedKey object insertion
#PROGRAM STARTS: Include all the modules that will be used use strict; use Infoblox;
#Create a session to the Infoblox appliance my $session = Infoblox::Session->new( master => "192.168.1.2", username => "admin", password => "infoblox" ); unless ($session) { die("Construct session failed: ", Infoblox::status_code() . ":" . Infoblox::status_detail()); } print "Session created successfully\n";
#Create a DnssecTrustedKey object
my $dnssec_key = Infoblox::DNS::DnssecTrustedKey->new( key => "ZX1jVJl7C58GT/sc7Q3ucA==", fqdn => "myzone.example.com", algorithm => "RSASHA1" );
unless($dnssec_key) { die("Construct DnssecTrustedKey failed: ", Infoblox::status_code() . ":" . Infoblox::status_detail()); } print "DnssecTrustedKey object created successfully\n";
#Get the member DNS object and add a DnssecTrustedKey object to it
my @result_array = $session->get( object => "Infoblox::Grid::Member::DNS", name => "infoblox.localdomain" );
unless (scalar(@result_array) == 0) { my $memberdns = $result_array[0];
if ($memberdns) {
#Apply changes to the Member object.
$memberdns->dnssec_trusted_keys([$dnssec_key])
or die("modify member failed: ",
Infoblox::status_code() . ":" . Infoblox::status_detail());
print "DnssecTrustedKey added to Member DNS object successfully\n";
#Update member DNS object through the Infoblox session. $session->modify($memberdns) or die("modify session failed: ", $session->status_code() . ":" . $session->status_detail()); print "Member DNS object with DnssecTrustedKey updated to Infoblox device successfully\n";
#Modify existing DnssecTrustedKey object
#Modifying the value of the specified object.
$dnssec_key->fqdn("another.example.com");
print "Modify DnssecTrustedKey fqdn value\n";
#Apply changes to the member object.
$memberdns->transfer_keys([$dnssec_key])
or die("modify member failed: ",
Infoblox::status_code() . ":" . Infoblox::status_detail());
print "DnssecTrustedKey fqdn updated to Member DNS object successfully\n";
#Update member DNS object through the Infoblox session.
$session->modify($memberdns)
or die("modify session failed: ",
$session->status_code() . ":" . $session->status_detail());
print "Member DNS object with DnssecTrustedKey fqdn updated to Infoblox device successfully\n";
}
} else {
print "No member found with the specified name.";
}
####PROGRAM ENDS####
Infoblox Inc. http://www.infoblox.com/
Infoblox::Grid::Member::DNS, Infoblox::DNS::View, Infoblox::Grid::DNS
Copyright (c) 2017 Infoblox Inc.