Infoblox::DNS::Record::DNSKEY - DNSKEY Record object.
The DNSKEY resource record stores public keys for the DNSSEC authentication process. The DNSKEY records are generated automatically when the corresponding authoritative zone is signed. The the DNSKEY resource record object is read-only.
The DNSKEY resource record is defined in RFC 4034.
The Infoblox::DNS::Record::DNSKEY object is a read-only object and does not require manual construction.
This section describes all the methods in an Infoblox::Session that can be applied to a DNSKEY Record object.
Use this method to retrieve the existing objects from an Infoblox appliance. See Infoblox::Session->get() for parameters and return values.
Apply the following attributes to get the DNSKEY Record object(s):
algorithm - Optional. The public key encryption algorithm. The allowed values are '1','3','5','6','7','RSAMD5','RSASHA1','DSA','NSEC3RSASHA1','NSEC3DSA','RSASHA256','RSASHA512','NSEC3RSASHA256' and 'NSEC3RSASHA512'.
flags - Optional. Flags field to identify the type of the key.
key_tag - Optional. Key tag to identify the public key.
name - Optional. FQDN of the DNSKEY record.
public_key- Optional. Public key in the base-64 encoding.
ttl - Optional. TTL of the DNSKEY record.
view - Optional. The DNS view in which the record is located. By default, all DNS views are searched. But if you omit this attribute and specify a zone, the appliance searches the 'default' view only.
zone - Optional. A zone name in FQDN format.
# get all the DNSKEY records for the zone 'domain.com' in the default view. my @retrieved_objs = $session->get( object => "Infoblox::DNS::Record::DNSKEY", name => "domain.com", view => "default" );
# get all the DNSKEY records in the "domain.com" zone of the default view # with algorithm field having the value "RSASHA1" and "flags" having value 257 my @retrieved_objs = $session->get( object => "Infoblox::DNS::Record::DNSKEY", name => "domain.com", algorithm => "RSASHA1", flags => 257, view => "default" );
Use this method to retrieve the existing objects from an Infoblox appliance. See Infoblox::Session->search() for parameters and return values.
Apply the following attributes to search the DNSKEY Record object(s):
algorithm - Optional. The public key encryption algorithm. The allowed values are '1','3','5','6','7','RSAMD5','RSASHA1','DSA','NSEC3RSASHA1','NSEC3DSA','RSASHA256','RSASHA512','NSEC3RSASHA256' and 'NSEC3RSASHA512'.
flags - Optional. Flags field to identify the type of the key.
key_tag - Optional. Key tag to identify the public key.
name - Optional. FQDN of the DNSKEY record (regular expression).
public_key- Optional. Public key in the base-64 encoding (regular expression).
ttl - Optional. TTL of the DNSKEY record.
view - Optional. The DNS view in which the record is located. By default, all DNS views are searched. But if you omit this attribute and specify a zone, the appliance searches the 'default' view only.
zone - Optional. A zone name in FQDN format.
# search the DNSKEY records in the default view by zone name. my @retrieved_objs = $session->search( object => "Infoblox::DNS::Record::DNSKEY", name => ".*[.]com", view => "default" );
# search for all DNSKEY records in the "domain.com" zone of the default view # Note that the 'default' view is assumed implicitly here my @retrieved_objs = $session->search( object => "Infoblox::DNS::Record::DNSKEY", zone => "domain.com", );
This section describes all the methods that can be used to retrieve the attribute values of a DNSKEY Record object.
Use this method to retrieve the public key encryption algorithm of a DNSKEY Record object.
none
The method returns the public key encryption algorithm attribute value. Returned values are one of the following:
#Get the public key encryption algorithm. my $algorithm = $dnskey->algorithm();
Use this method to retrieve the DNSKEY record creator. This is a read-only attribute.
None
The method returns the attribute value.
# Get attribute value my $value = $dnskey->creator();
Use this method to retrieve the FQDN, in punycode format, of the zone that owns the DNSKEY record. This is a read-only attribute.
None
The method returns the attribute value.
# Get attribute value my $value = $dnskey->dns_name();
Use this method to retrieve the flags of a DNSKEY Record object.
none
The method returns the flags attribute value. The flags field is a 16-bit unsigned integer. Currently, only two bits of this value are used--the least significant bit and bit 7. The other bits are reserved for future use and must be zero. If bit 7 is set to 1, the key is a DNS zone key. Otherwise, the key is not a zone key and cannot be used to verify zone data. The least significant bit indicates "secure entry point property". If it is not zero, the key is a key signing key (KSK type). Otherwise, the key type is ZSK.
#Getting flags my $flags = $dnskey->flags();
Use this method to retrieve the key tag identifying the public key of a DNSKEY Record object.
none
The method returns the key tag of the public key value. A key tag is a 16-bit integer key fingerprint. It is used to distinguish one key from another when multiple keys are associated with the same zone.
#Get the key tag of the public key my $key_tag = $dnskey->key_tag();
Use this method to retrieve the FQDN of the zone that owns the DNSKEY record.
The attribute value can be in unicode format.
none
The method returns the FQDN of the zone that contains the given DNSKEY record.
#Get the FQDN of the DNSKEY record my $name = $dnskey->name();
Use this method to retrieve the public key. The format of the returned value depend on the key algorithm.
none
The method returns the public key. The exact format of the returned value depends on the algorithm of the key.
#Get public key. my $public_key = $dnskey->public_key();
Use this method to retrieve the Time to Live (TTL) value of a DNSKEY Record object.
none
The method returns the TTL attribute value. The returned parameter is a 32-bit integer (range from 0 to 4294967295) that represents the duration, in seconds, that the record is cached. Zero indicates that the record should not be cached.
#Get the TTL value my $ttl = $dnskey->ttl();
Use this method to retrieve the DNS View object that contains the DNSKEY Record object.
none
The method returns the Infoblox::DNS::View object that contains the DNSKEY record.
#Get the view my $view = $dnskey->view();
Use this method to retrieve the zone name of a DNSKEY record.
none
The method returns the name of the zone that contains the given DNSKEY record. The returned value is a string in FQDN format.
# Get zone my $zone = $dnskey->zone();
The following sample code demonstrates the session methods on a DNSKEY Record object.
#PROGRAM STARTS: Include all the modules that will be used use strict; use Infoblox;
#Create a session to the Infoblox device my $session = Infoblox::Session->new( master => "192.168.1.2", username => "admin", password => "infoblox" ); unless ($session) { die("Construct session failed: ", $session->status_code() . ":" . $session->status_detail()); } print "Session created successfully\n";
#Enable DNSSEC in the default view
my $default_view=$session->get(
object=> "Infoblox::DNS::View",
name => "default"
);
unless($default_view) {
die("Getting the default view failed:",
Infoblox::status_code() . ":" . Infoblox::status_detail());
}
print "Got the default view successfully\n";
$default_view->dnssec_enabled("true")
or die("Changing the dnssec_enabled in the default view failed:",
Infoblox::status_code() . ":" . Infoblox::status_detail());
$session->modify($default_view)
or die("Changing the dnssec_enabled in the default view failed:",
Infoblox::status_code() . ":" . Infoblox::status_detail());
#Create the zone
print "Creating Member primary server for the zone\n";
my $primary=Infoblox::DNS::Member->new(
ipv4addr => "192.168.1.2",
name => "infoblox.localdomain"
);
unless($primary) {
die("Unable to create primary server object: ",
Infoblox::status_code() . ":" . Infoblox::status_detail());
}
my $zone = Infoblox::DNS::Zone->new(
name => "domain.com",
primary => $primary
);
unless ($zone) {
die("Construct zone failed: ",
Infoblox::status_code() . ":" . Infoblox::status_detail());
}
print "Zone object created successfully\n";
#Verify if the zone exists
my $object = $session->get(object => "Infoblox::DNS::Zone", name => "domain.com");
unless ($object) {
print "Zone does not exist on server, safe to add the zone\n";
$session->add($zone)
or die("Add zone failed: ",
$session->status_code() . ":" . $session->status_detail());
}
print "Zone added successfully\n";
#Retrieving zone back from the server in order to sign it
$zone = $session->get(object => "Infoblox::DNS::Zone", name => "domain.com");
unless($zone) {
die("Retrieving zone back failed: ",
Infoblox::status_code( ). ":". Infoblox::status_detail( ));
}
print "Zone retrieved for signing successfully.\n";
$zone->dnssec_ksk_algorithm("NSEC3RSASHA1") &&
$zone->dnssec_zsk_algorithm("NSEC3RSASHA1") &&
$zone->dnssec_ksk_size(640) &&
$zone->dnssec_zsk_size(640)
or die("Changing the zone DNSSEC setting failed: ",
Infoblox::status_code() . ":" . Infoblox::status_detail());
$session->modify($zone)
or die("Modifying dnssec values in zone failed: ",
Infoblox::status_code() . ":" . Infoblox::status_detail());
print "Zone modified successfully\n";
#Signing the zone
$zone->dnssec_signed("true")
or die("Signing of the zone failed: ",
Infoblox::status_code() . ":" . Infoblox::status_detail());
print "Zone signed successfully\n";
#Getting the DNSKEY record
my $ksk_dnskey=$session->get(
object => "Infoblox::DNS::Record::DNSKEY",
flags => 257,
name => "domain.com",
view => "default"
);
unless($ksk_dnskey) {
die("Getting ksk_dnskey failed: ",
Infoblox::status_code() . ":" . Infoblox::status_detail());
}
print "Got Key-signing key DNSKEY record successfully\n";
print "Key value: ".$ksk_dnskey->public_key()."\n";
my $zsk_dnskey=$session->get(
object => "Infoblox::DNS::Record::DNSKEY",
flags => 256,
name => "domain.com",
view => "default"
);
unless($zsk_dnskey) {
die("Getting zsk_dnskey failed: ",
Infoblox::status_code() . ":" . Infoblox::status_detail());
}
print "Got Zone-signing key DNSKEY record successfully\n";
print "Key value: ".$zsk_dnskey->public_key()."\n";
#Searching for DNSKEY object
my @retrieved_objs=$session->search(
object => "Infoblox::DNS::Record::DNSKEY",
name => ".*com",
view => "default"
);
unless(@retrieved_objs>0) {
die("Searching for DNSKEY objects failed: ",
Infoblox::status_code() . ":" . Infoblox::status_detail());
}
#Removing the created zone and cleaning up the view
$session->remove($zone)
or die("Unable to remove the zone: ",
Infoblox::status_code() . ":" . Infoblox::status_detail());
print "Zone removed successfully\n";
$default_view->dnssec_enabled("false")
&& $default_view->override_dnssec("false")
&& $session->modify($default_view)
or die("Restoring dnssec_enabled value in the default view failed: ",
Infoblox::status_code() . ":" . Infoblox::status_detail());
####PROGRAM ENDS####
Infoblox Inc. http://www.infoblox.com/
Infoblox::Session, Infoblox::Session->get(), Infoblox::Session->search(), Infoblox::DNS::Record::DS, Infoblox::DNS::Record::RRSIG, Infoblox::DNS::View, Infoblox::DNS::Zone
Copyright (c) 2017 Infoblox Inc.