Infoblox::DNS::Record::NSEC - NSEC Record object
The NSEC resource record is one of the resource records included in the DNS security extension mechanism (DNSSEC). This record is used to provide authenticated denial of existence of a resource record in responce to a resolver query.
The NSEC record is defined in RFC 4034.
The NSEC records are automatically generated upon the signing of an authoritative zone. The NSEC Record object is read-only.
The Infoblox::DNS::Record::NSEC object is a read-only object and does not require manual construction.
This section describes all the methods in an Infoblox::Session that can be applied to an NSEC Record object.
Use this method to retrieve the existing objects from an Infoblox appliance. See Infoblox::Session->get() for parameters and return values.
Apply the following attributes to get the NSEC Record object(s):
name - Optional. FQDN of the NSEC record (.e., FQDN of the owning RRset).
next_domain_name - Optional. Next owner name (in the canonical ordering of the zone) that has authoritative data
ttl - Optional. TTL value for the record
types - Optional. Identifies the RRset types that exists at the NSEC RR's owner name
view - Optional. The DNS view in which the record is located. By default, all DNS views are searched. But if you omit this attribute and specify a zone, the appliance searches the 'default' view only.
zone - Optional. A zone name in FQDN format.
#get an NSEC record by name, DNS view name and record type my $nsec=$session->get( object => "Infoblox::DNS::Record::NSEC", name => "a_record.test.com", types => "A", view => "default" );
Use this method to retrieve the existing objects from an Infoblox appliance. See Infoblox::Session->search() for parameters and return values.
Apply the following attributes to search the NSEC Record object(s):
name - Optional. FQDN of the NSEC record. Regular expression.
next_domain_name - Optional. Next owner name (in the canonical ordering of the zone) that has authoritative data (regular expression).
ttl - Optional. TTL value for the record.
types - Optional. Identifies the RRset types that exist at the NSEC RR's owner name (regular expression)
view - Optional. The DNS view in which the record is located. By default, all DNS views are searched. But if you omit this attribute and specify a zone, the appliance searches the 'default' view only.
zone - Optional. A zone name in FQDN format.
#search for all NSEC records that match the regular expression for name and record type my @retrieved_objs=$session->search( object => "Infoblox::DNS::Record::NSEC", name => "rec.*[.]test[.]com", types => "A|MX", );
# search for all NSEC records in the "domain.com" zone of the default DNS view # Note that the 'default' view is assumed implicitly here my @retrieved_objs = $session->search( object => "Infoblox::DNS::Record::NSEC", zone => "domain.com", );
This section describes all the methods that can be used to retrieve the attribute values of an NSEC Record object.
Use this method to retrieve cloud API related information for the Infoblox::DNS::Record::NSEC object.
None
The method returns the attribute value.
# Get cloud_info my $cloud_info = $object->cloud_info();
Use this method to retrieve the NSEC record creator. This is a read-only attribute.
None
The method returns the attribute value.
# Get attribute value my $value = $object->creator();
Use this method to retrieve the FQDN, in punycode format, of the NSEC record. This is a read-only attribute.
None
The method returns the attribute value.
# Get attribute value my $value = $nsec->dns_name();
Use this method to retrieve the next owner name in punycode format. This is a read-only attribute.
None
The method returns the attribute value.
# Get attribute value my $value = $nsec->dns_next_domain_name();
Use this method to retrieve the FQDN of the NSEC record (which is the same as the name of the owning record).
The attribute value can be in unicode format.
none
The method returns the FQDN of the NSEC record attribute value.
#Get the FQDN of the NSEC record my $name = $nsec->name();
Use this method to retrieve the next owner name, in the canonical order of the zone, that has authoritative data.
The attribute value can be in unicode format.
none
The method returns the next owner name (in the canonical ordering of the zone) that has authoritative data. The returned data is a string in FQDN format.
#Get next owner name (in the canonical ordering of the zone) that has authoritative data my $next_domain_name = $nsec->next_domain_name();
Use this method to retrieve the Time to Live (TTL) value of an NSEC record object.
none
The method returns the TTL attribute value. The returned parameter is a 32-bit integer (range from 0 to 4294967295) that represents the duration, in seconds, that the record is cached. Zero indicates that the record should not be cached.
#Get TTL my $ttl = $nsec->ttl();
Use this method to retrieve the types field of an NSEC record. This field identifies the RRSet types that exist at the original owner name of the NSEC RR.
none
The method returns the RRSet types that exist at the owner name of the NSEC RR attribute value. The returned value is a string containing RR type mnemonics separated by a space; for example, "NS SOA RRSIG DNSKEY".
#Get the types field value my $types = $nsec->types();
Use this method to retrieve the DNS view object that contains the NSEC Record object.
none
The method returns the Infoblox::DNS::View object that contains the NSEC record.
#Get the view my $view = $nsec->view();
Use this method to retrieve the zone name of an NSEC record.
none
Returns the zone name in FQDN format.
# Get zone my $zone = $nsec->zone();
The following sample code demonstrates the session methods on an NSEC record object.
#PROGRAM STARTS: Include all the modules that will be used use strict; use Infoblox;
#Create a session to the Infoblox appliance my $session = Infoblox::Session->new( master => "192.168.1.2", username => "admin", password => "infoblox" ); unless ($session) { die("Construct session failed: ", $session->status_code() . ":" . $session->status_detail()); } print "Session created successfully\n";
#Enable DNSSEC in the default view
my $default_view=$session->get(
object=> "Infoblox::DNS::View",
name => "default"
);
unless($default_view) {
die("Getting the default view failed:",
Infoblox::status_code() . ":" . Infoblox::status_detail());
}
print "Got the default view successfully\n";
$default_view->dnssec_enabled("true")
or die("Changing the dnssec_enabled in the default view failed:",
Infoblox::status_code() . ":" . Infoblox::status_detail());
$session->modify($default_view)
or die("Changing the dnssec_enabled in the default view failed:",
Infoblox::status_code() . ":" . Infoblox::status_detail());
#Create a signed zone and populate it with an A record to demonstrate NSEC record
print "Creating Member primary server for the zone\n";
my $primary=Infoblox::DNS::Member->new(
ipv4addr => "192.168.1.2",
name => "infoblox.localdomain",
);
unless($primary) {
die("Unable to create primary server object: ",
Infoblox::status_code() . ":" . Infoblox::status_detail());
}
my $zone = Infoblox::DNS::Zone->new(
name => "domain.com",
primary => $primary
);
unless ($zone) {
die("Construct zone failed: ",
Infoblox::status_code() . ":" . Infoblox::status_detail());
}
print "Zone object created successfully\n";
#Verify if the zone exists
my $object = $session->get(object => "Infoblox::DNS::Zone", name => "domain.com");
unless ($object) {
print "Zone does not exist on server, safe to add the zone\n";
$session->add($zone)
or die("Add zone failed: ",
$session->status_code() . ":" . $session->status_detail());
}
print "Zone added successfully\n";
#Adding A record to the zone to demonstrate the corresponding NSEC record
my $a_record=Infoblox::DNS::Record::A->new(
ipv4addr => "10.9.8.7",
name => "recorda.domain.com"
);
unless($a_record) {
die("Creating A record failed : ",
Infoblox::status_code() . ":" . Infoblox::status_detail());
}
$object = $session->get( object => "Infoblox::DNS::Record::A", name => "recorda.domain.com" );
unless ($object) {
print "A record does not exist on the server, safe to add the A record\n";
$session->add($a_record)
or die("Adding A record failed: ",
Infoblox::status_code() . ":" . Infoblox::status_detail());
}
print "A record added to the zone successfully\n";
#Retrieving zone back from the server in order to sign it
$zone = $session->get(object => "Infoblox::DNS::Zone", name => "domain.com");
unless($zone) {
die("Retrieving zone back failed: ",
Infoblox::status_code( ). ":". Infoblox::status_detail( ));
}
print "Zone retrieved for signing successfully.\n";
$zone->dnssec_ksk_algorithm("RSASHA1") &&
$zone->dnssec_zsk_algorithm("RSASHA1") &&
$zone->dnssec_ksk_size(640) &&
$zone->dnssec_zsk_size(640)
or die("Changing the zone DNSSEC setting failed: ",
Infoblox::status_code() . ":" . Infoblox::status_detail());
$session->modify($zone)
or die("Modifying dnssec values in zone failed: ",
Infoblox::status_code() . ":" . Infoblox::status_detail());
print "Zone modified successfully\n";
#Signing the zone
$zone->dnssec_signed("true")
or die("Signing of the zone failed: ",
Infoblox::status_code() . ":" . Infoblox::status_detail());
print "Zone signed successfully\n";
#Getting the NSEC record corresponding to the A record
my $nsec_record_a=$session->get(
object => "Infoblox::DNS::Record::NSEC",
name => "recorda.domain.com",
view => "default"
);
unless($nsec_record_a) {
die("Getting NSEC corresponding to the A record failed: ",
Infoblox::status_code() . ":" . Infoblox::status_detail());
}
print "Got NSEC record successfully, next_domain_name value: ".$nsec_record_a->next_domain_name()."\n";
#Searching for NSEC objects using regular expressions
my @retrieved_objs=$session->search(
object => "Infoblox::DNS::Record::NSEC",
name => ".*domain[.]com",
types => "A|MX|SOA",
view => "default"
);
unless(@retrieved_objs>0) {
die("Searching for NSEC objects failed: ",
Infoblox::status_code() . ":" . Infoblox::status_detail());
}
print "Search for the NSEC objects successful, ".scalar(@retrieved_objs)." objects found\n";
#Removing the created zone and cleaning up the view
$session->remove($zone)
or die("Unable to remove the zone: ",
Infoblox::status_code() . ":" . Infoblox::status_detail());
print "Zone removed successfully\n";
$default_view->dnssec_enabled("false")
&& $default_view->override_dnssec("false")
&& $session->modify($default_view)
or die("Restoring dnssec_enabled value in the default view failed: ",
Infoblox::status_code() . ":" . Infoblox::status_detail());
####PROGRAM ENDS####
Infoblox Inc. http://www.infoblox.com/
Infoblox::Session, Infoblox::Session->get(), Infoblox::Session->search(), Infoblox::DNS::Record::NSEC3, Infoblox::DNS::Record::NSEC3PARAM, Infoblox::DNS::View, Infoblox::DNS::Zone
Copyright (c) 2017 Infoblox Inc.