Infoblox::DNS::NSEC3PARAM - NSEC3PARAM Record object
The NSEC3PARAM resource record is one of the resource records of the DNS security extension (DNSSEC) authentication mechanism. The NSEC3PARAM RR contains the NSEC3 parameters (hash algorithm, flags, iterations, and salt) needed by authoritative servers to calculate hashed owner names for NSEC3 records. The NSEC3PARAM record is present at the apex of the DNSSEC-signed authoritative zone.
The NSEC3PARAM resource record is desribed in RFC 5155.
The NSEC3PARAM record is generated automatically upon the signing of the corresponding zone. It is a read-only object.
The Infoblox::DNS::NSEC3PARAM object is a read-only object and does not require manual construction.
This section describes all the methods in an Infoblox::Session that can be applied to an NSEC3PARAM Record object.
Use this method to retrieve the existing objects from an Infoblox appliance. See Infoblox::Session->get() for parameters and return values.
Apply the following attributes to get the NSEC3PARAM Record object(s):
flags - Optional. Integer containing 8 one-bit flags that can be used to indicate different processing.
hash_algorithm - Optional. Integer representing the cryptographic hash algorithm.
iterations - Optional. Number of additional times the hash function has been performed.
name - Optional. FQDN of the NSEC3PARAM record owner (zone name).
salt - Optional. Salt value.
ttl - Optional. TTL of the record.
view - Optional. The DNS view in which the record is located. By default, all DNS views are searched. But if you omit this attribute and specify a zone, the appliance searches the 'default' view only.
zone - Optional. A zone name in FQDN format.
#get the NSEC3PARAM record for the zone 'test.com' my $nsec3param=$session->get( object => "Infoblox::DNS::Record::NSEC3PARAM", name => "test.com" );
#get all the NSEC3PARAM records for the default DNS view my @retrieved_objs=$session->get( object => "Infoblox::DNS::Record::NSEC3PARAM", view => "default" );
Use this method to retrieve the existing objects from an Infoblox appliance. See Infoblox::Session->search() for parameters and return values.
Apply the following attributes to search the NSEC3PARAM Record object(s):
flags - Optional. Integer containing 8 one-bit flags that can be used to indicate different processing.
hash_algorithm - Optional. Integer representing the cryptographic hash algorithm.
iterations - Optional. Number of additional times the hash function has been performed.
name - Optional. FQDN of the NSEC3PARAM record owner (zone name). Regular expression.
salt - Optional. Salt value (regular expression).
ttl - Optional. TTL of the record.
view - Optional. The DNS view in which the record is located. By default, all DNS views are searched. But if you omit this attribute and specify a zone, the appliance searches the 'default' view only.
zone - Optional. A zone name in FQDN format.
# search for all NSEC3PARAM records in the "domain.com" zone of the default DNS view # Note that the 'default' DNS view is assumed implicitly here my @retrieved_objs = $session->search( object => "Infoblox::DNS::Record::NSEC3PARAM", zone => "domain.com", );
This section describes all the methods that can be used to retrieve the attribute values of an NSEC3PARAM Record object.
Use this method to retrieve cloud API related information for the Infoblox::DNS::NSEC3PARAM object.
None
The method returns the attribute value.
# Get cloud_info my $cloud_info = $object->cloud_info();
Use this method to retrieve the NSEC3PARAM record creator. This is a read-only attribute.
None
The method returns the attribute value.
# Get attribute value my $value = $object->creator();
Use this method to retrieve the owner name, in punycode format, of the NSEC3PARAM record. This is a read-only attribute.
None
The method returns the attribute value.
# Get attribute value my $value = $nsec3param->dns_name();
Use this method to retrieve the flags field of an NSEC3PARAM Record object.
none
The method returns the integer that contains 8 one-bit flags that can be used to indicate different processing. Currently only the least significant bit of the flags field is meaningful. It represents the opt-out flag, which is used to determine the processing of non-secure delegations.
#Get the flags field. my $flags = $nsec3param->flags();
Use this method to retrieve the cryptographic hash algorithm used to construct the hash value of the corresponding NSEC3 Record objects.
none
The method returns an integer that corresponds to the cryptographic hash algorithm that is used to construct the hash value.
#Get hash algorithm my $hash_algorithm = $nsec3param->hash_algorithm();
Use this method to retrieve the number of iterations of the hash function performed to obtain the hashed name.
none
The method returns the number of additional times the hash function has been performed to compute the hash value. This is an integer in the range 0 through 65535, inclusive.
#Get the iterations parameter my $iterations = $nsec3param->iterations();
Use this method to retrieve the owner name of the NSEC3PARAM record in FQDN format. The name value of the NSEC3PARAM record is the same as the name of the zone that contains this record.
The attribute value can be in unicode format.
none
The method returns the name of the NSEC3PARAM record. This name is a zone name in FQDN format.
#Get the NSEC3PARAM name field my $name = $nsec3param->name();
Use this method to retrieve the salt value of an NSEC3PARAM record. The salt is used to calculate the hashed name of NSEC3 resource records to defend against pre-calculated dictionary attacks.
none
The method returns a salt value. The returned value is a string containing a sequence of hexadecimal digits representing the salt or '-' if the salt is not used.
#Get the salt my $salt = $nsec3param->salt();
Use this method to retrieve the Time to Live (TTL) value of an NSEC3PARAM Record object.
none
The method returns the TTL attribute value. The returned parameter is a 32-bit integer (range from 0 to 4294967295) that represents the duration, in seconds, that the record is cached. Zero indicates that the record should not be cached.
#Get TTL my $ttl = $nsec3param->ttl();
Use this method to retrieve the DNS view object that contains the NSEC3PARAM Record object.
none
The method returns the Infoblox::DNS::View object that contains the NSEC3PARAM record.
#Get the view my $view = $nsec3param->view();
Use this method to retrieve the zone name of an NSEC3PARAM record.
none
Returns the name of the zone that contains the given NSEC3PARAM record.
# Get zone my $zone = $nsec3param->zone();
The following sample code demonstrates the session methods on an NSEC3PARAM Record object.
#PROGRAM STARTS: Include all the modules that will be used use strict; use Infoblox;
#Create a session to the Infoblox appliance my $session = Infoblox::Session->new( master => $host_ip, username => "admin", password => "infoblox" ); unless ($session) { die("Construct session failed: ", $session->status_code() . ":" . $session->status_detail()); } print "Session created successfully\n";
#Enable DNSSEC in the default view
my $default_view=$session->get(
object=> "Infoblox::DNS::View",
name => "default"
);
unless($default_view) {
die("Getting the default view failed:",
Infoblox::status_code() . ":" . Infoblox::status_detail());
}
print "Got the default view successfully\n";
$default_view->dnssec_enabled("true")
or die("Changing the dnssec_enabled in the default view failed:",
Infoblox::status_code() . ":" . Infoblox::status_detail());
$session->modify($default_view)
or die("Changing the dnssec_enabled in the default view failed:",
Infoblox::status_code() . ":" . Infoblox::status_detail());
#Create a DNSSEC signed zone
print "Creating Member primary server for the zone\n";
my $primary=Infoblox::DNS::Member->new(
ipv4addr => $node_ip,
name => $host_name
);
unless($primary) {
die("Unable to create primary server object: ",
Infoblox::status_code() . ":" . Infoblox::status_detail());
}
my $zone = Infoblox::DNS::Zone->new(
name => "domain.com",
primary => $primary
);
unless ($zone) {
die("Construct zone failed: ",
Infoblox::status_code() . ":" . Infoblox::status_detail());
}
print "Zone object created successfully\n";
#Verify if the zone exists
my $object = $session->get(object => "Infoblox::DNS::Zone", name => "domain.com");
unless ($object) {
print "Zone does not exist on server, safe to add the zone\n";
$session->add($zone)
or die("Add zone failed: ",
$session->status_code() . ":" . $session->status_detail());
}
print "Zone added successfully\n";
#Retrieving zone back from the server in order to sign it
$zone = $session->get(object => "Infoblox::DNS::Zone", name => "domain.com");
unless($zone) {
die("Retrieving zone back failed: ",
Infoblox::status_code( ). ":". Infoblox::status_detail( ));
}
print "Zone retrieved for signing successfully.\n";
$zone->dnssec_ksk_algorithm("NSEC3RSASHA1") &&
$zone->dnssec_zsk_algorithm("NSEC3RSASHA1") &&
$zone->dnssec_ksk_size(640) &&
$zone->dnssec_zsk_size(640)
or die("Changing the zone DNSSEC setting failed: ",
Infoblox::status_code() . ":" . Infoblox::status_detail());
$session->modify($zone)
or die("Modifying dnssec values in zone failed: ",
Infoblox::status_code() . ":" . Infoblox::status_detail());
print "Zone modified successfully\n";
#Signing the zone
$zone->dnssec_signed("true")
or die("Signing of the zone failed: ",
Infoblox::status_code() . ":" . Infoblox::status_detail());
print "Zone signed successfully\n";
#Getting the NSEC3PARAM record by zone name
my $nsec3param=$session->get(
object => "Infoblox::DNS::Record::NSEC3PARAM",
name => "domain.com",
view => "default"
);
unless($nsec3param) {
die("Getting NSEC3PARAM record failed: ",
Infoblox::status_code() . ":" . Infoblox::status_detail());
}
print "Got NSEC3PARAM record successfully.\n";
#Searching for NSEC3PARAM objects using regular expressions
my @retrieved_objs=$session->search(
object => "Infoblox::DNS::Record::NSEC3PARAM",
name => ".*com",
salt => ".*",
iterations => 100,
view => "default"
);
unless(@retrieved_objs>0) {
die("Searching for NSEC3PARAM objects failed: ",
Infoblox::status_code() . ":" . Infoblox::status_detail());
}
print "Search for the NSEC3PARAM objects successful, ".scalar(@retrieved_objs)." objects found\n";
#Removing the created zone and cleaning up the view
$session->remove($zone)
or die("Unable to remove the zone: ",
Infoblox::status_code() . ":" . Infoblox::status_detail());
print "Zone removed successfully\n";
$default_view->dnssec_enabled("false")
&& $default_view->override_dnssec("false")
&& $session->modify($default_view)
or die("Restoring dnssec_enabled value in the default view failed: ",
Infoblox::status_code() . ":" . Infoblox::status_detail());
####PROGRAM ENDS####
Infoblox Inc. http://www.infoblox.com/
Infoblox::Session, Infoblox::Session->get(), Infoblox::Session->search(), Infoblox::DNS::Record::NSEC3, Infoblox::DNS::View, Infoblox::DNS::Zone
Copyright (c) 2017 Infoblox Inc.