net::dns::sec::tools::trustanchor(3pm) [debian man page]
Net::DNS::SEC::Tools::TrustAnchor(3pm) User Contributed Perl Documentation Net::DNS::SEC::Tools::TrustAnchor(3pm)NAME
Net::DNS::SEC::Tools::TrustAnchor - base class for TA repositories
SYNOPSIS
This is a base class for multiple types of trustanchor repositories that know how to read, write, and modify trust anchor repositories.
This package serves as both a API wrapper around a set of trust anchors as well as a base class for packages that need to read/write trust
anchor sets into different formats.
Trust Anchors may be either DNSKEY records or DS references.
XXX: more documentation needed
API
Usage API defined by this module or sub-modules.
Note that:
use Net::DNS::SEC::Tools::TrustAnchor;
is assumed to have imported some of the API routines mentioned below.
$tar = new Net::DNS::SEC::Tools::TrustAnchor();
Initializes a new collection of trust anchors.
$module = load_module("type");
Dynamically attemps to load a TrustAnchor reader/writer sub-class of Net::DNS::SEC::Tools::TrustAnchor named "Type" and return an
instance of it.
All sub-classes are assumed to contain a single letter upper-case class name followed by all lower case. Any modules otherwise named
will fail to load using this routine.
$module = parse_component("type:file");
This parses a type and file specification consisting of type separated by a colon (':') followed by a file-name path. It will then
load the type module using the load_module() rotine and return the type, the file and extra options.
XXX: option parsing support not yet complete and will likely change the type:file format specification; I.E. the type:file formatting
specification will likely change in the future and should be considered alpha-level support.
$tar = $module->read($location, $options);
Reads in a given TAR from a $location reference and returns a blessed copy of the Net::DNS::SEC::Tools::TrustAnchor object containing
all the data.
This function may be over-ridden by a sub-class.
$tar = $module->read($location, $options);
Reads in a given TAR from a $location reference and returns an unblessed hash the contents. The read() function merely wraps around
this and blesses it after being returned.
Sub-modules must over-ride this function (and/or the read() function) if they expect the module to support loading.
$tar->merge(@others)
Merges the @other array of trust anchors into the $tar object's own trust anchor list.
AUTHOR
Wes Hardaker <hardaker ATTA users.sourceforge DOTTTY net>
SEE ALSO convertar(1)perl v5.14.2 2012-06-28 Net::DNS::SEC::Tools::TrustAnchor(3pm)
Check Out this Related Man Page
CONVERTAR(1p) User Contributed Perl Documentation CONVERTAR(1p)NAME
convertar - Converts trust anchor repositories from one format to another
DESCRIPTION
convertar operates on input and output files of different Trust Anchor Repository (TAR) formats. convertar decides what type of file
format is being referred to by a "type:filename" specification. Options can be passed to the convertar module by using a '/' delimited
specifier in the type identifier. Such as "type/option=value/other=othervalue:filename". See below for a list of different input and
output formats that convertar understands by default and what options they take.
See the Net::DNS::SEC::Tools::TrustAnchor module and its documentation for writing new plugins to allow convertar to understand other TAR
formats.
EXAMPLES
This command will read in an itar.xml file (available from https://itar.iana.org/) and convert it to a file that can be read in by BIND's
named application:
# convertar -i itar:itar.xml -o bind:bind.conf
Read in multiple files, merge them together and write them out to two different output file formats (the libval format is printed to
stdout):
# convertar -i itar:itar.xml,csv:local.csv -o bind:bind.conf,libval:-
FILE SPECIFICATION CONVENTIONS
Types and files (e.g. for the -i and -o switches) are specificied using the following format:
type:/path/to/file
The type portion of the specification dictates what internal module will attempt to read in the file. The file portion of the
specification may or may not be required (but the ':' always is) and may or may not point to a real file, depending on the module in charge
of the content. Some modules may, for exmaple, load content from the network. For types that can read and write to a file, a '-' may be
specified as a file to print to or read from standard output.
File formats MAY be infered from a trailing suffix, if the trailing suffix. EG, if a referenced file is foo.csv then internally convertar
will translate this to "csv:foo.csv".
FILE FORMATS
The following file formats are known by default to convertar:
bind
A BIND name server (named) compatible trust anchor configuration file. This can be included within a master named.conf file using the
"include" directive.
The bind option can also take a /write_expectations=1 flag when writing to write an options {} section that will turn on dnssec and
require validation for zones from all the imported data.
E.G. bind/write_expectations=1:named.conf
secspider
This is merely an alias that fetches the specspider (http://secspider.cs.ucla.edu/) bind configuration file and then parse it using the
bind file format.
WARNING: The PGP signature on the downloaded file is NOT checked.
csv A comma-separated list format.
dump
A Perl hash dump format. This should be used mostly for debugging of newly developed modules as it shows the internal hash structure
that is passed between modules.
itar
IANA's itar format, which is an XML-based format of trust anchor keys. IANA's file is available from https://itar.iana.org/.
Specifying only 'itar:' line only (or itar:URL), convertar will attempt to retrieve the current remote ITAR respository file directly.
WARNING: The PGP signature on the downloaded file is NOT checked.
NOTE: support for downloading the ITAR repository over the network requires the LWP::UserAgent module to be installed.
libval
The libval format is the configuration file format that DNSSEC-Tool's libval library uses.
The libval option can also take a /write_expectations=1 flag when writing to specify that the default (:) zone-security-expectation's
should be populated to require validation of all the zones with imported data. All other zones will have a policy set to 'ignore.
E.G. libval/write_expectations=1:dnsval.conf
mf The master file (mf) format is also available from the itar web site.
dns The dns format performs live queries of records attached to a domain name to request either DS or DNSKEY records. By default, DNSKEY
records will be queried. The specific type to be queried can be specified by preceeding the zone name with a "ds/" or "dnskey/"
prefix. Example valid 'dns:' type specifications:
dns:dnssec-tools.org
dns:ds/dnssec-tools.org
dns:dnskey/dnssec-tools.org
Also, if you want to read dnskeys from the network but convert them to ds records, you can use the /tods flag:
dns/tods=1:dnssec-tools.org
The DNS type can not output records and is only useful for reading in information.
WARNING: The keys and data being retrieved are not internally validated and thus should not be trusted unless a secured resolver is
being used.
OPTIONS -i STRING
--input-file=STRING
Input file(s) to process.
convertar will read in the specified file(s). Multiple files can be separated by commas.
-o STRING
--output-file=STRING
Output file(s) to write.
convertar will write out these specified file(s) in the requested output formats. Multiple files can be separated by commas.
-h
--help
--help-full
Displays command line help information.
--gui
--no-gui
Controls the use of the optional GUI.
COPYRIGHT
Copyright 2009-2012 SPARTA, Inc. All rights reserved. See the COPYING file included with the DNSSEC-Tools package for details.
AUTHOR
Wes Hardaker < hardaker AT users DOT sourceforge DOT net >
SEE ALSO Net::DNS::SEC::Tools::TrustAnchor(3)perl v5.14.2 2012-06-21 CONVERTAR(1p)