equal
deleted
inserted
replaced
1 package DNSSec; |
|
2 use v5.14; |
|
3 use strict; |
|
4 use warnings; |
|
5 use Net::DNS::SEC::Keyset; |
|
6 use base 'Exporter'; |
|
7 |
|
8 our @EXPORT_OK = qw(keyset ksk keyinfo); |
|
9 |
|
10 |
|
11 sub keyset { |
|
12 my %arg = %{+shift} if ref $_[0] eq ref {}; |
|
13 my $domain = shift; |
|
14 |
|
15 my $resolver = Net::DNS::Resolver->new( |
|
16 $arg{-server} ? (nameservers => [$arg{-server}]) : ()); |
|
17 $resolver->dnssec(1); |
|
18 |
|
19 my $keys = $resolver->query($domain => (DNSKEY => 'IN')) |
|
20 or die $resolver->errorstring; |
|
21 |
|
22 my $ks = Net::DNS::SEC::Keyset->new($keys) |
|
23 or die $Net::DNS::SEC::Keyset::keyset_err; |
|
24 return $ks; |
|
25 } |
|
26 |
|
27 sub ksk { |
|
28 return grep { $_->flags & 0x1 } @_; |
|
29 } |
|
30 |
|
31 sub keyinfo { |
|
32 my $ks = keyset @_; |
|
33 my @keyinfo; |
|
34 foreach my $k (ksk $ks->keys) { |
|
35 my %keyinfo; |
|
36 $keyinfo{key} = $k; |
|
37 $keyinfo{digest} = Net::DNS::RR::DS->create($k, digtype => 'SHA-256'); |
|
38 push @keyinfo, \%keyinfo; |
|
39 } |
|
40 return @keyinfo; |
|
41 } |
|
42 |
|
43 1; |
|