Net::DNS::SEC::Tools::conf.3pm

Langue: en

Autres versions - même langue

Version: 2008-10-13 (debian - 07/07/09)

Section: 3 (Bibliothèques de fonctions)

Sommaire

NAME

Net::DNS::SEC::Tools::conf - DNSSEC-Tools configuration routines.

SYNOPSIS

   use Net::DNS::SEC::Tools::conf;
 
   %dtconf = parseconfig();
 
   %dtconf = parseconfig("localzone.keyrec");
 
   cmdcheck(\%options_hashref);
 
   $prefixdir = getprefixdir();
 
   $confdir = getconfdir();
 
   $conffile = getconffile();
 
   $statedir = getlocalstatedir();
 
   erraction(ERR_MSG);
   err("unable to open keyrec file",1);

DESCRIPTION

The routines in this module perform configuration operations. Some routines access the DNSSEC-Tools configuration file, while others validate the execution environment.

The DNSSEC tools have a configuration file for commonly used values. These values are the defaults for a variety of things, such as encryption algorithm and encryption key length. The Net::DNS::SEC::Tools::conf module provides methods for accessing the configuration data in this file.

dnssec-tools.conf is the filename for the DNSSEC tools configuration file. The full path depends on how DNSSEC-Tools was configured; see the DIRECTORIES section for the complete path. The paths required by conf.pm are set at DNSSEC-Tools configuration time.

The DNSSEC tools configuration file consists of a set of configuration value entries, with only one entry per line. Each entry has the ``keyword value'' format. During parsing, the line is broken into tokens, with tokens being separated by spaces and tabs. The first token in a line is taken to be the keyword. All other tokens in that line are concatenated into a single string, with a space separating each token. The untokenized string is added to a hash table, with the keyword as the value's key.

Comments may be included by prefacing them with the '#' or ';' comment characters. These comments can encompass an entire line or may follow a configuration entry. If a comment shares a line with an entry, value tokenization stops just prior to the comment character.

An example configuration file follows:

     # Sample configuration entries.
 
     algorithm       rsasha1     # Encryption algorithm.
     ksk_length      1024        ; KSK key length.

Another aspect of DNSSEC-Tools configuration is the error action used by the DNSSEC-Tools Perl modules. The action dictates whether an error condition will only give an error return, print an error message to STDERR, or print an error message and exit. The erraction() and err() interfaces are used for these operations.

INTERFACES

parseconfig()
This routine reads and parses the system's DNSSEC tools configuration file. The parsed contents are put into a hash table, which is returned to the caller.
parseconfig(conffile)
This routine reads and parses a caller-specified DNSSEC tools configuration file. The parsed contents are put into a hash table, which is returned to the caller. The routine quietly returns if the configuration file does not exist.
cmdcheck(\%options_hashref)
This routine ensures that the needed commands are available and executable. If any of the commands either don't exist or aren't executable, then an error message will be given and the process will exit. If all is well, everything will proceed quietly onwards.

The commands keys currently checked are zonecheck, keygen, and zonesign. The pathnames for these commands are found in the given options hash referenced by %options_hashref. If the hash doesn't contain an entry for one of those commands, it is not checked.

getconfdir()
This routine returns the name of the DNSSEC-Tools configuration directory.
getconffile()
This routine returns the name of the DNSSEC-Tools configuration file.
getprefixdir()
This routine returns the name of the DNSSEC-Tools prefix directory.
getlocalstatedir()
This routine returns the name of the local state directory.
erraction(error_action)
This interface sets the error action for DNSSEC-Tools Perl modules. The valid actions are: 
     ERR_SILENT          Do not print an error message, do not exit.
     ERR_MSG             Print an error message, do not exit.
     ERR_EXIT            Print an error message, exit.

ERR_SILENT is the default action.

The previously set error action is returned.

err("error message",exit_code
The err() interface is used by the DNSSEC-Tools Perl modules to report an error and exit, depending on the error action.

The first argument is an error message to print --- if the error action allows error messages to be printed.

The second argument is an exit code --- if the error action requires that the process exit.

DIRECTORIES

The default directories for this installation are: 
   prefix                         : /usr
   sysconf                        : /etc
   DNSSEC-Tools configuration file: /etc/dnssec-tools
Copyright 2004-2008 SPARTA, Inc. All rights reserved. See the COPYING file included with the DNSSEC-Tools package for details.

AUTHOR

Wayne Morrison, tewok@users.sourceforge.net

SEE ALSO

dnssec-tools.conf(5)