GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
TSIG LOCAL TSIG

ns_sign, ns_sign_tcp, ns_sign_tcp_init, ns_verify, ns_verify_tcp, ns_verify_tcp_init, ns_find_tsig
TSIG system

int
ns_sign(u_char *msg, int *msglen, int msgsize, int error, void *k, const u_char *querysig, int querysiglen, u_char *sig, int *siglen, time_t in_timesigned);

int
ns_sign_tcp(u_char *msg, int *msglen, int msgsize, int error, ns_tcp_tsig_state *state, int done);

int
ns_sign_tcp_init(void *k, const u_char *querysig, int querysiglen, ns_tcp_tsig_state *state);

int
ns_verify(u_char *msg, int *msglen, void *k, const u_char *querysig, int querysiglen, u_char *sig, int *siglen, time_t in_timesigned, int nostrip);

int
ns_verify_tcp(u_char *msg, int *msglen, ns_tcp_tsig_state *state, int required);

int
ns_verify_tcp_init(void *k, const u_char *querysig, int querysiglen, ns_tcp_tsig_state *state);

u_char *
ns_find_tsig(u_char *msg, u_char *eom);

The TSIG routines are used to implement transaction/request security of DNS messages.

ns_sign() and ns_verify() are the basic routines. ns_sign_tcp() and ns_verify_tcp() are used to sign/verify TCP messages that may be split into multiple packets, such as zone transfers, and ns_sign_tcp_init(), ns_verify_tcp_init() initialize the state structure necessary for TCP operations. ns_find_tsig() locates the TSIG record in a message, if one is present.

ns_sign()

the incoming DNS message, which will be modified
the length of the DNS message, on input and output
the size of the buffer containing the DNS message on input
the value to be placed in the TSIG error field
the (DST_KEY *) to sign the data
for a response, the signature contained in the query
the length of the query signature
a buffer to be filled with the generated signature
the length of the signature buffer on input, the signature length on output

ns_sign_tcp()

the incoming DNS message, which will be modified
the length of the DNS message, on input and output
the size of the buffer containing the DNS message on input
the value to be placed in the TSIG error field
the state of the operation
non-zero value signifies that this is the last packet

ns_sign_tcp_init()

the (DST_KEY *) to sign the data
for a response, the signature contained in the query
the length of the query signature
the state of the operation, which this initializes

ns_verify()

the incoming DNS message, which will be modified
the length of the DNS message, on input and output
the (DST_KEY *) to sign the data
for a response, the signature contained in the query
the length of the query signature
a buffer to be filled with the signature contained
the length of the signature buffer on input, the signature length on output
non-zero value means that the TSIG is left intact

ns_verify_tcp()

the incoming DNS message, which will be modified
the length of the DNS message, on input and output
the state of the operation
non-zero value signifies that a TSIG record must be present at this step

ns_verify_tcp_init()

the (DST_KEY *) to verify the data
for a response, the signature contained in the query
the length of the query signature
the state of the operation, which this initializes

ns_find_tsig()

the incoming DNS message
the length of the DNS message

ns_find_tsig() returns a pointer to the TSIG record if one is found, and NULL otherwise.

All other routines return 0 on success, modifying arguments when necessary.

ns_sign() and ns_sign_tcp() return the following errors:

bad input data
The key was invalid, or the signing failed
the message buffer is too small.

ns_verify() and ns_verify_tcp() return the following errors:

bad input data
The message is malformed
The message does not contain a TSIG record
The TSIG original ID field does not match the message ID
Verification failed due to an invalid key
Verification failed due to an invalid signature
Verification failed due to an invalid timestamp
Verification succeeded but the message had an error of BADKEY
Verification succeeded but the message had an error of BADSIG
Verification succeeded but the message had an error of BADTIME

resolver(3).

Brian Wellington, TISLabs at Network Associates
January 1, 1996 BSD 4

Search for    or go to Top of page |  Section other |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.