/usr/share/doc/kamailio/modules/README.dnssec is in kamailio-dnssec-modules 4.3.4-1.1ubuntu2.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 | Dnssec Module
Marius Zbihlei
Copyright © 2013
__________________________________________________________________
Table of Contents
1. Admin Guide
1. Overview
2. Dependencies
2.1. Kamailio Modules
2.2. External Libraries or Applications
3. Parameters
3.1. general_query_flags (integer)
List of Examples
1.1. Set enable_full_lr parameter
Chapter 1. Admin Guide
Table of Contents
1. Overview
2. Dependencies
2.1. Kamailio Modules
2.2. External Libraries or Applications
3. Parameters
3.1. general_query_flags (integer)
1. Overview
The module replaces the common system dns resolver functions from core
with the DNSSEC wrappers provided by libval. Practically, by loading
the module, Kamailio will make use of extensions to DNS which provide
origin authentication of DNS data, authenticated denial of existence,
and data integrity.
There is no module parameter that should be set nor fuction that has to
be executed by the configuration file. Existing SIP server deployments
can be updated to use DNSSEC by loading this module and setting
appropriate DNS server to the operating system.
Installing libval can be done from https://www.dnssec-tools.org.
More details about DNSSEC are available at:
http://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions.
2. Dependencies
2.1. Kamailio Modules
2.2. External Libraries or Applications
2.1. Kamailio Modules
The following modules must be loaded before this module:
* No dependencies on other Kamailio modules.
2.2. External Libraries or Applications
The following libraries or applications must be installed before
running Kamailio with this module loaded:
* libval - check https://www.dnssec-tools.org for installation
guidelines.
3. Parameters
3.1. general_query_flags (integer)
3.1. general_query_flags (integer)
Set this parameter to an integer value containing of an ORed result of
one or more of the following values (constant present only for
documentation process, as they are mostly mapped to libval
flags).Setting this parameter will cause the libval defaults to be
completely overwritten
QUERY_DONT_VALIDATE == 1<<0 causes the validator to disable validation
for this query.
QUERY_IGNORE_SKEW == 1<<1 causes the validator to disable checking
signature inception and expiration times on RRSIGs.
QUERY_AC_DETAIL == 1<<2 causes the validator to copy the authentication
chain details into the val_rc_answer member within the returned
val_result_chain structure.
QUERY_NO_DLV == 1<<3 causes the validator to disable DLV processing for
this query. This is only available if the libval(3) library has been
compiled with DLV support.
QUERY_NO_EDNS0_FALLBACK = 1<<4 In querying various name servers,
libsres will also attempt multiple EDNS0 sizes, ending with a query
that has EDNS0 disabled (i.e. no CD bit set). This option causes libval
to disable EDNS0 fallback for the query.
QUERY_RECURSE == 1<<5 forces libval to recursively answer the query by
iteratively querying various name servers in the delegation hierarchy,
instead of requesting this information from any caching name server
that may be configured in dnsval.conf
SKIP_RESOLVER == 1<<6 forces libval to only look at its cache while
trying to resolve a name.
SKIP_CACHE == 1<<7 forces libval to ignore cached data while trying to
resolve a name.
Default value is 0(no changes)
Example 1.1. Set enable_full_lr parameter
...
modparam("dnssec", "general_query_flags", 1) # QUERY_DONT_VALIDATE disable vali
dation
modparam("dnssec", "general_query_flags", 10) # QUERY_IGNORE_SKEW | QUERY_NO_DLV
...
|