Skip to content

Commit c3942d1

Browse files
spweispwei
authored
Merge branch 'dnsjava:master' into master
2 parents 8e32f8f + 978a61b commit c3942d1

377 files changed

Lines changed: 63537 additions & 363 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

Changelog

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,11 @@
1+
02/05/2022
2+
- Add full built-in support for DNSSEC based on dnssecjava (#209)
3+
- Make Record classes serializable again (#242)
4+
- Allow SVCB ServiceMode records without params
5+
(#244, @adam-stoler)
6+
- Fix TCPClient receive timeouts
7+
(#218 @nguydavi, #219)
8+
19
12/05/2021
210
- 3.4.3 released
311
- Fix handling of buffers in DNSInput

EXAMPLES.md

Lines changed: 66 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -122,3 +122,69 @@ for (int i = 0; i < n.labels(); i++) {
122122
System.out.println(n.getLabelString(i));
123123
}
124124
```
125+
126+
## DNSSEC Resolver
127+
128+
```java
129+
import java.io.*;
130+
131+
import java.nio.charset.StandardCharsets;
132+
import org.xbill.DNS.*;
133+
134+
public class ResolveExample {
135+
136+
static String ROOT = ". IN DS 20326 8 2 E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D";
137+
138+
public static void main(String[] args) throws Exception {
139+
// Send two sample queries using a standard resolver
140+
SimpleResolver sr = new SimpleResolver("4.2.2.1");
141+
System.out.println("Standard resolver:");
142+
sendAndPrint(sr, "www.dnssec-failed.org.");
143+
sendAndPrint(sr, "www.isc.org.");
144+
145+
// Send the same queries using the validating resolver with the
146+
// trust anchor of the root zone
147+
// http://data.iana.org/root-anchors/root-anchors.xml
148+
ValidatingResolver vr = new ValidatingResolver(sr);
149+
vr.loadTrustAnchors(new ByteArrayInputStream(ROOT.getBytes(StandardCharsets.US_ASCII)));
150+
System.out.println("\n\nValidating resolver:");
151+
sendAndPrint(vr, "www.dnssec-failed.org.");
152+
sendAndPrint(vr, "www.isc.org.");
153+
}
154+
155+
private static void sendAndPrint(Resolver vr, String name) throws IOException {
156+
System.out.println("\n---" + name);
157+
Record qr = Record.newRecord(Name.fromConstantString(name), Type.A, DClass.IN);
158+
Message response = vr.send(Message.newQuery(qr));
159+
System.out.println("AD-Flag: " + response.getHeader().getFlag(Flags.AD));
160+
System.out.println("RCode: " + Rcode.string(response.getRcode()));
161+
for (RRset set : response.getSectionRRsets(Section.ADDITIONAL)) {
162+
if (set.getName().equals(Name.root) && set.getType() == Type.TXT
163+
&& set.getDClass() == ValidatingResolver.VALIDATION_REASON_QCLASS) {
164+
System.out.println("Reason: " + ((TXTRecord) set.first()).getStrings().get(0));
165+
}
166+
}
167+
}
168+
}
169+
170+
```
171+
172+
This should result in an output like
173+
```
174+
Standard resolver:
175+
---www.dnssec-failed.org.
176+
AD-Flag: false
177+
RCode: NOERROR
178+
---www.isc.org.
179+
AD-Flag: false
180+
RCode: NOERROR
181+
182+
Validating resolver:
183+
---www.dnssec-failed.org.
184+
AD-Flag: false
185+
RCode: SERVFAIL
186+
Reason: Could not establish a chain of trust to keys for [dnssec-failed.org.]. Reason: Did not match a DS to a DNSKEY.
187+
---www.isc.org.
188+
AD-Flag: true
189+
RCode: NOERROR
190+
```

LICENSE

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,5 @@
11
Copyright (c) 1998-2019, Brian Wellington
2+
Copyright (c) 2005 VeriSign. All rights reserved.
23
Copyright (c) 2019-2021, dnsjava authors
34

45
All rights reserved.

0 commit comments

Comments
 (0)