org.minidns.dnssec

Class DnssecClient

java.lang.Object

org.minidns.AbstractDnsClient

org.minidns.iterative.ReliableDnsClient

org.minidns.dnssec.DnssecClient

public class DnssecClient
extends ReliableDnsClient

Nested Class Summary

Nested classes/interfaces inherited from class org.minidns.iterative.ReliableDnsClient

ReliableDnsClient.Mode

Nested classes/interfaces inherited from class org.minidns.AbstractDnsClient

AbstractDnsClient.IpVersionSetting

Field Summary

Fields inherited from class org.minidns.AbstractDnsClient

cache, dataSource, DEFAULT_CACHE, DEFAULT_IP_VERSION_SETTING, insecureRandom, ipVersionSetting, LOGGER, random

Constructor Summary

Constructors

Constructor and Description
DnssecClient() Create a new DNSSEC aware DNS client using the global default cache.
DnssecClient(DnsCache cache) Create a new DNSSEC aware DNS client with the given DNS cache.

Method Summary

Modifier and Type	Method and Description
void	addSecureEntryPoint(DnsName name, byte[] key) Add a new secure entry point to the list of known secure entry points.
void	clearSecureEntryPoints() Clears the list of known secure entry points.
void	configureLookasideValidation(DnsName dlv) Enables DNSSEC Lookaside Validation (DLV) using the given DLV service.
void	disableLookasideValidation() Disables DNSSEC Lookaside Validation (DLV).
void	enableLookasideValidation() Enables DNSSEC Lookaside Validation (DLV) using the default DLV service at dlv.isc.org.
protected String	isResponseAcceptable(DnsMessage response) Check if the response from the system's nameserver is acceptable.
protected boolean	isResponseCacheable(Question q, DnsMessage dnsMessage) Whether a response from the DNS system should be cached or not.
boolean	isStripSignatureRecords() Whether signature records (RRSIG) are stripped from the resulting DnsMessage.
protected DnsMessage.Builder	newQuestion(DnsMessage.Builder message)
DnsMessage	query(Question q)
DnssecMessage	queryDnssec(CharSequence name, Record.TYPE type)
DnssecMessage	queryDnssec(Question q)
void	removeSecureEntryPoint(DnsName name) Remove the secure entry point stored for a domain name.
void	setStripSignatureRecords(boolean stripSignatureRecords) Enable or disable stripping of signature records (RRSIG) from the result DnsMessage.

Methods inherited from class org.minidns.iterative.ReliableDnsClient

query, setDataSource, setMode

Methods inherited from class org.minidns.AbstractDnsClient

getCache, getCachedIPv4AddressesFor, getCachedIPv4NameserverAddressesFor, getCachedIPv6AddressesFor, getCachedIPv6NameserverAddressesFor, getCachedNameserverRecordsFor, getDataSource, getPreferedIpVersion, getQueryFor, query, query, query, query, query, query, query, query, query, query, queryAsync, queryAsync, queryAsync, queryAsync, queryAsync, setDefaultIpVersion, setPreferedIpVersion

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

DnssecClient

public DnssecClient()

Create a new DNSSEC aware DNS client using the global default cache.

DnssecClient

public DnssecClient(DnsCache cache)

Create a new DNSSEC aware DNS client with the given DNS cache.

Parameters:

cache - The backend DNS cache.

Method Detail

query

public DnsMessage query(Question q)
                 throws IOException

Overrides:

query in class AbstractDnsClient

Throws:

IOException

queryDnssec

public DnssecMessage queryDnssec(CharSequence name,
                                 Record.TYPE type)
                          throws IOException

Throws:

IOException

queryDnssec

public DnssecMessage queryDnssec(Question q)
                          throws IOException

Throws:

IOException

isResponseCacheable

protected boolean isResponseCacheable(Question q,
                                      DnsMessage dnsMessage)

Description copied from class: AbstractDnsClient

Whether a response from the DNS system should be cached or not.

Overrides:

isResponseCacheable in class ReliableDnsClient

Parameters:

q - The question the response message should answer.

dnsMessage - The response message received using the DNS client.

Returns:

True, if the response should be cached, false otherwise.

newQuestion

protected DnsMessage.Builder newQuestion(DnsMessage.Builder message)

Overrides:

newQuestion in class ReliableDnsClient

isResponseAcceptable

protected String isResponseAcceptable(DnsMessage response)

Description copied from class: ReliableDnsClient

Check if the response from the system's nameserver is acceptable. Must return null if the response is acceptable, or a String describing why it is not acceptable. If the response is not acceptable then ReliableDnsClient will fall back to resolve the query iteratively.

Overrides:

isResponseAcceptable in class ReliableDnsClient

Parameters:

response - the response we got from the system's nameserver.

Returns:

null if the response is acceptable, or a String if not.

addSecureEntryPoint

public void addSecureEntryPoint(DnsName name,
                                byte[] key)

Add a new secure entry point to the list of known secure entry points. A secure entry point acts as a trust anchor. By default, the only secure entry point is the key signing key provided by the root zone.

Parameters:

name - The domain name originating the key. Once the secure entry point for this domain is requested, the resolver will use this key without further verification instead of using the DNS system to verify the key.

key - The secure entry point corresponding to the domain name. This key can be retrieved by requesting the DNSKEY record for the domain and using the key with first flags bit set (also called key signing key)

removeSecureEntryPoint

public void removeSecureEntryPoint(DnsName name)

Remove the secure entry point stored for a domain name.

Parameters:

name - The domain name of which the corresponding secure entry point shall be removed. For the root zone, use the empty string here.

clearSecureEntryPoints

public void clearSecureEntryPoints()

Clears the list of known secure entry points. This will also remove the secure entry point of the root zone and thus render this instance useless until a new secure entry point is added.

isStripSignatureRecords

public boolean isStripSignatureRecords()

Whether signature records (RRSIG) are stripped from the resulting DnsMessage. Default is true.

Returns:

Whether signature records are stripped.

setStripSignatureRecords

public void setStripSignatureRecords(boolean stripSignatureRecords)

Enable or disable stripping of signature records (RRSIG) from the result DnsMessage.

Parameters:

stripSignatureRecords - Whether signature records shall be stripped.

enableLookasideValidation

public void enableLookasideValidation()

Enables DNSSEC Lookaside Validation (DLV) using the default DLV service at dlv.isc.org.

disableLookasideValidation

public void disableLookasideValidation()

Disables DNSSEC Lookaside Validation (DLV). DLV is disabled by default, this is only required if enableLookasideValidation() was used before.

configureLookasideValidation

public void configureLookasideValidation(DnsName dlv)

Enables DNSSEC Lookaside Validation (DLV) using the given DLV service.

Parameters:

dlv - The domain name of the DLV service to be used or null to disable DLV.