Package org.minidns.dnssec
Class DnssecClient
- java.lang.Object
-
- org.minidns.AbstractDnsClient
-
- org.minidns.iterative.ReliableDnsClient
-
- org.minidns.dnssec.DnssecClient
-
public class DnssecClient extends ReliableDnsClient
-
-
Nested Class Summary
-
Nested classes/interfaces inherited from class org.minidns.iterative.ReliableDnsClient
ReliableDnsClient.Mode
-
Nested classes/interfaces inherited from class org.minidns.AbstractDnsClient
AbstractDnsClient.IpVersionSetting
-
-
Field Summary
-
Fields inherited from class org.minidns.AbstractDnsClient
cache, dataSource, DEFAULT_CACHE, DEFAULT_IP_VERSION_SETTING, insecureRandom, ipVersionSetting, LOGGER, random
-
-
Constructor Summary
Constructors Constructor Description DnssecClient()
Create a new DNSSEC aware DNS client using the global default cache.DnssecClient(DnsCache cache)
Create a new DNSSEC aware DNS client with the given DNS cache.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
addSecureEntryPoint(DnsName name, byte[] key)
Add a new secure entry point to the list of known secure entry points.void
clearSecureEntryPoints()
Clears the list of known secure entry points.void
configureLookasideValidation(DnsName dlv)
Enables DNSSEC Lookaside Validation (DLV) using the given DLV service.void
disableLookasideValidation()
Disables DNSSEC Lookaside Validation (DLV).void
enableLookasideValidation()
Enables DNSSEC Lookaside Validation (DLV) using the default DLV service at dlv.isc.org.protected java.lang.String
isResponseAcceptable(DnsMessage response)
Check if the response from the system's nameserver is acceptable.boolean
isStripSignatureRecords()
Whether signature records (RRSIG) are stripped from the resultingDnsMessage
.protected DnsMessage.Builder
newQuestion(DnsMessage.Builder message)
DnsQueryResult
query(Question q)
DnssecQueryResult
queryDnssec(java.lang.CharSequence name, Record.TYPE type)
DnssecQueryResult
queryDnssec(Question q)
void
removeSecureEntryPoint(DnsName name)
Remove the secure entry point stored for a domain name.void
setStripSignatureRecords(boolean stripSignatureRecords)
Enable or disable stripping of signature records (RRSIG) from the resultDnsMessage
.-
Methods inherited from class org.minidns.iterative.ReliableDnsClient
isResponseCacheable, query, setDataSource, setMode, setUseHardcodedDnsServers
-
Methods inherited from class org.minidns.AbstractDnsClient
getCache, getCachedIPv4AddressesFor, getCachedIPv4NameserverAddressesFor, getCachedIPv6AddressesFor, getCachedIPv6NameserverAddressesFor, getCachedNameserverRecordsFor, getDataSource, getPreferedIpVersion, getQueryFor, query, query, query, query, query, query, query, query, query, query, queryAsync, queryAsync, queryAsync, queryAsync, queryAsync, setDefaultIpVersion, setPreferedIpVersion
-
-
-
-
Constructor Detail
-
DnssecClient
public DnssecClient()
Create a new DNSSEC aware DNS client using the global default cache.
-
DnssecClient
public DnssecClient(DnsCache cache)
Create a new DNSSEC aware DNS client with the given DNS cache.- Parameters:
cache
- The backend DNS cache.
-
-
Method Detail
-
query
public DnsQueryResult query(Question q) throws java.io.IOException
- Overrides:
query
in classAbstractDnsClient
- Throws:
java.io.IOException
-
queryDnssec
public DnssecQueryResult queryDnssec(java.lang.CharSequence name, Record.TYPE type) throws java.io.IOException
- Throws:
java.io.IOException
-
queryDnssec
public DnssecQueryResult queryDnssec(Question q) throws java.io.IOException
- Throws:
java.io.IOException
-
newQuestion
protected DnsMessage.Builder newQuestion(DnsMessage.Builder message)
- Overrides:
newQuestion
in classReliableDnsClient
-
isResponseAcceptable
protected java.lang.String isResponseAcceptable(DnsMessage response)
Description copied from class:ReliableDnsClient
Check if the response from the system's nameserver is acceptable. Must returnnull
if the response is acceptable, or a String describing why it is not acceptable. If the response is not acceptable thenReliableDnsClient
will fall back to resolve the query iteratively.- Overrides:
isResponseAcceptable
in classReliableDnsClient
- Parameters:
response
- the response we got from the system's nameserver.- Returns:
null
if the response is acceptable, or a String if not.
-
addSecureEntryPoint
public final void addSecureEntryPoint(DnsName name, byte[] key)
Add a new secure entry point to the list of known secure entry points. A secure entry point acts as a trust anchor. By default, the only secure entry point is the key signing key provided by the root zone.- Parameters:
name
- The domain name originating the key. Once the secure entry point for this domain is requested, the resolver will use this key without further verification instead of using the DNS system to verify the key.key
- The secure entry point corresponding to the domain name. This key can be retrieved by requesting the DNSKEY record for the domain and using the key with first flags bit set (also called key signing key)
-
removeSecureEntryPoint
public void removeSecureEntryPoint(DnsName name)
Remove the secure entry point stored for a domain name.- Parameters:
name
- The domain name of which the corresponding secure entry point shall be removed. For the root zone, use the empty string here.
-
clearSecureEntryPoints
public void clearSecureEntryPoints()
Clears the list of known secure entry points. This will also remove the secure entry point of the root zone and thus render this instance useless until a new secure entry point is added.
-
isStripSignatureRecords
public boolean isStripSignatureRecords()
Whether signature records (RRSIG) are stripped from the resultingDnsMessage
. Default istrue
.- Returns:
- Whether signature records are stripped.
-
setStripSignatureRecords
public void setStripSignatureRecords(boolean stripSignatureRecords)
Enable or disable stripping of signature records (RRSIG) from the resultDnsMessage
.- Parameters:
stripSignatureRecords
- Whether signature records shall be stripped.
-
enableLookasideValidation
public void enableLookasideValidation()
Enables DNSSEC Lookaside Validation (DLV) using the default DLV service at dlv.isc.org.
-
disableLookasideValidation
public void disableLookasideValidation()
Disables DNSSEC Lookaside Validation (DLV). DLV is disabled by default, this is only required ifenableLookasideValidation()
was used before.
-
configureLookasideValidation
public void configureLookasideValidation(DnsName dlv)
Enables DNSSEC Lookaside Validation (DLV) using the given DLV service.- Parameters:
dlv
- The domain name of the DLV service to be used ornull
to disable DLV.
-
-