Package org.minidns.dnssec

Class DnssecClient

java.lang.Object
org.minidns.AbstractDnsClient
org.minidns.iterative.ReliableDnsClient
org.minidns.dnssec.DnssecClient
public class DnssecClient extends ReliableDnsClient

  • Constructor Details

    • DnssecClient

      public DnssecClient()
      Create a new DNSSEC aware DNS client using the global default cache.

    • DnssecClient

      public DnssecClient(DnsCache cache)
      Create a new DNSSEC aware DNS client with the given DNS cache.
      Parameters:
      cache - The backend DNS cache.

  • Method Details

    • query

      public DnsQueryResult query(Question q) throws IOException
      Overrides:
      query in class AbstractDnsClient
      Throws:
      IOException

    • queryDnssec

      public DnssecQueryResult queryDnssec(CharSequence name, Record.TYPE type) throws IOException
      Throws:
      IOException

    • queryDnssec

      public DnssecQueryResult queryDnssec(Question q) throws IOException
      Throws:
      IOException

    • newQuestion

      protected DnsMessage.Builder newQuestion(DnsMessage.Builder message)
      Overrides:
      newQuestion in class ReliableDnsClient

    • isResponseAcceptable

      protected String isResponseAcceptable(DnsMessage response)
      Description copied from class: ReliableDnsClient
      Check if the response from the system's nameserver is acceptable. Must return null if the response is acceptable, or a String describing why it is not acceptable. If the response is not acceptable then ReliableDnsClient will fall back to resolve the query iteratively.
      Overrides:
      isResponseAcceptable in class ReliableDnsClient
      Parameters:
      response - the response we got from the system's nameserver.
      Returns:
      null if the response is acceptable, or a String if not.

    • addSecureEntryPoint

      public final void addSecureEntryPoint(DnsName name, byte[] key)
      Add a new secure entry point to the list of known secure entry points. A secure entry point acts as a trust anchor. By default, the only secure entry point is the key signing key provided by the root zone.
      Parameters:
      name - The domain name originating the key. Once the secure entry point for this domain is requested, the resolver will use this key without further verification instead of using the DNS system to verify the key.
      key - The secure entry point corresponding to the domain name. This key can be retrieved by requesting the DNSKEY record for the domain and using the key with first flags bit set (also called key signing key)

    • removeSecureEntryPoint

      public void removeSecureEntryPoint(DnsName name)
      Remove the secure entry point stored for a domain name.
      Parameters:
      name - The domain name of which the corresponding secure entry point shall be removed. For the root zone, use the empty string here.

    • clearSecureEntryPoints

      public void clearSecureEntryPoints()
      Clears the list of known secure entry points. This will also remove the secure entry point of the root zone and thus render this instance useless until a new secure entry point is added.

    • isStripSignatureRecords

      public boolean isStripSignatureRecords()
      Whether signature records (RRSIG) are stripped from the resulting DnsMessage. Default is true.
      Returns:
      Whether signature records are stripped.

    • setStripSignatureRecords

      public void setStripSignatureRecords(boolean stripSignatureRecords)
      Enable or disable stripping of signature records (RRSIG) from the result DnsMessage.
      Parameters:
      stripSignatureRecords - Whether signature records shall be stripped.

    • enableLookasideValidation

      public void enableLookasideValidation()
      Enables DNSSEC Lookaside Validation (DLV) using the default DLV service at dlv.isc.org.

    • disableLookasideValidation

      public void disableLookasideValidation()
      Disables DNSSEC Lookaside Validation (DLV). DLV is disabled by default, this is only required if enableLookasideValidation() was used before.

    • configureLookasideValidation

      public void configureLookasideValidation(DnsName dlv)
      Enables DNSSEC Lookaside Validation (DLV) using the given DLV service.
      Parameters:
      dlv - The domain name of the DLV service to be used or null to disable DLV.