Package org.minidns.dnssec

Class DnssecClient

  • public class DnssecClient
extends org.minidns.iterative.ReliableDnsClient

    • Nested Class Summary

      • Nested classes/interfaces inherited from class org.minidns.iterative.ReliableDnsClient

        org.minidns.iterative.ReliableDnsClient.Mode

      • Nested classes/interfaces inherited from class org.minidns.AbstractDnsClient

        org.minidns.AbstractDnsClient.IpVersionSetting

    • Field Summary

      • Fields inherited from class org.minidns.AbstractDnsClient

        cache, dataSource, DEFAULT_CACHE, DEFAULT_IP_VERSION_SETTING, insecureRandom, ipVersionSetting, LOGGER, random

    • Constructor Summary

      Constructors 
      Constructor Description
      DnssecClient()
      Create a new DNSSEC aware DNS client using the global default cache.
      DnssecClient​(org.minidns.DnsCache cache)
      Create a new DNSSEC aware DNS client with the given DNS cache.

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      void addSecureEntryPoint​(org.minidns.dnsname.DnsName name, byte[] key)
      Add a new secure entry point to the list of known secure entry points.
      void clearSecureEntryPoints()
      Clears the list of known secure entry points.
      void configureLookasideValidation​(org.minidns.dnsname.DnsName dlv)
      Enables DNSSEC Lookaside Validation (DLV) using the given DLV service.
      void disableLookasideValidation()
      Disables DNSSEC Lookaside Validation (DLV).
      void enableLookasideValidation()
      Enables DNSSEC Lookaside Validation (DLV) using the default DLV service at dlv.isc.org.
      protected java.lang.String isResponseAcceptable​(org.minidns.dnsmessage.DnsMessage response)  
      boolean isStripSignatureRecords()
      Whether signature records (RRSIG) are stripped from the resulting DnsMessage.
      protected org.minidns.dnsmessage.DnsMessage.Builder newQuestion​(org.minidns.dnsmessage.DnsMessage.Builder message)  
      org.minidns.dnsqueryresult.DnsQueryResult query​(org.minidns.dnsmessage.Question q)  
      DnssecQueryResult queryDnssec​(java.lang.CharSequence name, org.minidns.record.Record.TYPE type)  
      DnssecQueryResult queryDnssec​(org.minidns.dnsmessage.Question q)  
      void removeSecureEntryPoint​(org.minidns.dnsname.DnsName name)
      Remove the secure entry point stored for a domain name.
      void setStripSignatureRecords​(boolean stripSignatureRecords)
      Enable or disable stripping of signature records (RRSIG) from the result DnsMessage.

      • Methods inherited from class org.minidns.iterative.ReliableDnsClient

        isResponseCacheable, query, setDataSource, setMode, setUseHardcodedDnsServers

      • Methods inherited from class org.minidns.AbstractDnsClient

        getCache, getCachedIPv4AddressesFor, getCachedIPv4NameserverAddressesFor, getCachedIPv6AddressesFor, getCachedIPv6NameserverAddressesFor, getCachedNameserverRecordsFor, getDataSource, getPreferedIpVersion, getQueryFor, query, query, query, query, query, query, query, query, query, query, queryAsync, queryAsync, queryAsync, queryAsync, queryAsync, setDefaultIpVersion, setPreferedIpVersion

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • DnssecClient

        public DnssecClient()
        Create a new DNSSEC aware DNS client using the global default cache.

      • DnssecClient

        public DnssecClient​(org.minidns.DnsCache cache)
        Create a new DNSSEC aware DNS client with the given DNS cache.
        Parameters:
        cache - The backend DNS cache.

    • Method Detail

      • query

        public org.minidns.dnsqueryresult.DnsQueryResult query​(org.minidns.dnsmessage.Question q)
                                                throws java.io.IOException
        Overrides:
        query in class org.minidns.AbstractDnsClient
        Throws:
        java.io.IOException

      • queryDnssec

        public DnssecQueryResult queryDnssec​(java.lang.CharSequence name,
                                     org.minidns.record.Record.TYPE type)
                              throws java.io.IOException
        Throws:
        java.io.IOException

      • queryDnssec

        public DnssecQueryResult queryDnssec​(org.minidns.dnsmessage.Question q)
                              throws java.io.IOException
        Throws:
        java.io.IOException

      • newQuestion

        protected org.minidns.dnsmessage.DnsMessage.Builder newQuestion​(org.minidns.dnsmessage.DnsMessage.Builder message)
        Overrides:
        newQuestion in class org.minidns.iterative.ReliableDnsClient

      • isResponseAcceptable

        protected java.lang.String isResponseAcceptable​(org.minidns.dnsmessage.DnsMessage response)
        Overrides:
        isResponseAcceptable in class org.minidns.iterative.ReliableDnsClient

      • addSecureEntryPoint

        public void addSecureEntryPoint​(org.minidns.dnsname.DnsName name,
                                byte[] key)
        Add a new secure entry point to the list of known secure entry points. A secure entry point acts as a trust anchor. By default, the only secure entry point is the key signing key provided by the root zone.
        Parameters:
        name - The domain name originating the key. Once the secure entry point for this domain is requested, the resolver will use this key without further verification instead of using the DNS system to verify the key.
        key - The secure entry point corresponding to the domain name. This key can be retrieved by requesting the DNSKEY record for the domain and using the key with first flags bit set (also called key signing key)

      • removeSecureEntryPoint

        public void removeSecureEntryPoint​(org.minidns.dnsname.DnsName name)
        Remove the secure entry point stored for a domain name.
        Parameters:
        name - The domain name of which the corresponding secure entry point shall be removed. For the root zone, use the empty string here.

      • clearSecureEntryPoints

        public void clearSecureEntryPoints()
        Clears the list of known secure entry points. This will also remove the secure entry point of the root zone and thus render this instance useless until a new secure entry point is added.

      • isStripSignatureRecords

        public boolean isStripSignatureRecords()
        Whether signature records (RRSIG) are stripped from the resulting DnsMessage. Default is true.
        Returns:
        Whether signature records are stripped.

      • setStripSignatureRecords

        public void setStripSignatureRecords​(boolean stripSignatureRecords)
        Enable or disable stripping of signature records (RRSIG) from the result DnsMessage.
        Parameters:
        stripSignatureRecords - Whether signature records shall be stripped.

      • enableLookasideValidation

        public void enableLookasideValidation()
        Enables DNSSEC Lookaside Validation (DLV) using the default DLV service at dlv.isc.org.

      • disableLookasideValidation

        public void disableLookasideValidation()
        Disables DNSSEC Lookaside Validation (DLV). DLV is disabled by default, this is only required if enableLookasideValidation() was used before.

      • configureLookasideValidation

        public void configureLookasideValidation​(org.minidns.dnsname.DnsName dlv)
        Enables DNSSEC Lookaside Validation (DLV) using the given DLV service.
        Parameters:
        dlv - The domain name of the DLV service to be used or null to disable DLV.