Package org.xbill.DNS.dnssec

Class ValidatingResolver

java.lang.Object
org.xbill.DNS.dnssec.ValidatingResolver
All Implemented Interfaces:
Resolver
public final class ValidatingResolver extends Object implements Resolver
This resolver validates responses with DNSSEC.
Since:
3.5

  • Field Details

    • TRUST_ANCHOR_FILE_PROPERTY

      public static final String TRUST_ANCHOR_FILE_PROPERTY
      Property name from where the trust anchors are loaded.
      Since:
      3.6
      See Also:

    • VALIDATION_REASON_QCLASS

      public static final int VALIDATION_REASON_QCLASS
      The QCLASS being used for the injection of the reason why the validator came to the returned result.
      See Also:

  • Constructor Details

    • ValidatingResolver

      public ValidatingResolver(Resolver headResolver)
      Creates a new instance of this class.
      Parameters:
      headResolver - The resolver to which queries for DS, DNSKEY and referring CNAME records are sent.

    • ValidatingResolver

      public ValidatingResolver(Resolver headResolver, Clock clock)
      Creates a new instance of this class.
      Parameters:
      headResolver - The resolver to which queries for DS, DNSKEY and referring CNAME records are sent.
      clock - the Clock to validate messages.

  • Method Details

    • init

      public void init(Properties config) throws IOException
      Initialize the module. Recognized configuration values:
      "dnsjava.dnssec.trust_anchor_file"
      A filename from where to load the trust anchors
      See links for other initialized classes and their configuration values (or the readme).
      Parameters:
      config - The configuration data for this module.
      Throws:
      IOException - When the file specified in the config does not exist or cannot be read.
      See Also:
      • KeyCache.init(Properties)
      • ValUtils.init(Properties)
      • NSEC3ValUtils.init(Properties)
      • DnsSecVerifier.init(Properties)

    • loadTrustAnchors

      public void loadTrustAnchors(InputStream data) throws IOException
      Load the trust anchor file into the trust anchor store. The trust anchors are currently stored in a zone file format list of DNSKEY or DS records.
      Parameters:
      data - The trust anchor data.
      Throws:
      IOException - when the trust anchor data could not be read.

    • getTrustAnchors

      public TrustAnchorStore getTrustAnchors()
      Gets the store with the loaded trust anchors.
      Returns:
      The store with the loaded trust anchors.
      Since:
      3.6

    • setPort

      public void setPort(int port)
      Forwards the data to the head resolver passed at construction time.
      Specified by:
      setPort in interface Resolver
      Parameters:
      port - The IP destination port for the queries sent.
      See Also:

    • setTCP

      public void setTCP(boolean flag)
      Forwards the data to the head resolver passed at construction time.
      Specified by:
      setTCP in interface Resolver
      Parameters:
      flag - true to enable TCP, false to disable it.
      See Also:

    • setIgnoreTruncation

      public void setIgnoreTruncation(boolean flag)
      This is a no-op, truncation is never ignored.
      Specified by:
      setIgnoreTruncation in interface Resolver
      Parameters:
      flag - unused

    • setEDNS

      public void setEDNS(int version, int payloadSize, int flags, List<EDNSOption> options)
      The method is forwarded to the resolver, but always ensure that the level is 0 and the flags contains DO.
      Specified by:
      setEDNS in interface Resolver
      Parameters:
      version - The EDNS level to use. 0 indicates EDNS0.
      payloadSize - The maximum DNS packet size that this host is capable of receiving over UDP. If 0 is specified, the default (1280) is used.
      flags - EDNS extended flags to be set in the OPT record, ExtendedFlags.DO is always appended.
      options - EDNS options to be set in the OPT record, specified as a List of OPTRecord.Option elements.
      See Also:

    • setTSIGKey

      public void setTSIGKey(TSIG key)
      Forwards the data to the head resolver passed at construction time.
      Specified by:
      setTSIGKey in interface Resolver
      Parameters:
      key - The key.
      See Also:

    • getTimeout

      public Duration getTimeout()
      Description copied from interface: Resolver
      Gets the amount of time to wait for a response before giving up.
      Specified by:
      getTimeout in interface Resolver
      See Also:

    • setTimeout

      public void setTimeout(Duration duration)
      Description copied from interface: Resolver
      Sets the amount of time to wait for a response before giving up.
      Specified by:
      setTimeout in interface Resolver
      Parameters:
      duration - The amount of time to wait.

    • sendAsync

      public CompletionStage<Message> sendAsync(Message query, Executor executor)
      Asynchronously sends a message and validates the response with DNSSEC before returning it.
      Specified by:
      sendAsync in interface Resolver
      Parameters:
      query - The query to send.
      executor - The service to use for async operations.
      Returns:
      A future that completes when the query is finished.

    • isAddReasonToAdditional

      public boolean isAddReasonToAdditional()
      If true, an additional record with the validation reason is added to the Section.ADDITIONAL section. The record is available at ./TXT/65280.

    • setAddReasonToAdditional

      public void setAddReasonToAdditional(boolean isAddReasonToAdditional)
      If true, an additional record with the validation reason is added to the Section.ADDITIONAL section. The record is available at ./TXT/65280.