Skip to content

Import dnssecjava #209

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
ibauersachs merged 12 commits into from
Jan 23, 2022
Merged

Import dnssecjava #209

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
bc5f587
Import dnssecjava
ibauersachs Aug 15, 2021
3da29a1
Keep dnssec classes package-private as much as possible
ibauersachs Aug 15, 2021
9119b5d
Avoid unnecessary object creations
ibauersachs Aug 21, 2021
a9e493a
Fix doc
ibauersachs Sep 26, 2021
407ab36
Add intial support for EDE
ibauersachs Oct 2, 2021
4c75884
Prepare dnssec for EDE answers
ibauersachs Oct 22, 2021
a55b940
Work on EDE
ibauersachs Nov 13, 2021
705bd9d
Add doc to EDE constants from RFC8914
ibauersachs Dec 25, 2021
bd7021b
Add missing separator
ibauersachs Dec 25, 2021
0302a87
EDE validation
ibauersachs Dec 25, 2021
46f9509
Workaround for siom79/japicmp#281
ibauersachs Dec 25, 2021
b37ba45
Cleanup log statements
ibauersachs Dec 25, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
66 changes: 66 additions & 0 deletions EXAMPLES.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -122,3 +122,69 @@ for (int i = 0; i < n.labels(); i++) {
System.out.println(n.getLabelString(i));
}
```

## DNSSEC Resolver

```java
import java.io.*;

import java.nio.charset.StandardCharsets;
import org.xbill.DNS.*;

public class ResolveExample {

static String ROOT = ". IN DS 20326 8 2 E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D";

public static void main(String[] args) throws Exception {
// Send two sample queries using a standard resolver
SimpleResolver sr = new SimpleResolver("4.2.2.1");
System.out.println("Standard resolver:");
sendAndPrint(sr, "www.dnssec-failed.org.");
sendAndPrint(sr, "www.isc.org.");

// Send the same queries using the validating resolver with the
// trust anchor of the root zone
// http://data.iana.org/root-anchors/root-anchors.xml
ValidatingResolver vr = new ValidatingResolver(sr);
vr.loadTrustAnchors(new ByteArrayInputStream(ROOT.getBytes(StandardCharsets.US_ASCII)));
System.out.println("\n\nValidating resolver:");
sendAndPrint(vr, "www.dnssec-failed.org.");
sendAndPrint(vr, "www.isc.org.");
}

private static void sendAndPrint(Resolver vr, String name) throws IOException {
System.out.println("\n---" + name);
Record qr = Record.newRecord(Name.fromConstantString(name), Type.A, DClass.IN);
Message response = vr.send(Message.newQuery(qr));
System.out.println("AD-Flag: " + response.getHeader().getFlag(Flags.AD));
System.out.println("RCode: " + Rcode.string(response.getRcode()));
for (RRset set : response.getSectionRRsets(Section.ADDITIONAL)) {
if (set.getName().equals(Name.root) && set.getType() == Type.TXT
&& set.getDClass() == ValidatingResolver.VALIDATION_REASON_QCLASS) {
System.out.println("Reason: " + ((TXTRecord) set.first()).getStrings().get(0));
}
}
}
}

```

This should result in an output like
```
Standard resolver:
---www.dnssec-failed.org.
AD-Flag: false
RCode: NOERROR
---www.isc.org.
AD-Flag: false
RCode: NOERROR

Validating resolver:
---www.dnssec-failed.org.
AD-Flag: false
RCode: SERVFAIL
Reason: Could not establish a chain of trust to keys for [dnssec-failed.org.]. Reason: Did not match a DS to a DNSKEY.
---www.isc.org.
AD-Flag: true
RCode: NOERROR
```
1 change: 1 addition & 0 deletions LICENSE
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
Copyright (c) 1998-2019, Brian Wellington
Copyright (c) 2005 VeriSign. All rights reserved.
Copyright (c) 2019-2021, dnsjava authors

All rights reserved.
Expand Down
Loading