dnsjava is an implementation of DNS in Java. It supports all defined record
types (including the DNSSEC types), and unknown types. It can be used for
queries, zone transfers, and dynamic updates. It includes a cache which can be
used by clients, and a minimal implementation of a server. It supports TSIG
authenticated messages, partial DNSSEC verification, and EDNS0.
dnsjava provides functionality above and beyond that of the InetAddress class. Since it is written in pure Java, dnsjava is fully threadable, and in many cases is faster than using InetAddress.
dnsjava provides both high and low level access to DNS. The high level functions perform queries for records of a given name, type, and class, and return the answer or reason for failure. There are also functions similar to those in the InetAddress class. A cache is used to reduce the number of DNS queries sent. The low level functions allow direct manipulation of DNS messages and records, as well as allowing additional resolver properties to be set.
A simple tool for doing DNS lookups, a 'dig' clone and a dynamic update client are included, as well as a simple authoritative-only server.
For more information, see the README file in the source distribution.
For information on the sample programs included, see the USAGE file in the source distribution.
For API documentation, see the Javadoc documentation in the source distribution or the examples.html file.
Please read this documentation before asking questions.
dnsjava is under the BSD license.
Other software using dnsjava
The dnsjava project is hosted at Sourceforge.
The current version can also be downloaded here, and the current Changelog viewed here. Releases are only published to dnsjava.org and Sourceforge.
from http://www.dnsjava.org
Unit tests are currently covering over 95% of the code, including 123 from the current production Unbound. Also keep in mind that while most of the code paths are covered by unit tests, this does not mean it is performing according to the RFCs or that something that should be checked for is really done.
See the To-Do list for more details.
This should result in an output like
dnsjava provides functionality above and beyond that of the InetAddress class. Since it is written in pure Java, dnsjava is fully threadable, and in many cases is faster than using InetAddress.
dnsjava provides both high and low level access to DNS. The high level functions perform queries for records of a given name, type, and class, and return the answer or reason for failure. There are also functions similar to those in the InetAddress class. A cache is used to reduce the number of DNS queries sent. The low level functions allow direct manipulation of DNS messages and records, as well as allowing additional resolver properties to be set.
A simple tool for doing DNS lookups, a 'dig' clone and a dynamic update client are included, as well as a simple authoritative-only server.
For more information, see the README file in the source distribution.
For information on the sample programs included, see the USAGE file in the source distribution.
For API documentation, see the Javadoc documentation in the source distribution or the examples.html file.
Please read this documentation before asking questions.
dnsjava is under the BSD license.
Other software using dnsjava
- Muffin - a filtering proxy server
- JaMS - a mail server
- JAMES - Java Apache Mail Server
- CustomDNS - a configurable DNS server
- CRSMail - a mail server
- JacORB - a Java ORB
- Jackpot - an SMTP relay honeypot
- Scarab - a defect tracking system
- Java Email Server
- Jsmtpd - a java smtp daemon
- jSPF - a pure java SPF implementation
- SecSpider - DNSSEC monitoring software
- Rabbit4 - a web proxy
- Netifera - a platform for creating network security tools
- Eagle DNS - an authoritative DNS server
- Aspirin - an embedded SMTP server
- Ping & DNS - an Android app
- jain-sip-rfc3263-router - RFC 3263 support for JAIN-SIP
The dnsjava project is hosted at Sourceforge.
The current version can also be downloaded here, and the current Changelog viewed here. Releases are only published to dnsjava.org and Sourceforge.
from http://www.dnsjava.org
----------------------------------------
dnssecjava
A DNSSEC validating stub resolver for Java.Is this library safe to use?
Maybe. There's been no audit of the code so far, so there are absolutely no guarantees. The rest depends currently on your use case: the proof that a positive response is correct should be safe to use. Most of the NXDOMAIN/NODATA responses are safe too, but there are some corner cases that have no tests yet.Unit tests are currently covering over 95% of the code, including 123 from the current production Unbound. Also keep in mind that while most of the code paths are covered by unit tests, this does not mean it is performing according to the RFCs or that something that should be checked for is really done.
See the To-Do list for more details.
History
This project is based on the work of the Unbound Java prototype from 2005/2006. The Unbound prototype was stripped from all unnecessary parts, heavily modified, complemented with more than 300 unit test and found bugs were fixed.Released versions
- 1.1: Change logging to slf4j
- 1.0: Initial release
Usage
The project is intended to be used as aResolver
for
DNSJAVA. Validated, secure responses contain
the DNS AD
-flag, while responses that failed validation return the
SERVFAIL
-RCode. Insecure responses return the actual return code
without the AD
-flag set.
The reason why the validation failed or is insecure is provided as
a localized string in the additional section under the record ./65280/TXT
(a TXT record for the owner name of the root zone in the private query class
ValidatingResolver.VALIDATION_REASON_QCLASS
).Example
import java.io.*;
import org.jitsi.dnssec.validator.ValidatingResolver;
import org.xbill.DNS.*;
public class ResolveExample {
static String ROOT = ". IN DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5";
public static void main(String[] args) throws Exception {
// Send two sample queries using a standard DNSJAVA resolver
SimpleResolver sr = new SimpleResolver("4.2.2.1");
System.out.println("Standard resolver:");
sendAndPrint(sr, "www.dnssec-failed.org.");
sendAndPrint(sr, "www.isc.org.");
// Send the same queries using the validating resolver with the
// trust anchor of the root zone
// http://data.iana.org/root-anchors/root-anchors.xml
ValidatingResolver vr = new ValidatingResolver(sr);
vr.loadTrustAnchors(new ByteArrayInputStream(ROOT.getBytes("ASCII")));
System.out.println("\n\nValidating resolver:");
sendAndPrint(vr, "www.dnssec-failed.org.");
sendAndPrint(vr, "www.isc.org.");
}
private static void sendAndPrint(Resolver vr, String name) throws IOException {
System.out.println("\n---" + name);
Record qr = Record.newRecord(Name.fromConstantString(name), Type.A, DClass.IN);
Message response = vr.send(Message.newQuery(qr));
System.out.println("AD-Flag: " + response.getHeader().getFlag(Flags.AD));
System.out.println("RCode: " + Rcode.string(response.getRcode()));
for (RRset set : response.getSectionRRsets(Section.ADDITIONAL)) {
if (set.getName().equals(Name.root) && set.getType() == Type.TXT
&& set.getDClass() == ValidatingResolver.VALIDATION_REASON_QCLASS) {
System.out.println("Reason: " + ((TXTRecord) set.first()).getStrings().get(0));
}
}
}
}
Standard resolver:
---www.dnssec-failed.org.
AD-Flag: false
RCode: NOERROR
---www.isc.org.
AD-Flag: false
RCode: NOERROR
Validating resolver:
---www.dnssec-failed.org.
AD-Flag: false
RCode: SERVFAIL
Reason: Could not establish a chain of trust to keys for [dnssec-failed.org.]. Reason: Did not match a DS to a DNSKEY.
---www.isc.org.
AD-Flag: true
RCode: NOERROR
Build
Runmvn package
from https://github.com/ibauersachs/dnssecjava
---------------
https://github.com/adamfisk/DNSSEC4J
-----------------