pax_global_header00006660000000000000000000000064146734755400014531gustar00rootroot0000000000000052 comment=81148caa75e492f5f9fa4eba58c2292bf2239e05 dnsjava-3.6.2/000077500000000000000000000000001467347554000131675ustar00rootroot00000000000000dnsjava-3.6.2/.editorconfig000066400000000000000000000003121467347554000156400ustar00rootroot00000000000000root = true [*] indent_style = space indent_size = 2 insert_final_newline = true charset = utf-8 end_of_line = lf trim_trailing_whitespace = true [{pom.xml,*.md}] indent_style = space indent_size = 4 dnsjava-3.6.2/.gitattributes000066400000000000000000000000331467347554000160560ustar00rootroot00000000000000* text eol=lf *.bin binary dnsjava-3.6.2/.github/000077500000000000000000000000001467347554000145275ustar00rootroot00000000000000dnsjava-3.6.2/.github/actions/000077500000000000000000000000001467347554000161675ustar00rootroot00000000000000dnsjava-3.6.2/.github/actions/download-artifact/000077500000000000000000000000001467347554000215715ustar00rootroot00000000000000dnsjava-3.6.2/.github/actions/download-artifact/action.yml000066400000000000000000000023241467347554000235720ustar00rootroot00000000000000name: Download artifact description: Wrapper around GitHub's official action, with additional extraction before download # https://github.com/actions/download-artifact/blob/main/action.yml inputs: name: description: Artifact name required: true path: description: Destination path required: false default: . runs: using: composite steps: - name: Download artifacts if: github.event_name != 'workflow_run' uses: actions/download-artifact@v4 with: pattern: ${{ inputs.name }} path: ${{ inputs.path }} merge-multiple: true - name: Download artifacts if: github.event_name == 'workflow_run' uses: dawidd6/action-download-artifact@v6 with: workflow: ${{ github.event.workflow_run.name }} run_id: ${{ github.event.workflow_run.id }} name: ${{ inputs.name }} path: ${{ inputs.path }} - name: Extract artifacts run: | for t in ${{ inputs.name }}*.tar do tar -xvf "${t}" done shell: bash working-directory: ${{ inputs.path }} - name: Remove archive run: rm -f ${{ inputs.name }}*.tar shell: bash working-directory: ${{ inputs.path }} dnsjava-3.6.2/.github/actions/prepare-analysis/000077500000000000000000000000001467347554000214465ustar00rootroot00000000000000dnsjava-3.6.2/.github/actions/prepare-analysis/action.yml000066400000000000000000000034041467347554000234470ustar00rootroot00000000000000name: Prepare code analysis description: Prepare the working directory for SonarQube code analysis inputs: cache: description: Cache type runs: using: composite steps: - name: Get reports uses: ./.github/actions/download-artifact with: name: reports-* - name: Get coverage uses: ./.github/actions/download-artifact with: name: merged-coverage - name: Get classes uses: ./.github/actions/download-artifact with: name: classes - name: Create paths for JUnit reporting id: junit_paths shell: bash run: | report_paths="" check_name="" for file in target/surefire-reports-* do report_paths="${file}/TEST-*.xml"$'\n'"${report_paths}" check_name="JUnit Report ${file##target/surefire-reports-}"$'\n'"${check_name}" done echo "report_paths<> $GITHUB_OUTPUT echo "check_name<> $GITHUB_OUTPUT - name: Publish Test Report uses: mikepenz/action-junit-report@v4 with: commit: ${{ github.event.workflow_run.head_sha }} report_paths: ${{ steps.junit_paths.outputs.report_paths }} check_name: ${{ steps.junit_paths.outputs.check_name }} require_tests: true check_retries: true detailed_summary: true - name: Set up JDK uses: actions/setup-java@v4 with: java-version: ${{ env.BUILD_JAVA_VERSION }} distribution: temurin cache: ${{ inputs.cache }} - name: Cache SonarCloud packages if: inputs.cache uses: actions/cache@v4 with: path: ~/.sonar/cache key: ${{ runner.os }}-sonar restore-keys: ${{ runner.os }}-sonar dnsjava-3.6.2/.github/actions/upload-artifact/000077500000000000000000000000001467347554000212465ustar00rootroot00000000000000dnsjava-3.6.2/.github/actions/upload-artifact/action.yml000066400000000000000000000031621467347554000232500ustar00rootroot00000000000000name: Upload artifact description: Wrapper around GitHub's official action, with additional archiving before upload # https://github.com/actions/upload-artifact/blob/main/action.yml inputs: name: description: Artifact name required: true filename: description: Tar filename in artifact required: false default: '' path: description: One or more files, directories or wildcard pattern that describes what to upload required: true if-no-files-found: description: > The desired behavior if no files are found using the provided path. Available Options: warn: Output a warning but do not fail the action error: Fail the action with an error message ignore: Do not output any warnings or errors, the action does not fail required: false default: warn retention-days: description: > Duration after which artifact will expire in days. 0 means using default retention. Minimum 1 day. Maximum 90 days unless changed from the repository settings page. required: false default: '1' runs: using: composite steps: - name: Archive artifacts run: tar -cvf "${{inputs.name}}${{ inputs.filename }}.tar" $(echo "${{ inputs.path }}" | tr '\n' ' ') shell: bash - name: Upload artifacts uses: actions/upload-artifact@v4 with: if-no-files-found: ${{ inputs.if-no-files-found }} name: ${{ inputs.name }} path: ${{ inputs.name }}${{ inputs.filename }}.tar retention-days: ${{ inputs.retention-days }} - name: Remove archive run: rm -f ${{ inputs.name }}.tar shell: bash dnsjava-3.6.2/.github/workflows/000077500000000000000000000000001467347554000165645ustar00rootroot00000000000000dnsjava-3.6.2/.github/workflows/analyze.yml000066400000000000000000000050131467347554000207510ustar00rootroot00000000000000name: Analyze PR on: workflow_run: workflows: - 'Build' types: - completed permissions: pull-requests: read contents: read checks: write env: BUILD_JAVA_VERSION: '21' jobs: analyze: name: Analyze Code # Only run on forks, in-repo PRs are analyzed directly if: github.event.workflow_run.head_repository.owner.login != 'dnsjava' runs-on: ubuntu-latest steps: - name: Download PR number artifact id: get_pr_number uses: dawidd6/action-download-artifact@v6 with: workflow: ${{ github.event.workflow_run.name }} run_id: ${{ github.event.workflow_run.id }} name: pr_number - name: Read Pull Request Number id: pr_number run: | PR=$(cat pr_number.txt) echo "pr_number=${PR}" >> "$GITHUB_OUTPUT" - name: Request PR data from GitHub API id: get_pr_data if: steps.get_pr_number.outputs.found_artifact uses: octokit/request-action@v2.x env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: route: GET /repos/{full_name}/pulls/{number} full_name: ${{ github.event.repository.full_name }} number: ${{ steps.pr_number.outputs.pr_number }} - name: Checkout PR uses: actions/checkout@v4 with: repository: ${{ github.event.workflow_run.head_repository.full_name }} ref: ${{ github.event.workflow_run.head_sha }} # for Sonar fetch-depth: 0 - name: Make sure 'base' doesn't exist shell: bash run: rm -rf base - name: Checkout base uses: actions/checkout@v4 with: repository: ${{ github.event.repository.full_name }} ref: ${{ fromJson(steps.get_pr_data.outputs.data).base.ref }} path: base - name: Get analysis data uses: ./base/.github/actions/prepare-analysis - name: Run SonarQube env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} run: | cp -f base/pom.xml . mvn -B \ -Dsonar.scm.revision=${{ github.event.workflow_run.head_sha }} \ -Dsonar.pullrequest.key=${{ fromJson(steps.get_pr_data.outputs.data).number }} \ -Dsonar.pullrequest.branch=${{ fromJson(steps.get_pr_data.outputs.data).head.ref }} \ -Dsonar.pullrequest.base=${{ fromJson(steps.get_pr_data.outputs.data).base.ref }} \ org.sonarsource.scanner.maven:sonar-maven-plugin:sonar dnsjava-3.6.2/.github/workflows/build.yml000066400000000000000000000160511467347554000204110ustar00rootroot00000000000000name: Build on: push: branches: - master - 'release/**' pull_request: branches: - master - 'release/**' env: BUILD_JAVA_VERSION: '21' jobs: test: runs-on: ${{ matrix.os }} strategy: fail-fast: false matrix: os: [ ubuntu-latest, windows-latest ] java: [ '8', '11', '17', '21' ] arch: [ 'x64' ] include: - os: windows-latest java: '17' arch: x86 name: Java ${{ matrix.java }}/${{ matrix.arch }}/${{ matrix.os }} steps: - name: Checkout uses: actions/checkout@v4 - name: Set up JDK ${{ matrix.java }} uses: actions/setup-java@v4 with: java-version: ${{ matrix.java }} architecture: ${{ matrix.arch }} distribution: temurin cache: maven - name: Build with Maven shell: bash run: | TEST_EXCLUSIONS=$([ '${{ matrix.java }}' == '21' ] && echo "" || echo "concurrency" ) # don't exit immediately set +e mvn verify \ -B \ -Dsurefire.rerunFailingTestsCount=2 \ -"Dgpg.skip" \ -DexcludedGroups="${TEST_EXCLUSIONS}" \ jacoco:report cd target mv jacoco.exec jacoco-${{ matrix.java }}-${{ matrix.arch }}-${{ matrix.os }}.exec mv surefire-reports surefire-reports-${{ matrix.java }}-${{ matrix.arch }}-${{ matrix.os }} - name: Verify that the main classes are really compiled for Java 8 if: matrix.os == 'ubuntu-latest' run: | class_file_version=$(javap -v target/classes/org/xbill/DNS/SimpleResolver.class | grep -oP "major version: \K\d+") echo "::notice file=SimpleResolver.class::Class file version ${class_file_version}" if [ "${class_file_version}" != "52" ]; then echo "::error file=SimpleResolver.class::Class file version is not Java 8" exit 1 fi - name: Upload classes uses: ./.github/actions/upload-artifact if: always() && matrix.java == env.BUILD_JAVA_VERSION && matrix.arch == 'x64' && matrix.os == 'ubuntu-latest' with: name: classes path: target/*classes - name: Upload JUnit Reports uses: ./.github/actions/upload-artifact if: always() # always run even if the previous step fails with: name: reports-${{ matrix.java }}-${{ matrix.arch }}-${{ matrix.os }} filename: ${{ matrix.java }}-${{ matrix.arch }}-${{ matrix.os }} path: target/surefire-reports-*/TEST-*.xml - name: Upload Coverage Reports uses: ./.github/actions/upload-artifact if: always() # always run even if the previous step fails with: name: coverage-${{ matrix.java }}-${{ matrix.arch }}-${{ matrix.os }} filename: ${{ matrix.java }}-${{ matrix.arch }}-${{ matrix.os }} path: target/jacoco-${{ matrix.java }}-${{ matrix.arch }}-${{ matrix.os }}.exec report: name: JUnit Reports/JaCoCo Merge runs-on: ubuntu-latest needs: test steps: - name: Checkout uses: actions/checkout@v4 - name: Set up JDK uses: actions/setup-java@v4 with: java-version: ${{ env.BUILD_JAVA_VERSION }} distribution: temurin cache: maven - name: Get coverage artifact uses: ./.github/actions/download-artifact with: name: coverage-* - name: Get classes uses: ./.github/actions/download-artifact with: name: classes - name: Merge JaCoCo and output run: mvn -B jacoco:merge jacoco:report - name: Upload uses: ./.github/actions/upload-artifact with: name: merged-coverage path: | target/site/jacoco target/jacoco.exec - name: Save PR number to file if: github.event_name == 'pull_request' && github.event.pull_request.head.repo.owner.login != 'dnsjava' run: echo ${{ github.event.number }} > pr_number.txt - name: Archive PR number if: github.event_name == 'pull_request' && github.event.pull_request.head.repo.owner.login != 'dnsjava' uses: actions/upload-artifact@v4 with: name: pr_number path: pr_number.txt analyze: name: Analyze Code runs-on: ubuntu-latest needs: report if: github.event_name == 'push' || github.event.pull_request.head.repo.owner.login == 'dnsjava' steps: - name: Checkout uses: actions/checkout@v4 with: # for Sonar fetch-depth: 0 - name: Get analysis data uses: ./.github/actions/prepare-analysis with: cache: maven - name: Run codecov uses: codecov/codecov-action@v4 env: CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} # doesn't work with PRs from forks, see # https://portal.productboard.com/sonarsource/1-sonarcloud/c/50-sonarcloud-analyzes-external-pull-request # or https://jira.sonarsource.com/browse/MMF-1371 (not public anymore) - name: Run SonarQube env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} run: mvn -B org.sonarsource.scanner.maven:sonar-maven-plugin:sonar release: if: github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/heads/release/') needs: test runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Set up JDK ${{ env.BUILD_JAVA_VERSION }} uses: actions/setup-java@v4 with: java-version: ${{ env.BUILD_JAVA_VERSION }} architecture: 'x64' distribution: temurin cache: maven server-id: ossrh server-username: SONATYPE_USER server-password: SONATYPE_PW - name: Release to Maven Central env: SONATYPE_USER: ${{ secrets.SONATYPE_USER }} SONATYPE_PW: ${{ secrets.SONATYPE_PW }} run: | cat <(echo -e "${{ secrets.GPG_KEY }}") | gpg --batch --import gpg --list-secret-keys --keyid-format LONG mvn \ --no-transfer-progress \ --batch-mode \ compile # Verify that the main classes are really compiled for Java 8 class_file_version=$(javap -v target/classes/org/xbill/DNS/SimpleResolver.class | grep -oP "major version: \K\d+") echo "::notice file=SimpleResolver.class::Class file version ${class_file_version}" if [ "${class_file_version}" == "52" ]; then mvn \ --no-transfer-progress \ --batch-mode \ -Dgpg.passphrase="${{ secrets.GPG_PW }}" \ -DperformRelease=true \ -DskipTests \ -Dmaven.test.skip.exec \ -Dcheckstyle.skip \ -Dspotless.check.skip=true \ -Danimal.sniffer.skip=true \ deploy else echo "::error file=SimpleResolver.class::Class file version is not Java 8" exit 1 fi dnsjava-3.6.2/.github/workflows/codeql-analysis.yml000066400000000000000000000026161467347554000224040ustar00rootroot00000000000000name: "CodeQL" on: push: branches: - master - 'release/**' pull_request: # The branches below must be a subset of the branches above branches: - master - 'release/**' schedule: #daily at 01:19 UTC - cron: '19 1 * * *' jobs: analyze: name: Analyze runs-on: ubuntu-latest permissions: actions: read contents: read security-events: write steps: - name: Checkout repository uses: actions/checkout@v4 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL uses: github/codeql-action/init@v3 with: languages: java - name: Set up JDK 21 uses: actions/setup-java@v4 with: java-version: 21 distribution: temurin check-latest: true cache: maven - name: Build with Maven # Skip tests, code style, etc. This is handled in the regular CI workflows. run: | mvn clean package -B -V \ -DskipTests \ -Dmaven.test.skip.exec \ -Dgpg.skip \ -Dcheckstyle.skip \ -Denforcer.skip \ -Dmaven.javadoc.skip \ -Dspotless.check.skip=true \ -Danimal.sniffer.skip=true \ compile \ test-compile - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v3 dnsjava-3.6.2/.gitignore000066400000000000000000000001321467347554000151530ustar00rootroot00000000000000.classpath .project .settings/ .idea/ *.iml target/ .DS_Store .vscode/ jcstress-results-* dnsjava-3.6.2/Changelog000066400000000000000000001647241467347554000150170ustar00rootroot0000000000000009/21/2024 - 3.6.2 released - Add new IANA Trust Anchor (@technolord, #337) - Fix Zone handling with signed SOA (@frankarinnet, #335) 07/28/2024 - 3.6.1 released - Properly fix LookupSession doesn't cache CNAMEs (#316) - Move JEP-418 SPI to Java 18 to support EOL workflows (#329) 07/21/2024 - 3.6.0 released - Fix CVE-2024-25638 (GHSA-cfxw-4h78-h7fw) Lookup and LookupSession do not sanitize input properly, allowing to smuggle additional responses, even with DNSSEC. I would like to thank Thomas Bellebaum from Fraunhofer AISEC (@bellebaum) and Martin Schanzenbach (@schanzen) for reporting and assisting me with this issue. - Fix CVE-2023-50387 (GHSA-crjg-w57m-rqqf) Denial-of-Service Algorithmic Complexity Attacks (KeyTrap) - Fix CVE-2023-50868 (GHSA-mmwx-rj87-vfgr) NSEC3 closest encloser proof can exhaust CPU resources (KeyTrap) - Fix running all DNSSEC on the specified executor - Add new DNSSEC algorithm constants for SM2SM3 and ECC-GOST12 - Add A/AAAA record constructor with IP address byte array - Validate DS record digest lengths (#250) - Fix NPE in SimpleResolver on invalid responses (#277) - Add support for JEP 418: Internet-Address Resolution SPI (#290) - Full JPMS support (#246) - Pluggable I/O for SimpleResolver (@chrisruffalo, #253) - UDP port leak in SimpleResolver (#318) - Fix clean shutdown in app containers when never used (#319) - Fix concurrency issue in I/O clients (#315, #323) - LookupSession doesn't cache CNAMEs (#316) - SimpleResolver can fail with UPDATE response (#322) - Replace synchronization in Zone with locks (#305, based on work from @srijeet0406 in #306) 11/11/2023 - 3.5.3 released - Fix CNAME in LookupSession (#279) - Fix Name constructor failing with max length, relative name and root origin (#289, @MMauro94) - Add config option for Resolver I/O timeout (#273, @vmarian2) - Extend I/O logging - Prevent exception during TCP I/O with missing or truncated length prefix - Use internal base64 codec for Android compatibility (#271) - Fix multi-message TSIG stream verification for pre-RFC8945 servers (#295, @frankarinnet and @nguichon) - Add StreamGenerator for generating RFC8945 compliant multi-message streams (related to #295) 11/16/2022 - 3.5.2 released - Correctly render empty TXT records (#254) - More validation on TLSA data input (#257) 05/15/2022 - 3.5.1 released - Fix validation of TSIG signed responses (#249) - DS rdata digest validation hexadecimal digits (#252) 02/05/2022 - 3.5.0 released - Add full built-in support for DNSSEC based on dnssecjava (#209) - Make Record classes serializable again (#242) - Allow SVCB ServiceMode records without params (#244, @adam-stoler) - Fix TCPClient receive timeouts (#218 @nguydavi, #219) 12/05/2021 - 3.4.3 released - Fix handling of buffers in DNSInput (#224, #225 @nresare) - Clear existing nameservers on config refresh (#226) - Fix exception when calling ResolverConfig.refresh (#234) 09/19/2021 - 3.4.2 released - Document behavior of ExtendedResolver.setTimeout (#206) - Add overloads to use an Executor when sending queries in resolvers (#211) - Remove synchronous locks in DoH Resolver (related to #211) - Fix broken CNAME handling in LookupSession (#212) - "WireParseException: bad label type" when parsing Message from ByteBuffer (#213) - Remove unnecessary synchronization in org.xbill.DNS.Header::getID (#215, @maltalex) - Add examples for the LookupSession and direct Resolver usage 07/30/2021 - 3.4.1 released - Allow signing with ED25519 and ED448 algorithms (#200, Klaus Malorny) - Rename echconfig to ech in SVCB/HTTPS records (#202, @adam-stoler) - Fix bug in Name.compareTo with byte-values >= 128 (#205, @adam-stoler) 06/09/2021 - 3.4.0 released - UnknownHostException provides details in message (#154) - Limit length of relative Name to 254 (#165) - Fix wildcard lookups in Zone (#169) - Properly close UDP channel upon error (#177, Walter Scott Johnson) - Fix load balancing in ExtendedResolver (#179, Paulo Costa) - Add method to shutdown NIO threads (#180) - Fix restoring active position on byte buffers (#184, @ryru) - Add support for extended DNS errors (RFC8914, #187) - Fix TTL for SOA record to minimum of TTL and minimum field (#191, @amitknx) - Add support for hosts file in lookups (#195) 10/28/2020 - 3.3.1 released - Fix value of getAlias in C/DNameRecord (#136) - Fix bug with SVCB/HTTPS parsing of master file format (PR#135, @adam-stoler) 09/27/2020 - 3.3.0 released - Add support for SVCB and HTTPS records (PR#116, @adam-stoler) - Fix an issue with ndots in Lookup (#118) - Support IPv4 mapped IPv6 address in AAAA record (PR#120, @spwei) - Validate range in Type - Improve DOH Resolver (#123, #127) Note that this resolver is more a proof of concept and not production ready. See Javadoc and issue #123. 07/11/2020 - 3.2.2 released - Fix JNA access violation in WindowsResolverConfigProvider on 32bit JVMs 06/22/2020 - 3.2.1 released - Include sources and Javadoc 06/22/2020 - 3.2.0 released - Add Javadoc @since tags for APIs introduced since 3.0 - Fix requiring JNA in certain classloaders (#112) - Add property to skip initializing builtin resolver config (#112) - Make ResolverConfig and Resolver API public (#111) - Add properties for a fallback resolver config provider (#111) - Close UDP socket on failures (#110) - Refactor TSIG code and add trace logging (#109) 05/15/2020 - 3.1.0 released - Fix order of OPT and TSIG records in messages (#108) - Fix RRset.cycle() short overflows (#102) - Fix race condition in resolver I/O (#104) - Add support for custom record types (#94, Klaus Malorny ) 03/19/2020 - 3.0.2 released - Only select for tcp write when there is something to write (PR#96, Rouzbeh Delavari) 02/23/2020 - 3.0.1 released - Fix toString of RRset reporting empty when it contains signatures - Fix a potential sorting bug when creating a DNSSEC digest - Fix getting the resolvers of an ExtendedResolver (#92) 02/15/2020 - 3.0.0 released - Parse RRsig records with epoch time format - Add support for EdDSA DNSSEC signatures if BouncyCastle is available (Ed25519 and Ed448, RFC 8080) - Add missing RCode, OpCode and RR type mnemonics 01/19/2020: - 3.0.0-next.1 released - Requires Java 8 and slf4j-api - Adds support for Java 9+ and Android O+ via a new server config lookup system (#6, #9) - Resolving is now fully asynchronous, no new thread per query anymore - Message provides information about the resolver that produced it (#41) - Add support for Host Identity Protocol (HIP) records (RFC 8005, #47) - Adds a DNS over HTTP (DoH) resolver (#66) - Fixes some issues with the OSGi manifest (#70) - Add support for the RES_OPTIONS environment variable (#57) - Add support for relative $INCLUDE paths in master files (#75) - Add support for custom DNS server port in config properties (#80) - Adds new EDNS(0) options - See the README for hints on migrating from v2.1.x to v3 05/25/2019: - 2.1.9 released - Fix getRRsetType for empty RRSIG records. (PR#40, Klaus Malorny ) 05/23/2019: - Fix NPE during NameService registration. (PR#26, Kenny Ingle ) - Add japicmp Maven plugin for compatibility checks. (PR#36, Kenny Ingle ) - Fix parsing/generation of (EC)DSA signatures from/to DER. - Fix miscount in Message.sectionToWire related to OPT records. (PR#37, Klaus Malorny ) - Add support for the CDS and CDNSKEY record types. 05/18/2019: - Primary maintainer is now Ingo Bauersachs (ingo@jitsi.org) - Move project from Sourceforge to Github. - Cleanup Maven POM. - Add CI und Code Coverage tools. - Add Javadoc-Badge. (PR#27, Kenny Ingle ) 10/13/2018: - Fix Javadoc nits (David Xia ) 3/20/2017: - Change the number of CNAMEs that the Lookup code will follow, as the previous limit (6) was not enough for www.paypal.com. (reported by George Nikolaidis ) 1/3/2017: - 2.1.8 released 8/13/2016: - Add a Message constructor taking a ByteBuffer, and convert the DNSInput class to use a ByteBuffer internally. (patch from Marrache Mickael ) - Add support for the OPENPGPKEY record. (patch from Valentin Hauner ) - Add support for the SMIMEA record. 11/25/2015: - Add support for the CAA record. 8/21/2015: - Convert the TSIG code from using a custom HMAC implementation to the one in javax.crypto.Mac. (patch from Nick Sayer ) 4/21/2015: - Update the URI record implementation to match the latest spec. (patch from Anthony Kirby ) 2/15/2015 - 2.1.7 released 2/14/2015 - Attempt to deal with Java's poor handling of IPv4-mapped IPv6 addresses. (reported by Keshav Badruka ) 12/23/2014 - Add an interface for logging sent/received packets. (based on a patch from Damian Minkov ) - Add support for the URI record. (patch from Anthony Kirby ) 12/22/2014 - Fix message truncation to preserve the OPT record. (based on a patch from Klaus Malorny ) - Properly deal with short DSA and ECDSA keys. (original patch from Marcos Sanz , with some local modifications) - Add support for GOST (RFC 5933) to DNSSEC. Using GOST requires an external cryptography provider, such as BouncyCastle. (original patch from Marcos Sanz , with some local modifications) - Change the OPTRecord equals() method to check TTL, since the TTL field holds relevant information. (based on a patch from Dr. Christian Möller ) - Printing an empty RRset would incorrectly throw an exception. 10/14/2013 - 2.1.6 released - Address.getByName() and Address.getAllByName() had incomplete IPv6 support; they wouldn't issue AAAA queries. (reported by Cédric Braem ) 10/07/2013 - Improve the name server detection code for Android. (patch from Florian Schmaus , based on stackoverflow.com/a/11362271/194894). 08/07/2013 - Change the edns-client-subnet option to use the officially defined option code. 07/29/2013 - SIG(0) signatures were incorrectly generated in some cases. (patch from Tekto ) - Add NoSignature exception, thrown when attempting to validate a SIG(0) in a message without one. 05/04/2013 - The Name(String s, Name origin) constructor copies too many labels when origin has been created by stripping a label. (patch from Ingo Bauersachs ) 04/10/2013 - Fix Name.isAbsolute() to check that the length of the last label is 0, not that the last byte of the name is 0. 04/10/2013 - 2.1.5 released 03/18/2013 - Fix DS generation to canonicalize the DNSKEY owner name. (patch from Ingo Bauersachs ) 02/19/2013 - Add Name.canonicalize() and Name.toString() variant for omitting the final dot in an absolute name. 01/04/2013 - 2.1.4 released 10/25/2012 - Fix the Message constructor to not raise a ClassCastException when a SIG or TSIG record is seen in the question section. (patch from Klaus Malorny ) 9/4/2012 - Add support for RFC 6605: Elliptic Curve Digital Signature Algorithm (DSA) for DNSSEC. (original patch from Marcos Sanz , with some local modifications) 8/31/2012 - Add support for the TLSA record type. - Pass hostnames to InetAddress.getByAddress where possible. (patch from Ingo Bauersachs ) 11/15/2011 - Fix the ZoneTransferIn object to properly report AXFRs; this was broken by the changes in 2.1.3. (reported by Thomas Corte ) 11/3/2011 - Update DSRecord constructor from DNSKEYRecord to generate the correct digest. (patch from Marty Kube ) - Also update the signature of the DSRecord constructor from DNSKEYRecord to not take the key's footprint as a parameter, as it can be derived from the key. 10/24/2011 - 2.1.3 released 10/17/2011 - Add a callback interface to ZoneTransferIn. (based on a patch from Nick Sayer ) 10/10/2011 - An exception could be thrown when attempting to look up data in the cache for type ANY when there were only previously cached NOERROR/NODATA responses for that name. (reported by Niel de Wet ) 7/24/2011 - 2.1.2 released 6/9/2011 - TypeBitmap.toString() failed if no bits were set. (patch from Jeffrey Damick ) 5/24/2011 - TSIG.fromString() didn't handle base64-encoded secrets with / characters. (reported by Sten ) 5/12/2011 - Support verifying truncated TSIG signatures, as specified in RFC 4635. 5/10/2011 - Refactor EDNS Option support to allow for custom type implementations, and add support for the Client Subnet option. (based on a patch from Ming Zhou ) - Add support for the NSID EDNS option. 4/20/2011 - Add missing support for the HMAC-SHA224, HMA-SHA384, and HMAC-SHA384 TSIG algorithms. (patch from Thomas Corte ) 3/9/2011 - Add support for using alternate JCA providers when generating DNSSEC signatures (patch from Jeffrey Damick ) 2/9/2011 - 2.1.1 released 2/3/2011 - Add the ability to set ndots on Lookup objects, and parse the ndots option from a resolv.conf file (patch from Oleg Tsvinev ). 2/3/2011 - The 'file' command in the 'update' program didn't work correctly. (reported by Olafur Gudmundsson ) 9/15/2010 - Change the Android name server detection mechanism to avoid false positives. (patch from Ulf Dittmer) 9/9/2010 - The IXFR code didn't do serial number arithmetic correctly, and would fail if the serial number wrapped. (patch from Alexis MacFarlane ) 9/7/2010 - 2.1.0 released 8/17/2010 - When rendering a message, if records from the additional section did not fit, the header counts were not properly updated. (patch from Klaus Malorny ) 7/22/2010 - Fix LOC record parsing to allow negative altitudes. (based on a patch from William Kocik ) 7/21/2010 - The changes to TSIG verification in 2.0.6 didn't work correctly for stream verification; specifically, the state was only set on the first Message in the stream. (reported by William Kocik ) 5/12/2010 - Add support for determining resolver configuration on Japanese Windows. (translation and original patch from Brett Wooldridge ) 5/6/2010 - Add support for building an OSGi bundle (patch from Markus Alexander Kuppe ). 5/2/2010 - Rewrite DNSSEC support. 4/15/2010 - Fix a hang that could occur when using the dnsjava service provider on Windows (initial patch from ). 11/21/2009 - 2.0.8 released 11/10/2009 - Fix the conversion of NSEC/NSEC3 bitmaps into wire format. (Klaus Malorny , also reported by Tom <808131@gmail.com>). 10/01/2009 - Properly initialize the Date objects used in RRSIG (and other) records, so that any unused fields are cleared. (Klaus Malorny ) 9/25/2009 - 2.0.7 released - Add support for detecting the configured nameservers on the Android platform. (patch from Arnt Gulbrandsen ) 9/16/2009 - When determining the nameservers to use, if the sun.net.dns.ResolverConfiguration class returns an empty list, ignore it. (based on an anonymous patch). - Make the Name, Record (and all subclasses), RRset, and Zone classes implement Serializable. (based on a patch from Patrick ) 9/15/2009 - Add a constant for the REVOKE DNSKEY flag. (patch from Wolfgang Nagele ) - ReverseMap.fromAddress(String) should support both IPv4 and IPv6 addresses. (reported by Stephan Fuhrmann ) 8/08/2009 - The escaping code for text strings should not escape semicolons. 6/23/2009 - DNSSEC signature validation incorrectly used the TTL of the records being verified, not the original TTL from the RRSIG record, which caused failures when verifying records returned by a caching server. (reported by Samuel Benz ) 6/15/2009 - Change the ResolverConfig.refresh() method to only synchronize the assignment to currentConfig, not the code which determines the new configuration. 6/12/2009 - The TSIG verification routines (TSIG.verify, TSIG.StreamVerifier.verify() now update the Message object with the status of the verification in addition to returning the status. 6/03/2009 - The lists of servers and searchlist entries in ResolverConfig should not be static. (Isabelle Dalmasso ) 5/28/2009 - The canonical form of an NSEC record was incorrectly computed - the next name should not have its case changed. (David Blacka ) - Add support for NSEC3, NSEC3PARAM, and DLV records. (based on a patch from David Blacka ) 9/17/2008 - Fix LOC record rounding. (reported by Klaus Malorny ) 8/22/2008 - Type 4 NXDOMAIN responses were incorrectly cached as referrals. (reported by Luis Silva ) 8/06/2008 - Randomize the UDP source ports for outgoing queries. (based on a patch from Derek Morr ) 4/25/2008 - Add support for the DHCID record. 4/18/2008 - The prior change to allow creating Zones from AXFR-style IXFR ZoneTransferIn responses didn't work. - Update the service provider to work with Java 1.6 and earlier versions. (patch from ) 2/19/2008 - The Zone.removeRecord() method threw an exception if there were no other records in the same RRset. (reported by Yoyo Chen ) - Parsing and formatting LOC records should not depend on the current locale. (reported by Klaus Malorny ) 1/31/2008 - When converting messages to wire format, don't include name compression pointers greater than 2^14 - 1. (reported by Carole Gill ) 1/24/2008 - 2.0.6 released 1/22/2008 - Fix an off-by-2 error that could cause an infinite loop when parsing a Name with a self-referential compression pointer. (reported by Carole Gill ) - Raise an exception when an invalid label type is seen in a wire format name. The previous behavior would incorrectly parse invalid names, and could lead to infinite loops. (reported by Carole Gill ) 8/28/2007 - 2.0.5 released - Add the ZoneTransferIn.setLocalAddress() method. (based on a patch from ) - Build jar file with -source and -target options to provide compatibility with older Java releases (that is, revert to pre-2.0.4 behavior). (reported by Stefano Bagnara ) 8/26/2007 - 2.0.4 released - Update SPI code to work with java 6. - Fix an argument parsing bug in the dig program, where failure to specify both type and class would cause the specified server to be ignored. (reported by Stefano Bagnara ) 6/12/2007 - The SPFRecord constructors incorrectly created records whose internal type field was TXT, not SPF. (reported by Stefano Bagnara ) 3/7/2007 - Message.getQuestion() incorrectly handled the case where the question section was represented by an empty list. (reported by Karl Auer ) 2/15/2007 - Properly obey timeouts in TCPClient code when the message is read in multiple chunks. (based on a patch from Francesco Vivoli ) 12/4/2006 - A cache lookup for a record would incorrectly return a delegation when records for both the queried type and NS were present. (reported by yosukear ) 11/28/2006 - 2.0.3 released 11/27/2006 - The Zone.fromXFR() method should be able to create zones from AXFR-style IXFR responses. (Bill Kuker ) 10/25/2006 - Make the routines that convert between the DNS and standard Java representations of DSA signatures public. (suggested by Klaus Malorny ) 8/3/2006 - Add a TSIG constructor that takes an algorithm as a String. - Add support to TSIG.fromString() for specifying an algorithm. 7/30/2006 - When converting a PublicKey to a DNS record, allow the algorithm to be specified, as RSA keys can be either of the RSA-SHA1 or RSA-MD5 algorithms (based on a patch from Eric ) - When converting a PublicKey to a DNS record, allow the type (KEY or DNSKEY) to be specified. - Update the DNSSECVerifier code to use DNSKEY records, not KEY records. 7/30/2006 - Added support for parsing the output of ipconfig in French . (Frederic Bazin ) 7/30/2006 - If both "search" and "domain" lines are present in a resolv.conf file, the domain line should be ignored. 7/26/2006 - Add support for the SPF record type. 7/21/2006 - DNSSEC.digestRRset could digest records in the wrong order. (reported by David Blacka and Mahendra Jain ) 6/26/2006 - 2.0.2 released. 6/22/2006 - Add support for the IPSECKEY record type. 5/18/2006 - The result of a Lookup that involves a CNAME should include the queried name as one of the aliases, not the CNAME target. (Jon Lachelt ) 2/13/2006 - Loading zones containing RRsets with multiple records didn't work. (reported by Olafur Gudmundsson" ) 1/24/2006 - AXFR requests could leak file descriptors if the connection failed. (Can Bican ) 11/30/2005 - Add a Resolver.setTimeout(int secs, int msecs) method. (requested by Dmitry Isakbayev) ) 11/30/2005 - 2.0.1 released. 11/11/2005 - The InetAddresses returned by Address.getByName() should have their hostname copied from the input parameter. (reported by Praveen Tammana ) 11/7/2005 - Update remaining DNSSEC code to be compliant with the current spec. 11/6/2005 - Add a Resolver.setEDNS(int level, int payloadSize, int flags, List options) method, to allow a Resolver to automatically set the DO flag, as well as future EDNS features. (requested by Rick Wesson ) 10/25/2005 - The Master(InputStream in, Name origin) constructor should not always fail. - Correctly handle the case where reading a Master from an InputStream would throw a NullPointerException if a $INCLUDE file wasn't found. (reported by Lars Petrus ) 8/22/2005 - Add Address.getByAddress(String) and Address.getByAddress(String, family). 7/21/2005 - Zone.findExactMatch() would throw a NullPointerException if the name didn't exist. (reported by Hans Zandbelt ) 7/19/2005 - Add support for binding clients to local addresses when using a SimpleResolver. Also add the -b option to the dig program to test this. (based on a patch by Bruno Dillenseger) 7/5/2005 - Add support to ResolverConfig for using the undocumented sun.net.dns.ResolverConfiguration class to determine the list of nameservers and search path; make this the default when it works (Yannick Meudal ). 6/16/2005 - The inbound zone transfer code failed to treat port 0 as the default as it claimed to. (Bill Kuker ) 6/15/2005 - When doing a zone transfer with a SimpleResolver object, the timeout was not properly obeyed. (reported by Peter Bryant ) 6/5/2005 - Explictly register record type implementations instead of using reflection; this should prevent hard to diagnose problems resulting from partial compilation. 5/31/2005 - 2.0.0 released. 5/16/2005 - Fix the code to deal with TTL 0 data in the Cache. 5/15/2005 - Add unit tests for many classes. The unit tests are located in the tests directory, which mirrors the org.xbill.DNS hierarchy. (Matt Rutherford ) 5/7/2005 - Fix several problems with empty names. (Matt Rutherford ) 4/23/2005 - As per RFC 2181, the maximum allowed TTL value is 0x7FFFFFFF. Change TTL.parseTTL() to reflect this by silently clamping larger 32 bit values. 4/22/2005 - Attempting to get the name/type/class/ttl of an empty RRset throws an exception. 4/21/2005 - Remove RRset.getSecurity()/.setSecurity(). 4/16/2005 - Change the internal representation of empty records (that is, records in the question section of a message or meta-records used in dynamic update). - Minor cleanups to the Mnemonic class. (Matt Rutherford ) 4/3/2005 - Change the Cache from being periodically cleaned to being size-bounded. (based on a patch from several years ago from Joseph Shraibman ). - Remove the FindServer class. - Added a Name Service Provider interface (dns,dnsjava). (based on code from Paul Cowan ) 4/1/2005 - Use java.nio classes for sockets internally, which provide a number of improvements, most visibly improved timeouts. - Remove deprecated dns class. - Simplify TSIG initialization; remove functions that should have never existed. - Remove Cache.setVerifier() and Cache.setSecurePolicy(). There should be a way of enabling DNSSEC, but the existing code doesn't work. - Change the Zone constructors/factory methods to be consistent. 3/29/2005 - Use java.net.InetAddress for IPv6 addresses rather than a custom class. 3/20/2005 - Fix several bugs in ResolverConfig on Windows. (Brian McBarron ) 3/15/2005 - Clean up the synchronization in the RRset class (reported by Daniel Jensen ) 3/8/2005 - Support the BIND misfeature of loading zones with no explicit TTL by using the SOA minimum field. 3/7/2005 - 1.6.6 released. 3/6/2005 - $GENERATE statements should obey the start field. 3/1/2005 - Add support for HMAC-SHA1 and HMAC-SHA256 TSIG algorithms. (suggested by Olafur Gudmundsson ) 2/8/2005 - Add infrastructure for parsing the output of ipconfig on non-English version of windows, and add support for German and Polish. (based on a patch by Piotr Kochanski) 2/7/2005 - Add Options.refresh() (based on a patch from Th Kuhne) - Add the ResolverConfig class, which is largely based on the FindServer class, except that it's not all static methods. Add the ability to refresh the current ResolverConfig, and make FindServer use ResolverConfig. - Add Lookup.refreshDefault (based on a patch from Th Kuhne) - Truncated messages aren't guaranteed to parse properly, so shouldn't throw exceptions. (reported by Caleb Richardson ) - Work around a TCP bug in whatever broken nameserver Enom is using. (reported by Caleb Richardson ) 2/4/2005 - 1.6.5 released. - Records of an unknown type and length 0 weren't handled properly. (reported by Olafur Gudmundsson ) - Fixed a bug in $INCLUDE handling. (Christian Sepulveda ) 2/3/2005 - The Lookup.run() method should be usable more than once on a Lookup object. (reported by Joseph Shraibman ) 10/31/2004 - Add partial IPv6 support to the ReverseMap class. (based on a patch from Th Kuhne) 7/7/2004 - Implement the $GENERATE master file directive. 6/28/2004 - Canonicalizing a name created with the Name(Name src, int n) constructor caused an exception. (based on a patch from Nigel Tamplin ) - Concatenating names caused an exception when the prefix was created with the Name(Name src, int n) constructor. (reported by Nigel Tamplin ) 6/22/2004 - The DNSSEC digesting code shouldn't throw ClassCastExceptions. (reported by Mike StJohns ) - The label count in a generated SIG/RRSIG record was off by one. (Mike StJohns ) 6/8/2004 - Rcode 4 is NOTIMP, not NOTIMPL. 6/5/2004 - Fixes to LOCRecord. 6/3/2004 - 1.6.4 released. 5/26/2004 - Properly handle text mnemonics in KEY records. - Add support for the APL record type. 5/25/2004 - Fix a bug where parsing the text format of an NSEC record incorrectly parsed one token too many. 5/18/2004 - 1.6.3 released. 5/11/2004 - Don't store the number of labels in a Name in a byte, as the maximum value (128) cannot be stored in a byte. 5/9/2004 - Add support for options within an OPTRecord (loosely based on a patch from Madhu Siddalingaiah ) 4/18/2004 - Add support for the SSHFP record type. - Fix a bug in the zone code which would cause record lookups to fail. 4/10/2004 - When parsing paster files, handle the fact that class and ttl may be in either order. 4/8/2004 - The opcode field in the DNS header was incorrectly parsed; this would affect messages with opcodes other than QUERY. (Madhu Siddalingaiah ) 3/20/2004 - 1.6.2 released. - Lookups could return "referral" instead of "host not found" in some cases. 3/18/2004 - Fix NullPointerExceptions caused by bad empty Record handling. (reported by Dharmveer Jain ) 3/16/2004 - 1.6.1 released. - When loading master files with $INCLUDE statements, the included files should be opened relative to the current directory, not the directory of the parent file. 3/12/2004 - Make it possible to use a Tokenizer without leaving files open. 3/4/2004 - 3/12/2004 - Add support for more record types (AFSDB, GPOS, ISDN, MB, MD, MF, MG, MINFO, MR, NSAP, NSAP-PTR, NULL, PX, RT, WKS, X25). 3/3/2004 - Cached NXDOMAINs were ignored, which caused extra queries to be sent (reported by Damon Hart-Davis ). 2/25/2004 - Attempting to load a zone without specifying an origin failed. 2/24/2004 - 1.5.2 released. 2/3/2004 - Message.isSigned() should return true if we signed the Message with a TSIG. (reported by Shobana Sampath ) - Implement NSEC, DNSKEY, and RRSIG record types. (loosely based on a patch from David Blacka ). - Change the representations of sections, rcodes, opcodes, flags, and credibility to int. 1/28/2004 - Attempt to better deal with OutOfMemoryErrors when creating threads during the resolution process. (reported by Joseph Shraibman ) 1/27/2004 - Change the representation of a TSIG error from a byte to an int. - Improve error messages from failed Lookups; treat SERVFAIL as a temporary failure, not an unrecoverable error. (Joseph Shraibman ) 1/16/2004 - The master file reader should propagate TTLs through $INCLUDE statements. (David Blacka ) 1/12/2004 - Add a MANIFEST to the jar file containing implementation name and version. (Harel Efraim ) 1/11/2004 - Fix a couple minor bugs found by FindBugs (http://www.cs.umd.edu/~pugh/java/bugs/) 1/8/2004 - 1.5.1 released. - LOC records weren't parsed correctly. (reported by Harel Efraim ) - Lines with only whitespace in master files should be ignored. 12/15/2003 - TTLs weren't handled properly in the master file parser. (Jack Tavares ) 12/11/2003 - 1.5.0 released. 12/8/2003 - Change to the BSD license. - Replace the deprecated Name(String) and Name(String, Name) constructors with new versions that properly return exceptions. 12/6/2003 - Make the J2SE javadoc link a property in build.xml. (Ville Skyttä) 11/24/2003 - Lookup should check that the name, type, and class in the question section of a response match that of the query. - SimpleResolver should check that the message id of the response is the same as the message id of the query. On a sufficiently busy client, sockets can be reused fast enough that late responses can come in, and should be ignored. (seen by Joseph Shraibman ) 11/17/2003 - The Lookup code didn't handle CNAMEs pointing at nonexistant names. (reported by Joseph Shraibman ) 11/11/2003 - Store a weak reference to the Cache in the CacheCleaner thread, and kill the thread when the Cache is finalized. (suggested by Joseph Shraibman ) - When a Lookup uses a null cache, the temporary cache it creates should not have a CacheCleaner thread. (based on a suggestion by Joseph Shraibman ) 10/31/2003 - Record.hashCode() didn't return consistent hash codes, and didn't ignore the TTL (which it should, and which Record.equals() does). 10/27/2003 - DNS TTLs and other 32 bit unsigned values are now represented as longs, not ints. This is an API change, but allows the full range to be used. - Add the Serial class for serial arithmetic. 9/30/2003 - 1.4.3 released. - Fix a bit of code that required Java 1.4. 9/29/2003 - 1.4.2 released. 9/26/2003 - A Lookup shouldn't die when receiving a referral response; it should return an error. (reported by Elinor Chang ) - A Lookup should distinguish between timeouts and other network errors. - When parsing IP addresses from text format, treat the presence of a leading zero on an octet as an error. It's unclear whether it would be treated as decimal or octal, which means it should be fixed. (reported by Marcos Sanz/Denic ) 9/17/2003 - Fix an off-by-one error in the Name code; labels of length 63 were not accepted (patch from David Blacka ) 9/2/2003 - 1.4.1 released. 9/1/2003 - The Update.delete(Record) method needs to reset the TTL of the cloned record to 0. (reported by Edwin R. Rivera ) 8/23/2003 - Change Record.fromString() to expect an EOL/EOF token at the end of the string, so that extraneous tokens can be detected. The master file parser was updated to this change. (noticed by Bob Halley ) 8/22/2003 - Changing TXTRecord.getStrings() from returning a List of Strings to a List of byte []'s was a bad idea. Change it back, and add TXTRecord.getStringsAsByteArrays(). (reported by Blake Ramsdell ) 8/21/2003 - 1.4.0 released. 8/20/2003 - Add the ReverseMap class, which contains functions to construct names to be used in reverse map zones. 8/13/2003 - When looking up a one label unqualified name which fails to match all searchlist entries, don't append the root label and try again. This is recommended by RFC 1536, section 6: "Only if the name, so generated, returns an NXDOMAIN is the original name tried as a Fully Qualified Domain Name. And only if it contains at least one period." 7/18/2003 - Remove lots of unused imports. (Jared Richardson ) 7/14/2003 - Fix a long-existing bug where empty records (in update messages) were incorrectly handled (reported by Kevin C Miller 6/22/2003 - DNS types and classes are now represented as ints, not shorts. This is an API change, but allows the full type/class range to be used. 6/18/2003 - Quoted strings didn't handle \ddd escapes. 6/17/2003 - Fix an ArrayIndexOutofBoundsException triggered by load balancing in the ExtendedResolver. (reported by Norbert Desautels ) 6/1/2003 - Add the Name.relativize() method to convert an absolute name to a name relative to a specified origin. - Add the Update class, which contains helper routines used to construct dynamic update messages. 5/28/2003 - Replace org.xbill.DNS.utils.MyStringTokenizer with org.xbill.DNS.Tokenizer, which is a far more robust and correct DNS tokenizer. Convert everything to use it. - Fix text format of TXT, NAPTR, and HINFO records. 5/28/2003 - When constructing a record, check that all names are absolute. 5/27/2003 - 1.3.3 released. 4/26/2003 - The master file parser should accept BIND format TTLs. 4/10/2003 - The Inet6Address class incorrectly parsed some addresses. (reported by steve weiland ) 4/7/2003 - Records were not sorted properly (reported by Joseph K Shraibman ) 4/2/2003 - Fix off-by-one error in Name.compareTo (David Blacka) 3/30/2003 - Add the ZoneTransferIn class, which performs incoming AXFR/IXFR - Make TSIG verification of multiple-message responses reentrant. - Fix incorrect string quoting. - Make records print on a single line by default; add the 'multiline' option to use the more verbose format. 3/17/2003 - Make the routine that converts an IP address from a string more efficient and correct. (based on a patch by Sean O'Neil ) 2/12/2003 - Fix an infinite loop that could occur when processing a response containing a CNAME loop and an rcode of NOERROR. (reported by Sean O'Neil ) 1/25/2003 - Cleanup and improvements to the ExtendedResolver class. 1/23/2003 - Add the setMaxCache() method to the Cache class. - Check for non-absolute names when creating Records. 1/21/2003 - 1.3.2 released. 1/20/2003 - Certain responses with CNAMEs weren't being properly cached. (reported by Sean O'Neil ) - Add a 'compile' target to build.xml, and make the 'all' target both compile and build the jar file. (Jon Scott Stevens ) 12/22/2002 - Check for SecurityExceptions in the Options static initializer; this was preventing the use of dnsjava in an unsigned applet. (reported by Peter Westerink ). 12/15/2002 - Converting some types of records (TXT, for example) to wire format could throw an IndexOutOfBoundsException. - TSIG signed UDP queries weren't properly verified by jnamed. - Add a method to render a Message with a specified maximum size - this method will properly truncate large responses and apply TSIG signatures. 12/14/2002 - Move additional data processing to the Record class from jnamed; make jnamed use it, as well as the caching code. 12/9/2002 - Add the Lookup class, which is what the dns class should have been, and make the lookup sample program use it. 12/9/2002 - When caching a message, a response object can be constructed immediately. 12/4/2002 - 1.3.1 released. 12/3/2002 - If a subresolver of an ExtendedResolver exited by throwing a RuntimeException, the ExtendedResolver would throw a ClassCastException. It should rethrow the RuntimeException. 12/3/2002 - The Name code didn't handle names with non-printable characters. (found by Serge Sozonoff ) 11/28/2002 - Fix a potential deadlock in the WorkerThread class. (found by Serge Sozonoff ) 11/26/2002 - Fix a bug where looking up names without trailing dots would fail if there was no searchlist. 10/31/2002 - Fix a bug in searchlist processing on Windows. 10/20/2002 - Record.toWire() and Record.toWireCanonical() do not need to be declared as throwing IOException, since there's no legitimate reason for them to throw one. 10/18/2002 - Race condition fixes and memory usage improvements to the NameSet class, used by Cache and Zone. 10/16/2002 - 1.3.0 released. 10/11/2002 - Add Name.getLabel() 10/10/2002 - When cleaning the cache, catch ConcurrentModificationExceptions. 10/8/2002 - Cleanups to Cache.addMessage() and the Credibility code. 10/7/2002 - Fix problems with search path handling in the dns class. - Possible race condition fixes to the Cache code. 10/6/2002 - Fix minor bugs in Name code (Bob Halley ) 10/1/2002 - Memory usage and speed improvements to the TypeMap class. 9/25/2002 - Add the verbosecache option. - Significant memory usage improvements to the Name class. 9/23/2002 - Memory usage improvements to the ARecord class. 9/16/2002 - Support for NetWare's sys:/etc/resolv.cfg file. (Scott Villinski ) 9/5/2002 - When looking for an rdataset in a zone or cache, seeing a CNAME above the name is not an error. (reported by Andrew Houghton ) 8/31/2002 - Changed the code that dynamically loads record types; hopefully this will solve some of the mysterious problems that I think are related to non-English versions of Windows. - Clean up the Name code. 8/28/2002 - Remove support for bitstring labels, since they're now deprecated. 8/16/2002 - Address.isDottedQuad didn't check to see if the input String contained characters after an IP address. (Marcos Sanz ) 8/11/2002 - Querying for a nonexistant name with exactly one label didn't return. 8/10/2002 - Add Ant build script (Blake Ramsdell ) 8/6/2002 - The AAAARecord constructor was broken. - The Record class now implements Comparable. 6/22/2002 - Significant speed improvements in the Record class and its subclasses. 6/20/2002 - Add Zone.removeRecord() (based on code from Adam Cassar ) - Add Zone.toMasterFile() (based on code from Adam Cassar) - Performance enhancements to the Name object. - Add the "-t type" option to the lookup program. 6/16/2002 - Update lots of code to use Collections instead of JDK 1.1 Vectors & Hashtables. 5/28/2002 - fix some limitations of name parsing. (reported by Tasos Kotsikonas ) 5/4/2002 - added the 'sleep' and 'date' commands to the update client. (Olafur Gudmundsson ) 4/29/2002 - 1.2.4 released 4/25/2002 - Add a constructor for building a zone from an array of records. (based on code from Adam Cassar ) 4/24/2002 - Reduce the memory usage of the RRset class. - Add a new factory method for creating a Record from a String, rather than a pre-tokenized String. - Reduce the memory usage of the ARecord class. 4/23/2002 - Fix potential race conditions in the RRset class. (David Esposito ) - Fix potential race condition in the WorkerThread class when two threads complete their run methods nearly simultaneously. (David Esposito) - Add a new factory method for creating a Record, where the length of the rdata is not explicitly specified, but inferred from data.length. 4/22/2002 - Improve name decompression by not requiring a decompression context. 3/27/2002 - Add support for the Delegation Signer (DS) record. (David Blacka) 3/22/2002 - Record.equals() did not properly canonicalize names. - Record.equals() should ignore the TTL. 3/19/2002 - When a compressed name is parsed, it should be added to the compression table, so that future pointers to that name work. (reported by Blake Ramsdell ) 3/14/2002 - In jnamed, AXFR responses didn't have the message ID or flags set correctly. - jnamed failed to respond to messages signed with unknown keys. - jnamed did not sign responses to signed AXFR queries. 1/21/2002 - Handle empty domain statements in /etc/resolv.conf. (reported by Blake Ramsdell ) 1/1/2002 - Minor performance enhancments (suggested by Christopher Brind) 10/14/2001 - Add support for the DNSSEC RSA-SHA1 algorithm (David Blacka) - Add rdataToWireCanonical() (David Blacka) 9/27/2001 - jnamed can now listen on specific addresses, with the "address" keyword in the config file. 9/23/2001 - 1.2.3 released 9/14/2001 - Creating an Enumeration of an empty RRset caused an infinite loop. (David Blacka ) 8/9/2001 - nsupdate compatibility and a bug fix to the update client. (patch from David Sward ) 8/8/2001 - The results of ANY queries were not properly cached. 8/4/2001 - 1.2.2 released 7/22/2001 - Added the -q (print query) option to dig. - Bitstring labels are now canonicalized. - jnamed implements the DO (DNSSEC OK) bit. 7/19/2001 - A string tokenizer bug caused TXT records with one string to be incorrectly parsed. (David Blacka) - Added Name.getLabelString(). 7/17/2001 - Started implementing Name.compareTo(). (loosely based on a patch from David Blacka). 7/16/2001 - Converting a AAAA record to wire format was broken. (David Blacka) - Inet6Address did not properly reject addresses that are too long or too short, and also didn't properly handle addresses with one number after a double colon. - Key footprints were computed incorrectly. Also cache footprints in the KEYRecord to avoid recomputation. (David Blacka) - Added the -d flag to dig, which sets the DNSSEC OK bit. 7/13/2001 - KEY flags were incorrect (David Blacka ) - Add routines for parsing a master file from a non-file input source (David Blacka) - base64.formatString() didn't work if lineLength wasn't 64. (David Blacka) - Add support for the DNSSEC OK extended flag (David Blacka) - Allow the caller of a Resolver to add an OPT record to a query. (original patch from David Blacka). 6/30/2001 - 1.2.1 released 5/23/2001 - Automatically determining name servers didn't work on Windows 2000. 4/13/2001 - Converting a Name to a String does proper character escaping. 4/7/2001 - 1.2.0 released 3/21/2001 - Only cache relevant data from answers. - Cache negative responses more correctly. 3/14/2001 - Handle TTLs greater than 2^31. 3/10/2001 - Performance and memory improvements to the Name object. 3/7/2001 - Performance improvements to TypeMap (used by Zone and Cache). 3/6/2001 - Lots of standards compliance related fixes. 3/4/2001 - Improved class handling. - A few minor CNAME related fixes. 2/27/2001 - Referrals weren't returned correctly from jnamed. 1/15/2001 - Fix some signed/unsigned printing issues for KEY records (Pasi Eronen ) - Add routines to generate SIG(0) message signatures (Pasi Eronen ) 1/8/2001 - Add support for unknown RR types & classes. 12/3/2000 - The target in an MX record can be compressed. 11/18/2000 - Add jnamed.conf example to USAGE 8/27/2000 - 1.1.6 released - The high level api wasn't properly initialized. (Christopher Fitch ) - Added a routine to build a SIG record based on the results of a DSA signature (Pasi Eronen ) 8/13/2000 - Added 'clear' command to update client - Removed some deprecated code 8/8/2000 - Invalid binary labels were not always rejected - SRV initialization didn't work (reported by Chuck Santos ) - jnamed failed if no Cache was specified - The Zone object didn't handle zones with no NS records. - Added support for the NAPTR record (Chuck Santos ) 7/17/2000 - 1.1.5 released - CERT records were printed with a negative keytag half the time. (reported by Jakob Schlyter ). - Printing a KEY record prints the key id. (Jakob Schlyter ) 6/25/2000 - A Cache now contains a thread that periodically removes expired data. 6/4/2000 - update client syntax enhancement - add/delete/require/prohibit/glue no longer require -r, -s, or -n. 6/3/2000 - update client supported prohibiting individial records, which is not supported by dynamic update. 5/21/2000 - Win2000 support 4/15/2000 - ExtendedResolver supports load balancing of servers. 4/2/2000 - Minor fix to base64 decoding 3/22/2000 - name comparison should always be case insensitive (Darrell Kindred 3/5/2000 - 1.1.4 released - added Cache.setMaxNCache(), which sets the maximum amount of time that a negative answer is cached. 2/10/2000 - update client: add show command, catch socket exception, don't send empty updates, assert tsig ok/failed/unsigned 2/8/2000 - 1.1.3 released - Added lookup program - FindServer finds a search path on Win95/WinNT 2/7/2000 - minor TKEY record updates - FindServer should work on Win95/WinNT - Added 'make jar' and a jar file 1/20/2000 - Added AAAA record 1/13/2000 - 1.1.2 released - dns.setResolver() clears the cache 11/7/1999 - Added EDNS support to update client 11/2/1999 - A key starting with ':' is parsed as hex 10/28/1999 - minor TKEY fixes and TSIG updates 10/5/1999 - misc. small fixes 10/4/1999 - Missed TKEY in the type map 9/26/1999 - Added TKEY record 9/25/1999 - Diffie-Hellman key updates 9/23/1999 - dns.server and dns.search are now comma-delimited strings 9/20/1999 - 1.1 released (finally) - Change OPT to type 41 and fixed related stuff - Change license to LGPL 9/16/1999 - Cache & DNSSEC bug fixes 9/9/1999 - A6 record support (and IPv6 addresses) 9/6/1999 - jnamed has limited support for SIG records 9/4/1999 - res.sendAXFR() is now obsolete, just use res.send() - jnamed (and Zone) support incoming AXFR - Zone handles wildcards that replace multiple labels 9/2/1999 - Bitstrings are now compatible with current BIND 9 - jnamed (and Zone) support outgoing AXFR - jnamed uses jnamed.conf by default, can specify port in config file, returns NOTIMPL on meta-queries other than AXFR and ANY. - DNSSEC can now verify records that came from wildcard expansion - SimpleResolver handles AXFR REFUSED - Lots of EDNS updates 9/1/1999 - More bitstring fixes. - Added RP record (from Tom Scola ) 8/29/1999 - More bitstring label stuff. I think they work now. _ DataByteInputStream cleanup. Should handle errors better now. 8/26/1999 - More verbose options - TSIG badtime bug & better reporting - Large TTL bug - MyStringTokenizer.setNoEscapeCharacter() 8/25/1999 - Imported DNSSEC code - New options: tsigfudge, verbosehmac, verbosemsg - Added utils.hexdump to print a formatted dump of bytes 8/24/1999 - More bitstring label support 8/23/1999 - All data now passes through the Cache. This should help with DNSSEC verification - Added basic DNSSEC verification - Fixes for handling data with TTL 0 - Started adding bitstring labels - Added support for DNAME records (no processing yet) 8/8/1999 - Started adding global options (Options class) 8/7/1999 - Type and Class ANY should work correctly now - jnamed and Zone handle wildcard records - Cache returns wildcard set if name is negatively cached - TTL can be converted into BIND format 8/6/1999 - Updates to KEYRecord - getFootprint() and renamed constants 8/2/1999 - 1.0.2 released - WorkerThread obscure race conditions fixed (patches provided by Tom May ) 8/1/1999 - Added getResolver/getCache to dns class - RRset now has deleteRR and is better synchronized - Cache now has flushName/flushSet - Resolver.sendAsync returns an Object instead of an int - Socket cleanup (patches provided by Tom May ) - WorkerThread's idle lifetime and max threads are now configurable - HMAC-MD5 logic bug 7/5/1999 - 1.01 released - fixed a hang with ExtendedResolver and Exceptions 6/30/1999 - dns search path should always include a . at the end. The only time this bug would show up is when querying for an unqualified top level name. 6/29/1999 - update now ignores '>' at the beginning of a line, to allow easier cut and paste from other update sessions. 6/24/1999 - Use an int instead of a short for the message section count. It would be nice if java had unsigned types, but since messages are also constructed from zone transfers, a larger value is useful. 6/23/1999 - AXFR TSIG bug fix 6/18/1999 - 1.0 released. Yay! - documentation updates - my birthday 6/15/1999 - Restructured update's help - Added 'assert serial' to update, fixes to query keyword - Added Record.fromWire from a byte array - Added LOC support 6/14/1999 - Updates to multiline parser 6/11/1999 - Added Message.newUpdate to simplify sending updates 6/10/1999 - Zone file parser now handles $INCLUDE - update now has a keyword 'zone', which sets the zone to be updated, if it's different than the origin - added constants for DNAME, A6, KX - added KX support, abstracted MX code to support KX also. 6/9/1999 - update should handle timeouts - AXFR parser should allow 1 record in the question section 6/7/1999 - Zone file parser now handles $TTL, and complains about invalid directives. - fixed a few parsing problems in update - fixed null key parsing and key flags handling 6/3/1999 - added author javadoc tags - added javadoc comments to Master. Again, not sure how I missed this before. 5/25/1999 - 0.9.5 released - fixed another null pointer in the cache 5/23/1999 - added javadoc comments to utils/MyStringTokenizer. Not sure how I missed this class before. - minor cleanups to string parsing in update 5/21/1999 - fixed comment processing in update - fixed case bug in Section handling 5/20/1999 - 0.9.4 released - fixed the same round-robin bug, hopefully correctly this time 5/17/1999 - 0.9.3 released 5/16/1999 - fixed a round-robin bug 5/14/1999 - 0.9.2 released - Resolver routines now return Exceptions instead of null. 5/13/1999 - split WorkerThread into WorkerThread and ResolveThread 4/25/1999 - moved files to org.xbill.DNS - Cache round-robins RRsets before handing them out - changed the way ExtendedResolver decides when to send queries - various reflection changes 4/21/1999 - minor WorkerThread fixes 4/19/1999 - 0.9.1 released - WorkerThreads should die after 15 minutes of idle time - Address.getByName/getAllByName handle dotted quad IP addresses 4/18/1999 - 0.9 released - Finished javadoc-ing classes in DNS.* - Server should work now - Zone/Cache response updates - Zone/Cache accesses should be more thread-safe 4/17/1999 - The Cache supports ANY queries - More javadoc-ed classes in DNS.* - implemented toWireCanonical for record types that need it - Message.toString should print better output for update messages 4/16/1999 - jnamed wasn't looking up non-ANY queries correctly in a zone - SimpleResolver should use TCP if query length is longer than UDP packet size - More javadoc-ed classes in DNS.* - MyStringTokenizer moved to DNS.utils 4/15/1999 - More javadoc-ed classes in DNS.* - Moved functions from DNS.IO to DNS.utils.base64 and DNS.Master - Implemented search path for dns.getRecords functions - 0.8.3 released - Restrict number of WorkerThreads to 10 - ExtendedResolver timer code fixes - ExtendedResolver race condition fix 4/14/1999 - ExtendedResolver reentrancy fixes - Names are marked as qualified/unqualified - FindServer looks for search path from -Ddns.search1, etc. and in /etc/resolv.conf 4/13/1999 - 0.8.2 released - More javadoc-ed classes in DNS.* - The message ID stuff from 4/10 broke TSIG, so it's gone - Changes to ExtendedResolver's handling of child Resolvers - Too many threads were being created - Threads should now have meaningful names 4/12/1999 - NameSet shouldn't be using wildcards, since it's not correct for a cache (a name could match a wildcard and return wildcard data before the cache learned about data for the name) - javadoc-ed DNS.utils.* and some of DNS.* - ExtendedResolver allows specifying Resolvers to use - SimpleResolver and ExtendedResolver share a thread pool - ExtendedResolver and FindServer bugfixes - Header bug that actually caused the 0.8.1 release fixed - bugfix release 0.8.1 released - Messages weren't being cloned properly - Resolver didn't handle a query to nowhere correctly 4/11/1999 - 0.8 released - Resolver is now an interface, implemented by SimpleResolver and ExtendedResolver. - added ExtendedResolver, which sends multiple queries to multiple resolvers. - jnamed rejects non-queries 4/10/1999 - added Message.newQuery() to make building queries easier - Record.fromWire verifies that the record length is correct - Resolver.sendAsync() now uses worker threads rather than starting a new thread each time. - Multiple servers can be found by setting the dns.server properties (or from /etc/resolv.conf). - Message/Header doesn't generate the message id until the message is sent or the id is queried for 4/9/1999 - added setTimeout to Resolver 4/8/1999 - fixed obscure md5 bug - made Resolver(null) and Resolver() equivalent 4/7/1999 - Added simple asynchronous interface to resolver 4/6/1999 - CERT and SIG bug fixes 4/5/1999 - data lookups should use class in addition to type - CERT record bug fix 4/4/1999 - 0.7 released - DNS.dns uses Cache - Added getAny* to DNS.dns - Cache can return information indicating partial success on lookup 4/3/1999 - Cache does negative caching - Cache follows CNAMEs when looking for cached data 4/2/1999 - dig now understands -x - added DNS.Address, a clone of InetAddress - Cache can now follow CNAME chains - Cache now expires records based on TTL and doesn't cache records with TTL = 0. 4/1/1999 - Made Cache and Zone extend NameSet - Created Master class to parse master files 3/31/1999 - Added first cut at Cache - Changes to RRset to make it more useful 3/30/1999 - 0.6 released - bug fixes to DataInputStream, jnamed - jnamed now takes config file - Added basic EDNS0 and TSIG support to jnamed - Added basic EDNS0 support and IgnoreTruncation flag to Resolver - jnamed can now return FORMERR 3/29/1999 - 0.5 released - update client: added "echo" and "log" keywords, "file" can now specify "-" for standard input (at the end of a config file, for example). - added support for BIND TTL format - switched from CountedDataOutputStream to DataByteOutputStream, which extends ByteArrayOutputStream. Same for Input. Should help performance and allow more flexibility. - minor server fix to authority section 3/28/1999 - 0.4 released - fixed compression bug where all pointers into rdata were 0 - server sends authority records (NS or SOA) - server now loads glue data separately from zone data, adds authority and additional data, and deals with truncation. - fixed a few Zone bugs - added signatures to RRset 3/27/1999 - 0.3 released - _res was set wrong, so the high level functions wouldn't work. - Minor additions to CountedData(Input|Output)Stream - Lots of DNSSEC stuff 3/26/1999 - moved constants out of dns class into other classes 3/25/1999 - 0.2 released - conversion from base64 sometimes added extra zeroes. - original record length was computed wrong, so tsigs didn't verify. - master file parser didn't deal with ; delimited comments - server now stores data in RRsets instead of individual RRs. - various server bug fixes. Still doesn't work too well. 3/23/1999: - 0.1 released dnsjava-3.6.2/EXAMPLES.md000066400000000000000000000132511467347554000147310ustar00rootroot00000000000000# dnsjava Examples All of these examples are code fragments. Code using these fragments should check exceptions when appropriate, and should: ```java import org.xbill.DNS.*; ``` ## Get the IP address associated with a name ```java InetAddress addr = Address.getByName("www.dnsjava.org"); ``` ## Get the MX target and preference of a name (modern) ```java LookupSession s = LookupSession.defaultBuilder().build(); Name mxLookup = Name.fromString("gmail.com."); s.lookupAsync(mxLookup, Type.MX) .whenComplete( (answers, ex) -> { if (ex == null) { if (answers.getRecords().isEmpty()) { System.out.println(mxLookup + " has no MX"); } else { for (Record rec : answers.getRecords()) { MXRecord mx = ((MXRecord) rec); System.out.println( "Host " + mx.getTarget() + " has preference " + mx.getPriority()); } } } else { ex.printStackTrace(); } }) .toCompletableFuture() .get(); ``` ## Get the MX target and preference of a name (legacy) ```java Record[] records = new Lookup("gmail.com", Type.MX).run(); for (int i = 0; i < records.length; i++) { MXRecord mx = (MXRecord) records[i]; System.out.println("Host " + mx.getTarget() + " has preference " + mx.getPriority()); } ``` ## Simple lookup with a Resolver ```java Record queryRecord = Record.newRecord(Name.fromString("dnsjava.org."), Type.A, DClass.IN); Message queryMessage = Message.newQuery(queryRecord); Resolver r = new SimpleResolver("8.8.8.8"); r.sendAsync(queryMessage) .whenComplete( (answer, ex) -> { if (ex == null) { System.out.println(answer); } else { ex.printStackTrace(); } }) .toCompletableFuture() .get(); ``` ## Query a remote name server for its version ```java Lookup l = new Lookup("version.bind.", Type.TXT, DClass.CH); l.setResolver(new SimpleResolver(args[0])); l.run(); if (l.getResult() == Lookup.SUCCESSFUL) { System.out.println(l.getAnswers()[0].rdataToString()); } ``` ## Transfer a zone from a server and print it ```java ZoneTransferIn xfr = ZoneTransferIn.newAXFR(Name.root, "192.5.5.241", null); xfr.run(); for (Record r : xfr.getAXFR()) { System.out.println(r); } ``` ## Use DNS dynamic update to set the address of a host to a value specified on the command line ```java Name zone = Name.fromString("dyn.test.example."); Name host = Name.fromString("host", zone); Update update = new Update(zone); update.replace(host, Type.A, 3600, args[0]); Resolver res = new SimpleResolver("10.0.0.1"); res.setTSIGKey(new TSIG(host, base64.fromString("1234"))); res.setTCP(true); Message response = res.send(update); ``` ## Manipulate domain names ```java Name n = Name.fromString("www.dnsjava.org"); Name o = Name.fromString("dnsjava.org"); System.out.println(n.subdomain(o)); // True System.out.println(n.compareTo(o)); // > 0 Name rel = n.relativize(o); // the relative name 'www' Name n2 = Name.concatenate(rel, o); System.out.println(n2.equals(n)); // True // www // dnsjava // org for (int i = 0; i < n.labels(); i++) { System.out.println(n.getLabelString(i)); } ``` ## DNSSEC Resolver ```java import java.io.*; import java.nio.charset.StandardCharsets; import org.xbill.DNS.*; public class ResolveExample { // Root anchors, see https://data.iana.org/root-anchors/root-anchors.xml static String ROOT = ". IN DS 20326 8 2 E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D\n" + ". IN DS 38696 8 2 683D2D0ACB8C9B712A1948B27F741219298D0A450D612C483AF444A4C0FB2B16"; public static void main(String[] args) throws Exception { // Send two sample queries using a standard resolver SimpleResolver sr = new SimpleResolver("4.2.2.1"); System.out.println("Standard resolver:"); sendAndPrint(sr, "www.dnssec-failed.org."); sendAndPrint(sr, "nic.ch."); // Send the same queries using the validating resolver with the // trust anchor of the root zone // https://data.iana.org/root-anchors/root-anchors.xml ValidatingResolver vr = new ValidatingResolver(sr); vr.loadTrustAnchors(new ByteArrayInputStream(ROOT.getBytes(StandardCharsets.US_ASCII))); System.out.println("\n\nValidating resolver:"); sendAndPrint(vr, "www.dnssec-failed.org."); sendAndPrint(vr, "nic.ch."); } private static void sendAndPrint(Resolver vr, String name) throws IOException { System.out.println("\n---" + name); Record qr = Record.newRecord(Name.fromConstantString(name), Type.A, DClass.IN); Message response = vr.send(Message.newQuery(qr)); System.out.println("AD-Flag: " + response.getHeader().getFlag(Flags.AD)); System.out.println("RCode: " + Rcode.string(response.getRcode())); for (RRset set : response.getSectionRRsets(Section.ADDITIONAL)) { if (set.getName().equals(Name.root) && set.getType() == Type.TXT && set.getDClass() == ValidatingResolver.VALIDATION_REASON_QCLASS) { System.out.println("Reason: " + ((TXTRecord) set.first()).getStrings().get(0)); } } } } ``` This should result in an output like ``` Standard resolver: ---www.dnssec-failed.org. AD-Flag: false RCode: NOERROR ---nic.ch. AD-Flag: false RCode: NOERROR Validating resolver: ---www.dnssec-failed.org. AD-Flag: false RCode: SERVFAIL Reason: Could not establish a chain of trust to keys for [dnssec-failed.org.]. Reason: No keys for dnssec-failed.org. have a DS for alg RSASHA1 ---nic.ch. AD-Flag: true RCode: NOERROR ``` dnsjava-3.6.2/LICENSE000066400000000000000000000030771467347554000142030ustar00rootroot00000000000000Copyright (c) 1998-2019, Brian Wellington Copyright (c) 2005 VeriSign. All rights reserved. Copyright (c) 2019-2023, dnsjava authors All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. dnsjava-3.6.2/README.adoc000066400000000000000000000346441467347554000147670ustar00rootroot00000000000000= dnsjava image:https://github.com/dnsjava/dnsjava/actions/workflows/build.yml/badge.svg["GitHub CI Build Status",link="https://github.com/dnsjava/dnsjava/actions/workflows/build.yml"] image:https://codecov.io/gh/dnsjava/dnsjava/branch/master/graph/badge.svg?token=FKmcwl1Oys["codecov",link="https://codecov.io/gh/dnsjava/dnsjava"] image:https://maven-badges.herokuapp.com/maven-central/dnsjava/dnsjava/badge.svg["Maven Central",link="https://search.maven.org/artifact/dnsjava/dnsjava"] image:https://javadoc.io/badge/dnsjava/dnsjava.svg["Javadocs",link="https://javadoc.io/doc/dnsjava/dnsjava"] == Overview dnsjava is an implementation of DNS in Java. It * supports almost all defined record types (including the DNSSEC types), and unknown types. * can be used for queries, zone transfers, and dynamic updates. * includes a cache which can be used by clients, and an authoritative only server. * supports TSIG authenticated messages, DNSSEC verification, and EDNS0. * is fully thread safe. == Getting started Have a look at the basic link:EXAMPLES.md[examples]. === Config options Some settings of dnsjava can be configured via Java https://docs.oracle.com/javase/tutorial/essential/environment/sysprop.html[system properties]: [cols=4*] |=== .2+h|Property 3+h|Explanation h|Type h|Default h|Example .2+|dns[.fallback].server 3+|DNS server(s) to use for resolving. Comma separated list. Can be IPv4/IPv6 addresses or hostnames (which are resolved using Java's built in DNS support). |String |- |8.8.8.8,[2001:4860:4860::8888]:853,dns.google .2+|dns[.fallback].search 3+|Comma separated list of DNS search paths. |String |- |ds.example.com,example.com .2+|dns[.fallback].ndots 3+|Sets a threshold for the number of dots which must appear in a name given to resolve before an initial absolute query will be made. |Integer |1 |2 .2+|dnsjava.options 3+|Comma separated key-value pairs, see <<_optionpairs>>. |option list |- |BINDTTL,tsigfudge=1 .2+|dnsjava.configprovider.skipinit 3+|Set to true to disable static ResolverConfig initialization. |Boolean |false |true .2+|dnsjava.configprovider.sunjvm.enabled 3+|Set to true to enable the reflection based DNS server lookup, see <<_limitations>>. |Boolean |false |true .2+|dnsjava.udp.ephemeral.start 3+|First ephemeral port for UDP-based DNS queries. |Integer |49152 (Linux: 32768) |50000 .2+|dnsjava.udp.ephemeral.end 3+|Last ephemeral port for UDP-based DNS queries. |Integer |65535 (Linux: 60999) |60000 .2+|dnsjava.udp.ephemeral.use_ephemeral_port 3+|Use an OS-assigned ephemeral port for UDP queries. Enabling this option is *insecure*! Do NOT use it. |Boolean |false |true .2+|dnsjava.lookup.max_iterations 3+|Maximum number of CNAMEs to follow in a chain. |Integer |16 |20 .2+|dnsjava.lookup.use_hosts_file 3+|Use the system's hosts file for lookups before resorting to a resolver. |Boolean |true |false .2+|dnsjava.nio.selector_timeout 3+|Set selector timeout in milliseconds. Default/Max 1000, Min 1. |Integer |1000 |700 .2+|dnsjava.harden_unknown_additional 3+|Harden against unknown records in the authority section and additional section. If disabled, such records are copied from the upstream and presented to the client together with the answer. |Boolean |True |False 4+h|DNSSEC Options .2+|dnsjava.dnssec.keycache.max_ttl 3+|Maximum time-to-live (TTL) of entries in the key cache in seconds. |Integer |900 |1800 .2+|dnsjava.dnssec.keycache.max_size 3+|Maximum number of entries in the key cache. |Integer |1000 |5000 .2+|org.jitsi.dnssec.nsec3.iterations.N 3+a|Maximum iteration count for the NSEC3 hashing function depending on the key size N. The defaults are from https://datatracker.ietf.org/doc/html/rfc5155#section-10.3[RFC5155]. |Integer 2+a|- 1024 bit keys: 150 iterations - 2048 bit keys: 500 iterations - 4096 bit keys: 2500 iterations e.g. dnsjava.dnssec.nsec3.iterations.1024=200 .2+|dnsjava.dnssec.trust_anchor_file 3+|The file from which the trust anchor should be loaded. The file must be formatted like a DNS zone master file. It can only contain DS or DNSKEY records. |String |- |/etc/dnssec-root-anchors .2+|dnsjava.dnssec.digest_preference 3+|Defines the preferred DS record digest algorithm if a zone has registered multiple DS records. The list is comma-separated, the highest preference first. If this property is not specified, the DS record with the highest https://www.iana.org/assignments/ds-rr-types/ds-rr-types.xhtml[digest ID] is chosen. To stay compliant with the RFCs, the mandatory digest IDs must be listed in this property. The GOST digest requires https://www.bouncycastle.org/java.html[BouncyCastle] on the classpath. |String |- |2,1,4 .2+|dnsjava.dnssec.harden_algo_downgrade 3+|Prevent algorithm downgrade when multiple algorithms are advertised in a zone's DS records. If `false`, allows any algorithm to validate the zone. |Boolean |true |false .2+|dnsjava.dnssec.max_validate_rrsigs 3+|Maximum number of RRSig records to validate until the response is considered bogus. This is limited to avoid the 'KeyTrap' vulnerability (CVE-2023-50387). |Integer |8 |4 .2+|dnsjava.dnssec.max_ds_match_failures 3+|Maximum number of DS records to validate until the response is considered bogus. This is limited to avoid the 'KeyTrap' vulnerability (CVE-2023-50387). |Integer |4 |2 .2+|dnsjava.dnssec.algorithm_enabled.ID 3+|Enable or disable a DS/DNSKEY algorithm. See https://datatracker.ietf.org/doc/html/rfc8624#section-3.1[RFC8624] for recommended values. Note that algorithm number 1, `RSAMD5`, is disabled and cannot be enabled with this property. |Boolean 2+|Disable ED448: `dnsjava.dnssec.algorithm_enabled.16=false` .2+|dnsjava.dnssec.algorithm_rsa_min_key_size 3+|Set the minimum size, in bits, for RSA keys. |Integer |1024 |512 .2+|dnsjava.dnssec.digest_enabled.ID 3+|Enable or disable a DS record digest algorithm. See https://datatracker.ietf.org/doc/html/rfc8624#section-3.3[RFC8624] for recommended values. |Boolean 2+|Disable SHA.1: `dnsjava.dnssec.digest_enabled.1=false` |=== [#_optionpairs] ==== dnsjava.options pairs The `dnsjava.options` configuration options can also be set programmatically through the `Options` class. Please refer to the Javadoc for details. [cols="1,1,1,4",options=header] |=== | Key | Type | Default | Explanation | `BINDTTL` | Boolean | false | Print TTLs in BIND format | `multiline` | Boolean | false | Print records in multiline format | `noPrintIN` | Boolean | false | Do not print the class of a record if it is `IN` | `tsigfudge` | Integer | 300 | Sets the default TSIG fudge value (in seconds) | `sig0validity` | Integer | 300 | Sets the default SIG(0) validity period (in seconds) |=== === Resolvers ==== SimpleResolver Basic resolver that uses UDP by default and falls back to TCP if required. ==== ExtendedResolver A `Resolver` that uses multiple ``Resolver``s to send the queries, defaulting to ``SimpleResolver``s. Can be configured to query the servers in a round-robin order. Blacklists a server if it times out. ==== DohResolver Proof-of-concept DNS over HTTP resolver, e.g. to use https://dns.google/query. ==== ValidatingResolver DNSSEC validating stub resolver. Originally based on the work of the Unbound Java prototype from 2005/2006. The Unbound prototype was stripped from all unnecessary parts, heavily modified, complemented with more than 300 unit test and found bugs were fixed. Before the import into dnsjava, the resolver was developed as an independent library at https://github.com/ibauersachs/dnssecjava. To migrate from dnssecjava, replace `org.jitsi` with `org.xbill.DNS` in Java packages and `org.jitsi` with `dnsjava` in property prefixes. Validated, secure responses contain the DNS `AD`-flag, while responses that failed validation return the `SERVFAIL`-RCode. Insecure responses return the actual return code without the `AD`-flag set. The reason why the validation failed or is insecure is provided as a localized string in the additional section under the record ./65280/TXT (a TXT record for the owner name of the root zone in the private query class `ValidatingResolver.VALIDATION_REASON_QCLASS`). The Extended DNS Errors (EDE, https://datatracker.ietf.org/doc/html/rfc8914[RFC8914]) also provides the failure reason, although in less detail. The link:EXAMPLES.md[examples] contain a small demo. [IMPORTANT] .Do not use the `ValidatingResolver` standalone. A response will need CNAME/DNAME post-processing, and DNS messages can still be manipulated with DNSSEC alone. Subsequent processing and validation of messages is intricate and best done using the built-in `LookupSession` (or the legacy `Lookup`) class. === Migrating from version 2.1.x to v3 dnsjava v3 has significant API changes compared to version 2.1.x and is neither source nor binary compatible. The most important changes are: * Requires at least Java 8 * Uses https://www.slf4j.org/[slf4j] for logging and thus needs `slf4j-api` on the classpath * The link:USAGE.md[command line tools] were moved to the `org.xbill.DNS.tools` package * On Windows, https://github.com/java-native-access/jna[JNA] should be on the classpath for the search path and proper DNS server finding * The `Resolver` API for custom resolvers has changed to use `CompletionStage` for asynchronous resolving. The built-in resolvers are now fully non-blocking and do not start a thread per query anymore. * Many methods return a `List` instead of an array. Ideally, use a for-each loop. If this is not possible, call `size()` instead of using `length`: ** Cache#findAnyRecords ** Cache#findRecords ** Lookup#getDefaultSearchPath ** Message#getSectionRRsets ** SetResponse#answers ** ResolverConfig * RRset returns a List instead of an `Iterator`. Ideally, modify your code to use a for-each loop. If this is not possible, create an iterator on the returned list: ** RRset#rrs ** RRset#sigs * Methods using `java.util.Date` are deprecated. Use the new versions with `java.time.Instant` or `java.time.Duration` instead * The type hierarchy of `SMIMEARecord` changed, it now inherits from `TLSARecord` and constants are shared * ``Record``s are no longer marked as `Serializable` after 3.0. While 3.5 reintroduced `Serializable`, it is preferred to use the RFC defined serialization formats directly: ** `toString()`, `rrToString()` ↔ `fromString()` ** `toWire()` ↔ `fromWire()`, `newRecord()` * `Message` and `Header` properly support `clone()` === Replacing the standard Java DNS functionality ==== Java 1.4 to 8 Java versions from 1.4 to 8 can load DNS service providers at runtime. To load the dnsjava service provider, build dnsjava on JDK 8 and set the system property: sun.net.spi.nameservice.provider.1=dns,dnsjava This instructs the JVM to use the dnsjava service provide for DNS at the highest priority. ==== Java 9 to 17 The functionality to load a DNS SPI was https://bugs.openjdk.java.net/browse/JDK-8134577[removed in JDK 9] and a replacement API was https://bugs.openjdk.java.net/browse/JDK-8192780[requested]. ==== Java 18+ https://bugs.openjdk.java.net/browse/JDK-8263693[JEP 418: Internet-Address Resolution SPI] reintroduces a DNS SPI. See https://github.com/dnsjava/dnsjava/issues/245[#245] for the support status in dnsjava. === Build dnsjava uses https://maven.apache.org/[Maven] as the build system. Run `mvn package` from the toplevel directory to build dnsjava. JDK 8 or higher is required. === Testing dnsjava mailto:rutherfo@cs.colorado.edu[Matt Rutherford] contributed a number of unit tests, which are in the tests subdirectory. The hierarchy under tests mirrors the `org.xbill.DNS` classes. To run the unit tests, execute `mvn test`. [#_limitations] == Limitations There is no standard way to determine what the local nameserver or DNS search path is at runtime from within the JVM. dnsjava attempts several methods until one succeeds. - The properties `dns.server` and `dns.search` (comma delimited lists) are checked. The servers can either be IP addresses or hostnames (which are resolved using Java's built in DNS support). - On Unix/Solaris, `/etc/resolv.conf` is parsed. - On Windows, if https://github.com/java-native-access/jna[JNA] is available on the classpath, the `GetAdaptersAddresses` API is used. - On Android the `ConnectivityManager` is used (requires initialization using `org.xbill.DNS.config.AndroidResolverConfigProvider.setContext`). - The `sun.net.dns.ResolverConfiguration` class is queried if enabled. As of Java 16 the JVM flag `--add-opens java.base/sun.net.dns=ALL-UNNAMED` (classpath) or `--add-opens java.base/sun.net.dns=org.dnsjava` (modules) is also required. - If available and no servers have been found yet, https://docs.oracle.com/javase/8/docs/technotes/guides/jndi/jndi-dns.html[JNDI-DNS] is used. - If still no servers have been found yet, use the fallback properties. This can be used to query e.g. a well-known public DNS server instead of localhost. - As a last resort, `localhost` is used as the nameserver, and the search path is empty. == Additional documentation Javadoc documentation can be built with `mvn javadoc:javadoc` or viewed online at https://javadoc.io/doc/dnsjava/dnsjava[javadoc.io]. See the link:EXAMPLES.md[examples] for some basic usage information. == License dnsjava is placed under the link:LICENSE[BSD-3-Clause license]. == History dnsjava was started as an excuse to learn Java. It was useful for testing new features in BIND without rewriting the C resolver. It was then cleaned up and extended in order to be used as a testing framework for DNS interoperability testing. The high level API and caching resolver were added to make it useful to a wider audience. The authoritative only server was added as proof of concept. === dnsjava on GitHub This repository has been a mirror of the dnsjava project at Sourceforge since 2014 to maintain the Maven build for publishing to https://search.maven.org/artifact/dnsjava/dnsjava[Maven Central]. As of 2019-05-15, GitHub is https://sourceforge.net/p/dnsjava/mailman/message/36666800/[officially] the new home of dnsjava. The mailto:dnsjava-users@lists.sourceforge.net[dnsjava-users] mailing list (https://sourceforge.net/p/dnsjava/mailman/dnsjava-users/[archive]) still exists but is mostly inactive. Please use the GitHub https://github.com/dnsjava/dnsjava/issues[issue tracker] and send - well tested - pull requests. == Authors - Brian Wellington (@bwelling), March 12, 2004 - Various contributors, see the link:Changelog[Changelog] - Ingo Bauersachs (@ibauersachs), current maintainer == Final notes - Thanks to Network Associates, Inc. for sponsoring some of the original dnsjava work in 1999-2000. - Thanks to Nominum, Inc. for sponsoring some work on dnsjava from 2000 through 2017. dnsjava-3.6.2/TODO.dnssec.md000066400000000000000000000060521467347554000155370ustar00rootroot00000000000000CNAME Handling -------------- The CNAME handling is terribly inefficient. A recursive nameserver is required to deliver all intermediate results in the response to the original query. The code however still splits up the query into each part and performs a query for each CNAME till the end of the chain is reached. This should be changed to follow the chain in the response of the original query, but is not so easy because the validation only has the keys for each original query. A possible workaround would be to synthesize the intermediate responses from the original query. Easy for positive responses, but for NXDOMAIN - which NSEC(3)s are to be included...? DNAME Handling -------------- A DNAME causes validation failures during priming because the synthesized CNAME is not considered valid. Some unit-tests are failing due to this. API --- - Provide the final failure reason as a (localizable) string Code Coverage / Bugs -------------------- - The code still has some untested parts: - Wildcard/ENT DS delegations!!! - ANY responses, especially wildcard expansion - Insecure NSEC3 NODATA responses - Wildcard NODATA responses might pass too broad cases - Behavior if all NSEC3s are not understandable - NXDOMAIN when a NSEC would prove that a wildcard exists - Exceptions thrown by the head resolver - Bogus/Insecure handling of CNAME answer to DS query - Async calling of the validator - Passthrough without validation if the CD flag is set - Various cases in dsReponseToKeForNodata - longestCommonName - Various NSEC NODATA cases - Unsupported algorithm or digest ID cases - NSEC3 iteration count configuration - NSEC3 with unsupported hash algorithm - Multiple NSEC3s for a zone - NSEC3: proveClosestEncloser - NSEC3: proveNodata - NSEC3: proveNoDS - Implement http://tools.ietf.org/html/rfc4509#section-3 to prevent downgrade attacks - http://tools.ietf.org/html/rfc6840#section-4.3 (CNAME bit check) - http://tools.ietf.org/html/rfc6840#section-4.4 (Insecure Delegation Proofs) - http://tools.ietf.org/html/rfc6840#section-5.4 (Caution about Local Policy and Multiple RRSIGs) - Refuse DNAME wildcards (RFC4597) - Test validating against a non-Bind9 head solver - Rate limit queries to be able to validate against Google's public resolvers Unit Tests ---------- - The tests currently rely on an online connection to a recursive server and external zones. They must be able to run offline. - Some tests will start to fail after June 9, 2013 because the signature date is compared against the current system time. This must be changed to take the test authoring time. To make this possible DNSJAVA must probably be changed. DNSJAVA ------- - Fix the Maven project definition to build correctly with a local lib folder as it is not officially distributed on Maven central - Version 2.1.5 contains a bug in the Name constructor and needs at least SVN rev. 1686 - Remove local-repo once 2.1.6 appears on Maven central dnsjava-3.6.2/USAGE.md000066400000000000000000000041141467347554000143550ustar00rootroot00000000000000dnsjava Command Line Tools ========================== dnsjava provides several command line programs, which are documented here. For examples of API usage, see the [examples](EXAMPLES.md). To run them, at least `dnsjava` and `slf4j-api` need to be on the classpath. A basic invocation could thus look as follows: java -cp dnsjava.jar;slf4-api.jar org.xbill.DNS.tools.Tools [tool] dig --- A basic, incomplete clone of dig (as distributed with BIND) dig @server [-x] name type [class] [-p port] [-k name/secret] [-t] \ [-i] [-e n] [-d] -x : reverse lookup, name must be a dotted quad -k : use TSIG transaction security -t : use TCP by default -i : ignore truncation errors -e n: Use EDNS level n (only 0 is defined) -d : Set the DNSSEC OK bit update ------ A dynamic update client with some extra functionality. This can be used either interactively or by specifying a file containing commands to be executed. Running 'help' lists all other commands. update [file] jnamed ------ A basic authoritative only (non-caching, non-recursive) server. It's not very good, but it's also a whole lot better than it used to be. The config file (`jnamed.conf` by default) supports the following directives: primary secondary cache key [algorithm] address port If no addresses are specified, jnamed will listen on all addresses, using a wildcard socket. If no ports are specified, jnamed will listen on port 53. The following is an example: primary internal /etc/namedb/internal.db secondary xbill.org 127.0.0.1 cache /etc/namedb/cache.db key xbill.org 1234 address 127.0.0.1 port 12345 To run: jnamed [config_file] jnamed should not be used for production, and should probably not be used for testing. If the above documentation is not enough, please do not ask for more, because it really should not be used. lookup ------ A simple program that looks up records associated with names. If no type is specified, address lookups (A) are done. lookup [-t type] name ... dnsjava-3.6.2/checkstyle/000077500000000000000000000000001467347554000153255ustar00rootroot00000000000000dnsjava-3.6.2/checkstyle/checkstyle-config.xml000066400000000000000000000015551467347554000214560ustar00rootroot00000000000000 dnsjava-3.6.2/checkstyle/checkstyle-suppressions.xml000066400000000000000000000004661467347554000227660ustar00rootroot00000000000000 dnsjava-3.6.2/checkstyle/header.template.txt000066400000000000000000000000511467347554000211240ustar00rootroot00000000000000// SPDX-License-Identifier: BSD-3-Clause dnsjava-3.6.2/pom.xml000066400000000000000000001127001467347554000145050ustar00rootroot00000000000000 4.0.0 dnsjava dnsjava bundle 3.6.2 dnsjava dnsjava is an implementation of DNS in Java. It supports all defined record types (including the DNSSEC types), and unknown types. It can be used for queries, zone transfers, and dynamic updates. It includes a cache which can be used by clients, and a minimal implementation of a server. It supports TSIG authenticated messages, partial DNSSEC verification, and EDNS0. https://github.com/dnsjava/dnsjava dnsjava.org https://github.com/dnsjava/dnsjava BSD-3-Clause https://opensource.org/licenses/BSD-3-Clause repo scm:git:https://github.com/dnsjava/dnsjava scm:git:https://github.com/dnsjava/dnsjava https://github.com/dnsjava/dnsjava v3.6.2 bwelling Brian Wellington ibauersachs Ingo Bauersachs UTF-8 8 true false 5.10.3 4.11.0 1.7.36 1.18.34 5.14.0 1.78.1 4.5.9 1.7 2.30.0 dnsjava_dnsjava dnsjava https://sonarcloud.io ${target.jdk} ${project.build.directory}/site/jacoco/jacoco.xml ${project.build.directory}/delombok org.apache.maven.plugins maven-gpg-plugin 3.2.4 sign-artifacts verify sign --pinentry-mode loopback false org.apache.maven.plugins maven-compiler-plugin 3.13.0 -Xlint:all,-serial,-processing -Xpkginfo:always org.projectlombok lombok ${lombok.version} org.openjdk.jcstress jcstress-core 0.16 * * org.apache.maven.plugins maven-source-plugin 3.3.1 org.apache.felix maven-bundle-plugin 5.1.9 true true lombok dnsjava dnsjava is an implementation of DNS in Java org.xbill.dns https://javadoc.io/doc/dnsjava/dnsjava <_noclassforname>true <_donotcopy>android|sun <_nouses>true <_noee>true org.xbill.DNS.* !android.*,!sun.*,. !org.xbill.DNS*, !sun.*, !lombok, !android.*, javax.naming.*;resolution:=optional, org.slf4j;version="[1.7,3)", com.sun.jna.*;resolution:=optional;version="[5,6)", * BSD-3-Clause;link="https://raw.githubusercontent.com/dnsjava/dnsjava/master/LICENSE" <_removeheaders>Bnd-*, Tool, Require-Capability, Include-Resource, Private-Package <_snapshot>SNAPSHOT {maven-resources}, META-INF/LICENSE=LICENSE org.xbill.DNS.tools.Tools <_fixupmessages>"Classes found in the wrong directory";is:=ignore true org.projectlombok lombok-maven-plugin 1.18.20.0 ${project.build.sourceDirectory} false ${delombok.output} generate-sources delombok org.projectlombok lombok ${lombok.version} org.apache.maven.plugins maven-javadoc-plugin 3.8.0 ${target.jdk} ${delombok.output} true dnsjava documentation