Documentation ¶
Overview ¶
Package dns implements a full featured interface to the Domain Name System. Server- and client-side programming is supported. The package allows complete control over what is send out to the DNS. The package API follows the less-is-more principle, by presenting a small, clean interface.
The package dns supports (asynchronous) querying/replying, incoming/outgoing zone transfers, TSIG, EDNS0, dynamic updates, notifies and DNSSEC validation/signing. Note that domain names MUST be fully qualified, before sending them, unqualified names in a message will result in a packing failure.
Resource records are native types. They are not stored in wire format. Basic usage pattern for creating a new resource record:
r := new(dns.MX) r.Hdr = dns.RR_Header{Name: "miek.nl.", Rrtype: dns.TypeMX, Class: dns.ClassINET, Ttl: 3600} r.Preference = 10 r.Mx = "mx.miek.nl."
Or directly from a string:
mx, err := dns.NewRR("miek.nl. 3600 IN MX 10 mx.miek.nl.")
Or when the default TTL (3600) and class (IN) suit you:
mx, err := dns.NewRR("miek.nl. MX 10 mx.miek.nl.")
Or even:
mx, err := dns.NewRR("$ORIGIN nl.\nmiek 1H IN MX 10 mx.miek")
In the DNS messages are exchanged, these messages contain resource records (sets). Use pattern for creating a message:
m := new(dns.Msg) m.SetQuestion("miek.nl.", dns.TypeMX)
Or when not certain if the domain name is fully qualified:
m.SetQuestion(dns.Fqdn("miek.nl"), dns.TypeMX)
The message m is now a message with the question section set to ask the MX records for the miek.nl. zone.
The following is slightly more verbose, but more flexible:
m1 := new(dns.Msg) m1.Id = dns.Id() m1.RecursionDesired = true m1.Question = make([]dns.Question, 1) m1.Question[0] = dns.Question{"miek.nl.", dns.TypeMX, dns.ClassINET}
After creating a message it can be send. Basic use pattern for synchronous querying the DNS at a server configured on 127.0.0.1 and port 53:
c := new(dns.Client) in, rtt, err := c.Exchange(m1, "127.0.0.1:53")
Suppressing multiple outstanding queries (with the same question, type and class) is as easy as setting:
c.SingleInflight = true
If these "advanced" features are not needed, a simple UDP query can be send, with:
in, err := dns.Exchange(m1, "127.0.0.1:53")
When this functions returns you will get dns message. A dns message consists out of four sections. The question section: in.Question, the answer section: in.Answer, the authority section: in.Ns and the additional section: in.Extra.
Each of these sections (except the Question section) contain a []RR. Basic use pattern for accessing the rdata of a TXT RR as the first RR in the Answer section:
if t, ok := in.Answer[0].(*dns.TXT); ok { // do something with t.Txt }
Domain Name and TXT Character String Representations ¶
Both domain names and TXT character strings are converted to presentation form both when unpacked and when converted to strings.
For TXT character strings, tabs, carriage returns and line feeds will be converted to \t, \r and \n respectively. Back slashes and quotations marks will be escaped. Bytes below 32 and above 127 will be converted to \DDD form.
For domain names, in addition to the above rules brackets, periods, spaces, semicolons and the at symbol are escaped.
DNSSEC ¶
DNSSEC (DNS Security Extension) adds a layer of security to the DNS. It uses public key cryptography to sign resource records. The public keys are stored in DNSKEY records and the signatures in RRSIG records.
Requesting DNSSEC information for a zone is done by adding the DO (DNSSEC OK) bit to a request.
m := new(dns.Msg) m.SetEdns0(4096, true)
Signature generation, signature verification and key generation are all supported.
DYNAMIC UPDATES ¶
Dynamic updates reuses the DNS message format, but renames three of the sections. Question is Zone, Answer is Prerequisite, Authority is Update, only the Additional is not renamed. See RFC 2136 for the gory details.
You can set a rather complex set of rules for the existence of absence of certain resource records or names in a zone to specify if resource records should be added or removed. The table from RFC 2136 supplemented with the Go DNS function shows which functions exist to specify the prerequisites.
3.2.4 - Table Of Metavalues Used In Prerequisite Section CLASS TYPE RDATA Meaning Function -------------------------------------------------------------- ANY ANY empty Name is in use dns.NameUsed ANY rrset empty RRset exists (value indep) dns.RRsetUsed NONE ANY empty Name is not in use dns.NameNotUsed NONE rrset empty RRset does not exist dns.RRsetNotUsed zone rrset rr RRset exists (value dep) dns.Used
The prerequisite section can also be left empty. If you have decided on the prerequisites you can tell what RRs should be added or deleted. The next table shows the options you have and what functions to call.
3.4.2.6 - Table Of Metavalues Used In Update Section CLASS TYPE RDATA Meaning Function --------------------------------------------------------------- ANY ANY empty Delete all RRsets from name dns.RemoveName ANY rrset empty Delete an RRset dns.RemoveRRset NONE rrset rr Delete an RR from RRset dns.Remove zone rrset rr Add to an RRset dns.Insert
TRANSACTION SIGNATURE ¶
An TSIG or transaction signature adds a HMAC TSIG record to each message sent. The supported algorithms include: HmacMD5, HmacSHA1, HmacSHA256 and HmacSHA512.
Basic use pattern when querying with a TSIG name "axfr." (note that these key names must be fully qualified - as they are domain names) and the base64 secret "so6ZGir4GPAqINNh9U5c3A==":
c := new(dns.Client) c.TsigSecret = map[string]string{"axfr.": "so6ZGir4GPAqINNh9U5c3A=="} m := new(dns.Msg) m.SetQuestion("miek.nl.", dns.TypeMX) m.SetTsig("axfr.", dns.HmacMD5, 300, time.Now().Unix()) ... // When sending the TSIG RR is calculated and filled in before sending
When requesting an zone transfer (almost all TSIG usage is when requesting zone transfers), with TSIG, this is the basic use pattern. In this example we request an AXFR for miek.nl. with TSIG key named "axfr." and secret "so6ZGir4GPAqINNh9U5c3A==" and using the server 176.58.119.54:
t := new(dns.Transfer) m := new(dns.Msg) t.TsigSecret = map[string]string{"axfr.": "so6ZGir4GPAqINNh9U5c3A=="} m.SetAxfr("miek.nl.") m.SetTsig("axfr.", dns.HmacMD5, 300, time.Now().Unix()) c, err := t.In(m, "176.58.119.54:53") for r := range c { ... }
You can now read the records from the transfer as they come in. Each envelope is checked with TSIG. If something is not correct an error is returned.
Basic use pattern validating and replying to a message that has TSIG set.
server := &dns.Server{Addr: ":53", Net: "udp"} server.TsigSecret = map[string]string{"axfr.": "so6ZGir4GPAqINNh9U5c3A=="} go server.ListenAndServe() dns.HandleFunc(".", handleRequest) func handleRequest(w dns.ResponseWriter, r *dns.Msg) { m := new(dns.Msg) m.SetReply(r) if r.IsTsig() != nil { if w.TsigStatus() == nil { // *Msg r has an TSIG record and it was validated m.SetTsig("axfr.", dns.HmacMD5, 300, time.Now().Unix()) } else { // *Msg r has an TSIG records and it was not valided } } w.WriteMsg(m) }
PRIVATE RRS ¶
RFC 6895 sets aside a range of type codes for private use. This range is 65,280 - 65,534 (0xFF00 - 0xFFFE). When experimenting with new Resource Records these can be used, before requesting an official type code from IANA.
see http://miek.nl/posts/2014/Sep/21/Private%20RRs%20and%20IDN%20in%20Go%20DNS/ for more information.
EDNS0 ¶
EDNS0 is an extension mechanism for the DNS defined in RFC 2671 and updated by RFC 6891. It defines an new RR type, the OPT RR, which is then completely abused. Basic use pattern for creating an (empty) OPT RR:
o := new(dns.OPT) o.Hdr.Name = "." // MUST be the root zone, per definition. o.Hdr.Rrtype = dns.TypeOPT
The rdata of an OPT RR consists out of a slice of EDNS0 (RFC 6891) interfaces. Currently only a few have been standardized: EDNS0_NSID (RFC 5001) and EDNS0_SUBNET (draft-vandergaast-edns-client-subnet-02). Note that these options may be combined in an OPT RR. Basic use pattern for a server to check if (and which) options are set:
// o is a dns.OPT for _, s := range o.Option { switch e := s.(type) { case *dns.EDNS0_NSID: // do stuff with e.Nsid case *dns.EDNS0_SUBNET: // access e.Family, e.Address, etc. } }
SIG(0)
From RFC 2931:
SIG(0) provides protection for DNS transactions and requests .... ... protection for glue records, DNS requests, protection for message headers on requests and responses, and protection of the overall integrity of a response.
It works like TSIG, except that SIG(0) uses public key cryptography, instead of the shared secret approach in TSIG. Supported algorithms: DSA, ECDSAP256SHA256, ECDSAP384SHA384, RSASHA1, RSASHA256 and RSASHA512.
Signing subsequent messages in multi-message sessions is not implemented.
Index ¶
- Constants
- Variables
- func ActivateAndServe(l net.Listener, p net.PacketConn, handler Handler) error
- func CertificateToDANE(selector, matchingType uint8, cert *x509.Certificate) (string, error)
- func CompareDomainName(s1, s2 string) (n int)
- func CountLabel(s string) (labels int)
- func Field(r RR, i int) string
- func Fqdn(s string) string
- func Handle(pattern string, handler Handler)
- func HandleFailed(w ResponseWriter, r *Msg)
- func HandleFunc(pattern string, handler func(ResponseWriter, *Msg))
- func HandleRemove(pattern string)
- func HashName(label string, ha uint8, iter uint16, salt string) string
- func IsDomainName(s string) (labels int, ok bool)
- func IsFqdn(s string) bool
- func IsMsg(buf []byte) error
- func IsRRset(rrset []RR) bool
- func IsSubDomain(parent, child string) bool
- func ListenAndServe(addr string, network string, handler Handler) error
- func ListenAndServeTLS(addr, certFile, keyFile string, handler Handler) error
- func NextLabel(s string, offset int) (i int, end bool)
- func NumField(r RR) int
- func PackDomainName(s string, msg []byte, off int, compression map[string]int, compress bool) (off1 int, err error)
- func PackRR(rr RR, msg []byte, off int, compression map[string]int, compress bool) (off1 int, err error)
- func PackStruct(any interface{}, msg []byte, off int) (off1 int, err error)
- func ParseZone(r io.Reader, origin, file string) chan *Token
- func PrevLabel(s string, n int) (i int, start bool)
- func PrivateHandle(rtypestr string, rtype uint16, generator func() PrivateRdata)
- func PrivateHandleRemove(rtype uint16)
- func ReverseAddr(addr string) (arpa string, err error)
- func Split(s string) []int
- func SplitDomainName(s string) (labels []string)
- func StringToTime(s string) (uint32, error)
- func TLSAName(name, service, network string) (string, error)
- func TimeToString(t uint32) string
- func TsigGenerate(m *Msg, secret, requestMAC string, timersOnly bool) ([]byte, string, error)
- func TsigVerify(msg []byte, secret, requestMAC string, timersOnly bool) error
- func UnpackDomainName(msg []byte, off int) (string, int, error)
- func UnpackStruct(any interface{}, msg []byte, off int) (int, error)
- func WriteToSessionUDP(conn *net.UDPConn, b []byte, session *SessionUDP) (int, error)
- type A
- type AAAA
- type AFSDB
- type ANY
- type CAA
- type CDNSKEY
- type CDS
- type CERT
- type CNAME
- type Class
- type Client
- type ClientConfig
- type Conn
- func Dial(network, address string) (conn *Conn, err error)
- func DialTimeout(network, address string, timeout time.Duration) (conn *Conn, err error)
- func DialTimeoutWithTLS(network, address string, tlsConfig *tls.Config, timeout time.Duration) (conn *Conn, err error)
- func DialWithTLS(network, address string, tlsConfig *tls.Config) (conn *Conn, err error)
- type DHCID
- type DLV
- type DNAME
- type DNSKEY
- func (k *DNSKEY) Generate(bits int) (crypto.PrivateKey, error)
- func (rr *DNSKEY) Header() *RR_Header
- func (k *DNSKEY) KeyTag() uint16
- func (k *DNSKEY) NewPrivateKey(s string) (crypto.PrivateKey, error)
- func (r *DNSKEY) PrivateKeyString(p crypto.PrivateKey) string
- func (k *DNSKEY) ReadPrivateKey(q io.Reader, file string) (crypto.PrivateKey, error)
- func (rr *DNSKEY) String() string
- func (k *DNSKEY) ToCDNSKEY() *CDNSKEY
- func (k *DNSKEY) ToDS(h uint8) *DS
- type DS
- type DecorateReader
- type DecorateWriter
- type Denialer
- type EDNS0
- type EDNS0_DAU
- type EDNS0_DHU
- type EDNS0_EXPIRE
- type EDNS0_LLQ
- type EDNS0_LOCAL
- type EDNS0_N3U
- type EDNS0_NSID
- type EDNS0_SUBNET
- type EDNS0_UL
- type EID
- type EUI48
- type EUI64
- type Envelope
- type Error
- type GID
- type GPOS
- type HINFO
- type HIP
- type Handler
- type HandlerFunc
- type Header
- type IPSECKEY
- type KEY
- type KX
- type L32
- type L64
- type LOC
- type LP
- type MB
- type MD
- type MF
- type MG
- type MINFO
- type MR
- type MX
- type Msg
- func (dns *Msg) Copy() *Msg
- func (dns *Msg) CopyTo(r1 *Msg) *Msg
- func (u *Msg) Insert(rr []RR)
- func (dns *Msg) IsEdns0() *OPT
- func (dns *Msg) IsTsig() *TSIG
- func (dns *Msg) Len() int
- func (u *Msg) NameNotUsed(rr []RR)
- func (u *Msg) NameUsed(rr []RR)
- func (dns *Msg) Pack() (msg []byte, err error)
- func (dns *Msg) PackBuffer(buf []byte) (msg []byte, err error)
- func (u *Msg) RRsetNotUsed(rr []RR)
- func (u *Msg) RRsetUsed(rr []RR)
- func (u *Msg) Remove(rr []RR)
- func (u *Msg) RemoveName(rr []RR)
- func (u *Msg) RemoveRRset(rr []RR)
- func (dns *Msg) SetAxfr(z string) *Msg
- func (dns *Msg) SetEdns0(udpsize uint16, do bool) *Msg
- func (dns *Msg) SetIxfr(z string, serial uint32, ns, mbox string) *Msg
- func (dns *Msg) SetNotify(z string) *Msg
- func (dns *Msg) SetQuestion(z string, t uint16) *Msg
- func (dns *Msg) SetRcode(request *Msg, rcode int) *Msg
- func (dns *Msg) SetRcodeFormatError(request *Msg) *Msg
- func (dns *Msg) SetReply(request *Msg) *Msg
- func (dns *Msg) SetTsig(z, algo string, fudge, timesigned int64) *Msg
- func (dns *Msg) SetUpdate(z string) *Msg
- func (dns *Msg) String() string
- func (dns *Msg) Unpack(msg []byte) (err error)
- func (u *Msg) Used(rr []RR)
- type MsgHdr
- type NAPTR
- type NID
- type NIMLOC
- type NINFO
- type NS
- type NSAPPTR
- type NSEC
- type NSEC3
- type NSEC3PARAM
- type Name
- type OPENPGPKEY
- type OPT
- func (rr *OPT) Do() bool
- func (rr *OPT) ExtendedRcode() uint8
- func (rr *OPT) Header() *RR_Header
- func (rr *OPT) SetDo()
- func (rr *OPT) SetExtendedRcode(v uint8)
- func (rr *OPT) SetUDPSize(size uint16)
- func (rr *OPT) SetVersion(v uint8)
- func (rr *OPT) String() string
- func (rr *OPT) UDPSize() uint16
- func (rr *OPT) Version() uint8
- type PTR
- type PX
- type ParseError
- type PrivateRR
- type PrivateRdata
- type Question
- type RFC3597
- type RKEY
- type RP
- type RR
- type RRSIG
- type RR_Header
- type RT
- type Reader
- type ResponseWriter
- type SIG
- type SOA
- type SPF
- type SRV
- type SSHFP
- type ServeMux
- type Server
- type SessionUDP
- type TA
- type TALINK
- type TKEY
- type TLSA
- type TSIG
- type TXT
- type Token
- type Transfer
- type Type
- type UID
- type UINFO
- type URI
- type WKS
- type Writer
- type X25
Constants ¶
const ( // DefaultMsgSize is the standard default for messages larger than 512 bytes. DefaultMsgSize = 4096 // MinMsgSize is the minimal size of a DNS packet. MinMsgSize = 512 // MaxMsgSize is the largest possible DNS packet. MaxMsgSize = 65535 )
const ( RSAMD5 uint8 DH DSA RSASHA1 DSANSEC3SHA1 RSASHA1NSEC3SHA1 RSASHA256 RSASHA512 ECCGOST ECDSAP256SHA256 ECDSAP384SHA384 INDIRECT uint8 = 252 PRIVATEDNS uint8 = 253 // Private (experimental keys) PRIVATEOID uint8 = 254 )
DNSSEC encryption algorithm codes.
const ( SHA1 uint8 // RFC 4034 SHA256 // RFC 4509 GOST94 // RFC 5933 SHA384 // Experimental SHA512 // Experimental )
DNSSEC hashing algorithm codes.
const ( SEP = 1 REVOKE = 1 << 7 ZONE = 1 << 8 )
DNSKEY flag values.
const ( EDNS0LLQ = 0x1 // long lived queries: http://tools.ietf.org/html/draft-sekar-dns-llq-01 EDNS0UL = 0x2 // update lease draft: http://files.dns-sd.org/draft-sekar-dns-ul.txt EDNS0NSID = 0x3 // nsid (RFC5001) EDNS0DAU = 0x5 // DNSSEC Algorithm Understood EDNS0DHU = 0x6 // DS Hash Understood EDNS0N3U = 0x7 // NSEC3 Hash Understood EDNS0SUBNET = 0x8 // client-subnet (RFC6891) EDNS0EXPIRE = 0x9 // EDNS0 expire EDNS0SUBNETDRAFT = 0x50fa // Don't use! Use EDNS0SUBNET EDNS0LOCALSTART = 0xFDE9 // Beginning of range reserved for local/experimental use (RFC6891) EDNS0LOCALEND = 0xFFFE // End of range reserved for local/experimental use (RFC6891) )
EDNS0 Option codes.
const ( HmacMD5 = "hmac-md5.sig-alg.reg.int." HmacSHA1 = "hmac-sha1." HmacSHA256 = "hmac-sha256." HmacSHA512 = "hmac-sha512." )
HMAC hashing codes. These are transmitted as domain names.
const ( TypeNone uint16 = 0 TypeA uint16 = 1 TypeNS uint16 = 2 TypeMD uint16 = 3 TypeMF uint16 = 4 TypeCNAME uint16 = 5 TypeSOA uint16 = 6 TypeMB uint16 = 7 TypeMG uint16 = 8 TypeMR uint16 = 9 TypeNULL uint16 = 10 TypeWKS uint16 = 11 TypePTR uint16 = 12 TypeHINFO uint16 = 13 TypeMINFO uint16 = 14 TypeMX uint16 = 15 TypeTXT uint16 = 16 TypeRP uint16 = 17 TypeAFSDB uint16 = 18 TypeX25 uint16 = 19 TypeISDN uint16 = 20 TypeRT uint16 = 21 TypeNSAPPTR uint16 = 23 TypeSIG uint16 = 24 TypeKEY uint16 = 25 TypePX uint16 = 26 TypeGPOS uint16 = 27 TypeAAAA uint16 = 28 TypeLOC uint16 = 29 TypeNXT uint16 = 30 TypeEID uint16 = 31 TypeNIMLOC uint16 = 32 TypeSRV uint16 = 33 TypeATMA uint16 = 34 TypeNAPTR uint16 = 35 TypeKX uint16 = 36 TypeCERT uint16 = 37 TypeDNAME uint16 = 39 TypeOPT uint16 = 41 // EDNS TypeDS uint16 = 43 TypeSSHFP uint16 = 44 TypeIPSECKEY uint16 = 45 TypeRRSIG uint16 = 46 TypeNSEC uint16 = 47 TypeDNSKEY uint16 = 48 TypeDHCID uint16 = 49 TypeNSEC3 uint16 = 50 TypeNSEC3PARAM uint16 = 51 TypeTLSA uint16 = 52 TypeHIP uint16 = 55 TypeNINFO uint16 = 56 TypeRKEY uint16 = 57 TypeTALINK uint16 = 58 TypeCDS uint16 = 59 TypeCDNSKEY uint16 = 60 TypeOPENPGPKEY uint16 = 61 TypeSPF uint16 = 99 TypeUINFO uint16 = 100 TypeUID uint16 = 101 TypeGID uint16 = 102 TypeUNSPEC uint16 = 103 TypeNID uint16 = 104 TypeL32 uint16 = 105 TypeL64 uint16 = 106 TypeLP uint16 = 107 TypeEUI48 uint16 = 108 TypeEUI64 uint16 = 109 TypeURI uint16 = 256 TypeCAA uint16 = 257 TypeTKEY uint16 = 249 TypeTSIG uint16 = 250 // valid Question.Qtype only TypeIXFR uint16 = 251 TypeAXFR uint16 = 252 TypeMAILB uint16 = 253 TypeMAILA uint16 = 254 TypeANY uint16 = 255 TypeTA uint16 = 32768 TypeDLV uint16 = 32769 TypeReserved uint16 = 65535 // valid Question.Qclass ClassINET = 1 ClassCSNET = 2 ClassCHAOS = 3 ClassHESIOD = 4 ClassNONE = 254 ClassANY = 255 // Message Response Codes. RcodeSuccess = 0 RcodeFormatError = 1 RcodeServerFailure = 2 RcodeNameError = 3 RcodeNotImplemented = 4 RcodeRefused = 5 RcodeYXDomain = 6 RcodeYXRrset = 7 RcodeNXRrset = 8 RcodeNotAuth = 9 RcodeNotZone = 10 RcodeBadSig = 16 // TSIG RcodeBadVers = 16 // EDNS0 RcodeBadKey = 17 RcodeBadTime = 18 RcodeBadMode = 19 // TKEY RcodeBadName = 20 RcodeBadAlg = 21 RcodeBadTrunc = 22 // TSIG // Message Opcodes. There is no 3. OpcodeQuery = 0 OpcodeIQuery = 1 OpcodeStatus = 2 OpcodeNotify = 4 OpcodeUpdate = 5 )
Wire constants and supported types.
const ( LOC_EQUATOR = 1 << 31 // RFC 1876, Section 2. LOC_PRIMEMERIDIAN = 1 << 31 // RFC 1876, Section 2. LOC_HOURS = 60 * 1000 LOC_DEGREES = 60 * LOC_HOURS LOC_ALTITUDEBASE = 100000 )
const ( CertPKIX = 1 + iota CertSPKI CertPGP CertIPIX CertISPKI CertIPGP CertACPKIX CertIACPKIX CertURI = 253 CertOID = 254 )
Different Certificate Types, see RFC 4398, Section 2.1
Variables ¶
var ( // ErrAlg indicates an error with the (DNSSEC) algorithm. ErrAlg error = &Error{err: "bad algorithm"} // ErrAuth indicates an error in the TSIG authentication. ErrAuth error = &Error{err: "bad authentication"} // ErrBuf indicates that the buffer used it too small for the message. ErrBuf error = &Error{err: "buffer size too small"} // ErrConnEmpty indicates a connection is being uses before it is initialized. ErrConnEmpty error = &Error{err: "conn has no connection"} // ErrExtendedRcode ... ErrExtendedRcode error = &Error{err: "bad extended rcode"} // ErrFqdn indicates that a domain name does not have a closing dot. ErrFqdn error = &Error{err: "domain must be fully qualified"} // ErrId indicates there is a mismatch with the message's ID. ErrId error = &Error{err: "id mismatch"} // ErrKeyAlg indicates that the algorithm in the key is not valid. ErrKeyAlg error = &Error{err: "bad key algorithm"} ErrKey error = &Error{err: "bad key"} ErrKeySize error = &Error{err: "bad key size"} ErrNoSig error = &Error{err: "no signature found"} ErrPrivKey error = &Error{err: "bad private key"} ErrRcode error = &Error{err: "bad rcode"} ErrRdata error = &Error{err: "bad rdata"} ErrRRset error = &Error{err: "bad rrset"} ErrSecret error = &Error{err: "no secrets defined"} ErrShortRead error = &Error{err: "short read"} // ErrSig indicates that a signature can not be cryptographically validated. ErrSig error = &Error{err: "bad signature"} // ErrSOA indicates that no SOA RR was seen when doing zone transfers. ErrSoa error = &Error{err: "no SOA"} // ErrTime indicates a timing error in TSIG authentication. ErrTime error = &Error{err: "bad time"} // ErrTruncated indicates that we failed to unpack a truncated message. // We unpacked as much as we had so Msg can still be used, if desired. ErrTruncated error = &Error{err: "failed to unpack truncated message"} )
var AlgorithmToHash = map[uint8]crypto.Hash{ RSAMD5: crypto.MD5, RSASHA1: crypto.SHA1, RSASHA1NSEC3SHA1: crypto.SHA1, RSASHA256: crypto.SHA256, ECDSAP256SHA256: crypto.SHA256, ECDSAP384SHA384: crypto.SHA384, RSASHA512: crypto.SHA512, }
Map of algorithm crypto hashes.
var AlgorithmToString = map[uint8]string{ RSAMD5: "RSAMD5", DH: "DH", DSA: "DSA", RSASHA1: "RSASHA1", DSANSEC3SHA1: "DSA-NSEC3-SHA1", RSASHA1NSEC3SHA1: "RSASHA1-NSEC3-SHA1", RSASHA256: "RSASHA256", RSASHA512: "RSASHA512", ECCGOST: "ECC-GOST", ECDSAP256SHA256: "ECDSAP256SHA256", ECDSAP384SHA384: "ECDSAP384SHA384", INDIRECT: "INDIRECT", PRIVATEDNS: "PRIVATEDNS", PRIVATEOID: "PRIVATEOID", }
Map for algorithm names.
var CertTypeToString = map[uint16]string{ CertPKIX: "PKIX", CertSPKI: "SPKI", CertPGP: "PGP", CertIPIX: "IPIX", CertISPKI: "ISPKI", CertIPGP: "IPGP", CertACPKIX: "ACPKIX", CertIACPKIX: "IACPKIX", CertURI: "URI", CertOID: "OID", }
CertTypeToString converts the Cert Type to its string representation. See RFC 4398 and RFC 6944.
var ClassToString = map[uint16]string{
ClassINET: "IN",
ClassCSNET: "CS",
ClassCHAOS: "CH",
ClassHESIOD: "HS",
ClassNONE: "NONE",
ClassANY: "ANY",
}
ClassToString is a maps Classes to strings for each CLASS wire type.
var DefaultServeMux = NewServeMux()
DefaultServeMux is the default ServeMux used by Serve.
var HashToString = map[uint8]string{ SHA1: "SHA1", SHA256: "SHA256", GOST94: "GOST94", SHA384: "SHA384", SHA512: "SHA512", }
Map for hash names.
var Id func() uint16 = id
Id, by default, returns a 16 bits random number to be used as a message id. The random provided should be good enough. This being a variable the function can be reassigned to a custom function. For instance, to make it return a static value:
dns.Id = func() uint16 { return 3 }
var OpcodeToString = map[int]string{
OpcodeQuery: "QUERY",
OpcodeIQuery: "IQUERY",
OpcodeStatus: "STATUS",
OpcodeNotify: "NOTIFY",
OpcodeUpdate: "UPDATE",
}
OpcodeToString maps Opcodes to strings.
var RcodeToString = map[int]string{
RcodeSuccess: "NOERROR",
RcodeFormatError: "FORMERR",
RcodeServerFailure: "SERVFAIL",
RcodeNameError: "NXDOMAIN",
RcodeNotImplemented: "NOTIMPL",
RcodeRefused: "REFUSED",
RcodeYXDomain: "YXDOMAIN",
RcodeYXRrset: "YXRRSET",
RcodeNXRrset: "NXRRSET",
RcodeNotAuth: "NOTAUTH",
RcodeNotZone: "NOTZONE",
RcodeBadSig: "BADSIG",
RcodeBadKey: "BADKEY",
RcodeBadTime: "BADTIME",
RcodeBadMode: "BADMODE",
RcodeBadName: "BADNAME",
RcodeBadAlg: "BADALG",
RcodeBadTrunc: "BADTRUNC",
}
RcodeToString maps Rcodes to strings.
var StringToAlgorithm = reverseInt8(AlgorithmToString)
Map of algorithm strings.
var StringToCertType = reverseInt16(CertTypeToString)
StringToCertType is the reverseof CertTypeToString.
var StringToClass = reverseInt16(ClassToString)
StringToClass is the reverse of ClassToString, needed for string parsing.
var StringToHash = reverseInt8(HashToString)
Map of hash strings.
var StringToOpcode = reverseInt(OpcodeToString)
Map of opcodes strings.
var StringToRcode = reverseInt(RcodeToString)
Map of rcodes strings.
var StringToType = reverseInt16(TypeToString)
StringToType is the reverse of TypeToString, needed for string parsing.
var TypeToRR = map[uint16]func() RR{ TypeA: func() RR { return new(A) }, TypeAAAA: func() RR { return new(AAAA) }, TypeAFSDB: func() RR { return new(AFSDB) }, TypeANY: func() RR { return new(ANY) }, TypeCAA: func() RR { return new(CAA) }, TypeCDNSKEY: func() RR { return new(CDNSKEY) }, TypeCDS: func() RR { return new(CDS) }, TypeCERT: func() RR { return new(CERT) }, TypeCNAME: func() RR { return new(CNAME) }, TypeDHCID: func() RR { return new(DHCID) }, TypeDLV: func() RR { return new(DLV) }, TypeDNAME: func() RR { return new(DNAME) }, TypeDNSKEY: func() RR { return new(DNSKEY) }, TypeDS: func() RR { return new(DS) }, TypeEID: func() RR { return new(EID) }, TypeEUI48: func() RR { return new(EUI48) }, TypeEUI64: func() RR { return new(EUI64) }, TypeGID: func() RR { return new(GID) }, TypeGPOS: func() RR { return new(GPOS) }, TypeHINFO: func() RR { return new(HINFO) }, TypeHIP: func() RR { return new(HIP) }, TypeIPSECKEY: func() RR { return new(IPSECKEY) }, TypeKEY: func() RR { return new(KEY) }, TypeKX: func() RR { return new(KX) }, TypeL32: func() RR { return new(L32) }, TypeL64: func() RR { return new(L64) }, TypeLOC: func() RR { return new(LOC) }, TypeLP: func() RR { return new(LP) }, TypeMB: func() RR { return new(MB) }, TypeMD: func() RR { return new(MD) }, TypeMF: func() RR { return new(MF) }, TypeMG: func() RR { return new(MG) }, TypeMINFO: func() RR { return new(MINFO) }, TypeMR: func() RR { return new(MR) }, TypeMX: func() RR { return new(MX) }, TypeNAPTR: func() RR { return new(NAPTR) }, TypeNID: func() RR { return new(NID) }, TypeNIMLOC: func() RR { return new(NIMLOC) }, TypeNINFO: func() RR { return new(NINFO) }, TypeNS: func() RR { return new(NS) }, TypeNSAPPTR: func() RR { return new(NSAPPTR) }, TypeNSEC: func() RR { return new(NSEC) }, TypeNSEC3: func() RR { return new(NSEC3) }, TypeNSEC3PARAM: func() RR { return new(NSEC3PARAM) }, TypeOPENPGPKEY: func() RR { return new(OPENPGPKEY) }, TypeOPT: func() RR { return new(OPT) }, TypePTR: func() RR { return new(PTR) }, TypePX: func() RR { return new(PX) }, TypeRKEY: func() RR { return new(RKEY) }, TypeRP: func() RR { return new(RP) }, TypeRRSIG: func() RR { return new(RRSIG) }, TypeRT: func() RR { return new(RT) }, TypeSIG: func() RR { return new(SIG) }, TypeSOA: func() RR { return new(SOA) }, TypeSPF: func() RR { return new(SPF) }, TypeSRV: func() RR { return new(SRV) }, TypeSSHFP: func() RR { return new(SSHFP) }, TypeTA: func() RR { return new(TA) }, TypeTALINK: func() RR { return new(TALINK) }, TypeTKEY: func() RR { return new(TKEY) }, TypeTLSA: func() RR { return new(TLSA) }, TypeTSIG: func() RR { return new(TSIG) }, TypeTXT: func() RR { return new(TXT) }, TypeUID: func() RR { return new(UID) }, TypeUINFO: func() RR { return new(UINFO) }, TypeURI: func() RR { return new(URI) }, TypeWKS: func() RR { return new(WKS) }, TypeX25: func() RR { return new(X25) }, }
TypeToRR is a map of constructors for each RR type.
var TypeToString = map[uint16]string{
TypeA: "A",
TypeAAAA: "AAAA",
TypeAFSDB: "AFSDB",
TypeANY: "ANY",
TypeATMA: "ATMA",
TypeAXFR: "AXFR",
TypeCAA: "CAA",
TypeCDNSKEY: "CDNSKEY",
TypeCDS: "CDS",
TypeCERT: "CERT",
TypeCNAME: "CNAME",
TypeDHCID: "DHCID",
TypeDLV: "DLV",
TypeDNAME: "DNAME",
TypeDNSKEY: "DNSKEY",
TypeDS: "DS",
TypeEID: "EID",
TypeEUI48: "EUI48",
TypeEUI64: "EUI64",
TypeGID: "GID",
TypeGPOS: "GPOS",
TypeHINFO: "HINFO",
TypeHIP: "HIP",
TypeIPSECKEY: "IPSECKEY",
TypeISDN: "ISDN",
TypeIXFR: "IXFR",
TypeKEY: "KEY",
TypeKX: "KX",
TypeL32: "L32",
TypeL64: "L64",
TypeLOC: "LOC",
TypeLP: "LP",
TypeMAILA: "MAILA",
TypeMAILB: "MAILB",
TypeMB: "MB",
TypeMD: "MD",
TypeMF: "MF",
TypeMG: "MG",
TypeMINFO: "MINFO",
TypeMR: "MR",
TypeMX: "MX",
TypeNAPTR: "NAPTR",
TypeNID: "NID",
TypeNIMLOC: "NIMLOC",
TypeNINFO: "NINFO",
TypeNS: "NS",
TypeNSEC: "NSEC",
TypeNSEC3: "NSEC3",
TypeNSEC3PARAM: "NSEC3PARAM",
TypeNULL: "NULL",
TypeNXT: "NXT",
TypeNone: "None",
TypeOPENPGPKEY: "OPENPGPKEY",
TypeOPT: "OPT",
TypePTR: "PTR",
TypePX: "PX",
TypeRKEY: "RKEY",
TypeRP: "RP",
TypeRRSIG: "RRSIG",
TypeRT: "RT",
TypeReserved: "Reserved",
TypeSIG: "SIG",
TypeSOA: "SOA",
TypeSPF: "SPF",
TypeSRV: "SRV",
TypeSSHFP: "SSHFP",
TypeTA: "TA",
TypeTALINK: "TALINK",
TypeTKEY: "TKEY",
TypeTLSA: "TLSA",
TypeTSIG: "TSIG",
TypeTXT: "TXT",
TypeUID: "UID",
TypeUINFO: "UINFO",
TypeUNSPEC: "UNSPEC",
TypeURI: "URI",
TypeWKS: "WKS",
TypeX25: "X25",
TypeNSAPPTR: "NSAP-PTR",
}
TypeToString is a map of strings for each RR type.
Functions ¶
func ActivateAndServe ¶
ActivateAndServe activates a server with a listener from systemd, l and p should not both be non-nil. If both l and p are not nil only p will be used. Invoke handler for incoming queries.
func CertificateToDANE ¶
func CertificateToDANE(selector, matchingType uint8, cert *x509.Certificate) (string, error)
CertificateToDANE converts a certificate to a hex string as used in the TLSA record.
func CompareDomainName ¶
CompareDomainName compares the names s1 and s2 and returns how many labels they have in common starting from the *right*. The comparison stops at the first inequality. The names are not downcased before the comparison.
www.miek.nl. and miek.nl. have two labels in common: miek and nl www.miek.nl. and www.bla.nl. have one label in common: nl
s1 and s2 must be syntactically valid domain names.
func CountLabel ¶
CountLabel counts the the number of labels in the string s. s must be a syntactically valid domain name.
func Field ¶
Field returns the rdata field i as a string. Fields are indexed starting from 1. RR types that holds slice data, for instance the NSEC type bitmap will return a single string where the types are concatenated using a space. Accessing non existing fields will cause a panic.
func Fqdn ¶
Fqdn return the fully qualified domain name from s. If s is already fully qualified, it behaves as the identity function.
func Handle ¶
Handle registers the handler with the given pattern in the DefaultServeMux. The documentation for ServeMux explains how patterns are matched.
func HandleFailed ¶
func HandleFailed(w ResponseWriter, r *Msg)
HandleFailed returns a HandlerFunc that returns SERVFAIL for every request it gets.
func HandleFunc ¶
func HandleFunc(pattern string, handler func(ResponseWriter, *Msg))
HandleFunc registers the handler function with the given pattern in the DefaultServeMux.
func HandleRemove ¶
func HandleRemove(pattern string)
HandleRemove deregisters the handle with the given pattern in the DefaultServeMux.
func HashName ¶
HashName hashes a string (label) according to RFC 5155. It returns the hashed string in uppercase.
func IsDomainName ¶
IsDomainName checks if s is a valid domain name, it returns the number of labels and true, when a domain name is valid. Note that non fully qualified domain name is considered valid, in this case the last label is counted in the number of labels. When false is returned the number of labels is not defined. Also note that this function is extremely liberal; almost any string is a valid domain name as the DNS is 8 bit protocol. It checks if each label fits in 63 characters, but there is no length check for the entire string s. I.e. a domain name longer than 255 characters is considered valid.
func IsMsg ¶
IsMsg sanity checks buf and returns an error if it isn't a valid DNS packet. The checking is performed on the binary payload.
func IsRRset ¶
IsRRset checks if a set of RRs is a valid RRset as defined by RFC 2181. This means the RRs need to have the same type, name, and class. Returns true if the RR set is valid, otherwise false.
func IsSubDomain ¶
IsSubDomain checks if child is indeed a child of the parent. Both child and parent are *not* downcased before doing the comparison.
func ListenAndServe ¶
ListenAndServe Starts a server on address and network specified Invoke handler for incoming queries.
func ListenAndServeTLS ¶
ListenAndServeTLS acts like http.ListenAndServeTLS, more information in http://golang.org/pkg/net/http/#ListenAndServeTLS
func NextLabel ¶
NextLabel returns the index of the start of the next label in the string s starting at offset. The bool end is true when the end of the string has been reached. Also see PrevLabel.
func PackDomainName ¶
func PackDomainName(s string, msg []byte, off int, compression map[string]int, compress bool) (off1 int, err error)
PackDomainName packs a domain name s into msg[off:]. If compression is wanted compress must be true and the compression map needs to hold a mapping between domain names and offsets pointing into msg.
func PackRR ¶
func PackRR(rr RR, msg []byte, off int, compression map[string]int, compress bool) (off1 int, err error)
PackRR packs a resource record rr into msg[off:]. See PackDomainName for documentation about the compression.
func PackStruct ¶
PackStruct packs any structure to wire format.
func ParseZone ¶
ParseZone reads a RFC 1035 style zonefile from r. It returns *Tokens on the returned channel, which consist out the parsed RR, a potential comment or an error. If there is an error the RR is nil. The string file is only used in error reporting. The string origin is used as the initial origin, as if the file would start with: $ORIGIN origin . The directives $INCLUDE, $ORIGIN, $TTL and $GENERATE are supported. The channel t is closed by ParseZone when the end of r is reached.
Basic usage pattern when reading from a string (z) containing the zone data:
for x := range dns.ParseZone(strings.NewReader(z), "", "") { if x.Error != nil { // log.Println(x.Error) } else { // Do something with x.RR } }
Comments specified after an RR (and on the same line!) are returned too:
foo. IN A 10.0.0.1 ; this is a comment
The text "; this is comment" is returned in Token.Comment. Comments inside the RR are discarded. Comments on a line by themselves are discarded too.
func PrevLabel ¶
PrevLabel returns the index of the label when starting from the right and jumping n labels to the left. The bool start is true when the start of the string has been overshot. Also see NextLabel.
func PrivateHandle ¶
func PrivateHandle(rtypestr string, rtype uint16, generator func() PrivateRdata)
PrivateHandle registers a private resource record type. It requires string and numeric representation of private RR type and generator function as argument.
func PrivateHandleRemove ¶
func PrivateHandleRemove(rtype uint16)
PrivateHandleRemove removes defenitions required to support private RR type.
func ReverseAddr ¶
ReverseAddr returns the in-addr.arpa. or ip6.arpa. hostname of the IP address suitable for reverse DNS (PTR) record lookups or an error if it fails to parse the IP address.
func Split ¶
Split splits a name s into its label indexes. www.miek.nl. returns []int{0, 4, 9}, www.miek.nl also returns []int{0, 4, 9}. The root name (.) returns nil. Also see SplitDomainName. s must be a syntactically valid domain name.
func SplitDomainName ¶
SplitDomainName splits a name string into it's labels. www.miek.nl. returns []string{"www", "miek", "nl"} .www.miek.nl. returns []string{"", "www", "miek", "nl"}, The root label (.) returns nil. Note that using strings.Split(s) will work in most cases, but does not handle escaped dots (\.) for instance. s must be a syntactically valid domain name, see IsDomainName.
func StringToTime ¶
StringToTime translates the RRSIG's incep. and expir. times from string values like "20110403154150" to an 32 bit integer. It takes serial arithmetic (RFC 1982) into account.
func TLSAName ¶
TLSAName returns the ownername of a TLSA resource record as per the rules specified in RFC 6698, Section 3.
func TimeToString ¶
TimeToString translates the RRSIG's incep. and expir. times to the string representation used when printing the record. It takes serial arithmetic (RFC 1982) into account.
func TsigGenerate ¶
TsigGenerate fills out the TSIG record attached to the message. The message should contain a "stub" TSIG RR with the algorithm, key name (owner name of the RR), time fudge (defaults to 300 seconds) and the current time The TSIG MAC is saved in that Tsig RR. When TsigGenerate is called for the first time requestMAC is set to the empty string and timersOnly is false. If something goes wrong an error is returned, otherwise it is nil.
func TsigVerify ¶
TsigVerify verifies the TSIG on a message. If the signature does not validate err contains the error, otherwise it is nil.
func UnpackDomainName ¶
UnpackDomainName unpacks a domain name into a string.
func UnpackStruct ¶
UnpackStruct unpacks a binary message from offset off to the interface value given.
func WriteToSessionUDP ¶
WriteToSessionUDP acts just like net.UDPConn.WritetTo(), but uses a *SessionUDP instead of a net.Addr.
Types ¶
type ANY ¶
type ANY struct {
Hdr RR_Header
}
ANY is a wildcard record. See RFC 1035, Section 3.2.3. ANY is named "*" there.
type CERT ¶
type CERT struct { Hdr RR_Header Type uint16 KeyTag uint16 Algorithm uint8 Certificate string `dns:"base64"` }
The CERT resource record, see RFC 4398.
type Client ¶
type Client struct { Net string // if "tcp" or "tcp-tls" (DNS over TLS) a TCP query will be initiated, otherwise an UDP one (default is "" for UDP) UDPSize uint16 // minimum receive buffer for UDP messages TLSConfig *tls.Config // TLS connection configuration DialTimeout time.Duration // net.DialTimeout, defaults to 2 seconds ReadTimeout time.Duration // net.Conn.SetReadTimeout value for connections, defaults to 2 seconds WriteTimeout time.Duration // net.Conn.SetWriteTimeout value for connections, defaults to 2 seconds TsigSecret map[string]string // secret(s) for Tsig map[<zonename>]<base64 secret>, zonename must be fully qualified SingleInflight bool // if true suppress multiple outstanding queries for the same Qname, Qtype and Qclass // contains filtered or unexported fields }
A Client defines parameters for a DNS client.
func (*Client) Exchange ¶
Exchange performs an synchronous query. It sends the message m to the address contained in a and waits for an reply. Basic use pattern with a *dns.Client:
c := new(dns.Client) in, rtt, err := c.Exchange(message, "127.0.0.1:53")
Exchange does not retry a failed query, nor will it fall back to TCP in case of truncation.
type ClientConfig ¶
type ClientConfig struct { Servers []string // servers to use Search []string // suffixes to append to local name Port string // what port to use Ndots int // number of dots in name to trigger absolute lookup Timeout int // seconds before giving up on packet Attempts int // lost packets before giving up on server, not used in the package dns }
ClientConfig wraps the contents of the /etc/resolv.conf file.
func ClientConfigFromFile ¶
func ClientConfigFromFile(resolvconf string) (*ClientConfig, error)
ClientConfigFromFile parses a resolv.conf(5) like file and returns a *ClientConfig.
type Conn ¶
type Conn struct { net.Conn // a net.Conn holding the connection UDPSize uint16 // minimum receive buffer for UDP messages TsigSecret map[string]string // secret(s) for Tsig map[<zonename>]<base64 secret>, zonename must be fully qualified // contains filtered or unexported fields }
A Conn represents a connection to a DNS server.
func DialTimeout ¶
DialTimeout acts like Dial but takes a timeout.
func DialTimeoutWithTLS ¶
func DialTimeoutWithTLS(network, address string, tlsConfig *tls.Config, timeout time.Duration) (conn *Conn, err error)
DialTimeoutWithTLS acts like DialWithTLS but takes a timeout.
func DialWithTLS ¶
DialWithTLS connects to the address on the named network with TLS.
func (*Conn) ReadMsg ¶
ReadMsg reads a message from the connection co. If the received message contains a TSIG record the transaction signature is verified.
func (*Conn) ReadMsgHeader ¶
ReadMsgHeader reads a DNS message, parses and populates hdr (when hdr is not nil). Returns message as a byte slice to be parsed with Msg.Unpack later on. Note that error handling on the message body is not possible as only the header is parsed.
type DNSKEY ¶
type DNSKEY struct { Hdr RR_Header Flags uint16 Protocol uint8 Algorithm uint8 PublicKey string `dns:"base64"` }
func (*DNSKEY) Generate ¶
func (k *DNSKEY) Generate(bits int) (crypto.PrivateKey, error)
Generate generates a DNSKEY of the given bit size. The public part is put inside the DNSKEY record. The Algorithm in the key must be set as this will define what kind of DNSKEY will be generated. The ECDSA algorithms imply a fixed keysize, in that case bits should be set to the size of the algorithm.
func (*DNSKEY) NewPrivateKey ¶
func (k *DNSKEY) NewPrivateKey(s string) (crypto.PrivateKey, error)
NewPrivateKey returns a PrivateKey by parsing the string s. s should be in the same form of the BIND private key files.
func (*DNSKEY) PrivateKeyString ¶
func (r *DNSKEY) PrivateKeyString(p crypto.PrivateKey) string
PrivateKeyString converts a PrivateKey to a string. This string has the same format as the private-key-file of BIND9 (Private-key-format: v1.3). It needs some info from the key (the algorithm), so its a method of the DNSKEY It supports rsa.PrivateKey, ecdsa.PrivateKey and dsa.PrivateKey
func (*DNSKEY) ReadPrivateKey ¶
ReadPrivateKey reads a private key from the io.Reader q. The string file is only used in error reporting. The public key must be known, because some cryptographic algorithms embed the public inside the privatekey.
type DS ¶
type DecorateReader ¶
DecorateReader is a decorator hook for extending or supplanting the functionality of a Reader. Implementations should never return a nil Reader.
type DecorateWriter ¶
DecorateWriter is a decorator hook for extending or supplanting the functionality of a Writer. Implementations should never return a nil Writer.
type Denialer ¶
type Denialer interface { // Cover will check if the (unhashed) name is being covered by this NSEC or NSEC3. Cover(name string) bool // Match will check if the ownername matches the (unhashed) name for this NSEC3 or NSEC3. Match(name string) bool }
Denialer is an interface that should be implemented by types that are used to denial answers in DNSSEC.
type EDNS0 ¶
type EDNS0 interface { // Option returns the option code for the option. Option() uint16 // String returns the string representation of the option. String() string // contains filtered or unexported methods }
EDNS0 defines an EDNS0 Option. An OPT RR can have multiple options appended to it.
type EDNS0_EXPIRE ¶
func (*EDNS0_EXPIRE) Option ¶
func (e *EDNS0_EXPIRE) Option() uint16
func (*EDNS0_EXPIRE) String ¶
func (e *EDNS0_EXPIRE) String() string
type EDNS0_LLQ ¶
type EDNS0_LLQ struct { Code uint16 // Always EDNS0LLQ Version uint16 Opcode uint16 Error uint16 Id uint64 LeaseLife uint32 }
EDNS0_LLQ stands for Long Lived Queries: http://tools.ietf.org/html/draft-sekar-dns-llq-01 Implemented for completeness, as the EDNS0 type code is assigned.
type EDNS0_LOCAL ¶
The EDNS0_LOCAL option is used for local/experimental purposes. The option code is recommended to be within the range [EDNS0LOCALSTART, EDNS0LOCALEND] (RFC6891), although any unassigned code can actually be used. The content of the option is made available in Data, unaltered. Basic use pattern for creating a local option:
o := new(dns.OPT) o.Hdr.Name = "." o.Hdr.Rrtype = dns.TypeOPT e := new(dns.EDNS0_LOCAL) e.Code = dns.EDNS0LOCALSTART e.Data = []byte{72, 82, 74} o.Option = append(o.Option, e)
func (*EDNS0_LOCAL) Option ¶
func (e *EDNS0_LOCAL) Option() uint16
func (*EDNS0_LOCAL) String ¶
func (e *EDNS0_LOCAL) String() string
type EDNS0_NSID ¶
type EDNS0_NSID struct { Code uint16 // Always EDNS0NSID Nsid string // This string needs to be hex encoded }
The nsid EDNS0 option is used to retrieve a nameserver identifier. When sending a request Nsid must be set to the empty string The identifier is an opaque string encoded as hex. Basic use pattern for creating an nsid option:
o := new(dns.OPT) o.Hdr.Name = "." o.Hdr.Rrtype = dns.TypeOPT e := new(dns.EDNS0_NSID) e.Code = dns.EDNS0NSID e.Nsid = "AA" o.Option = append(o.Option, e)
func (*EDNS0_NSID) Option ¶
func (e *EDNS0_NSID) Option() uint16
func (*EDNS0_NSID) String ¶
func (e *EDNS0_NSID) String() string
type EDNS0_SUBNET ¶
type EDNS0_SUBNET struct { Code uint16 // Always EDNS0SUBNET Family uint16 // 1 for IP, 2 for IP6 SourceNetmask uint8 SourceScope uint8 Address net.IP DraftOption bool // Set to true if using the old (0x50fa) option code }
EDNS0_SUBNET is the subnet option that is used to give the remote nameserver an idea of where the client lives. It can then give back a different answer depending on the location or network topology. Basic use pattern for creating an subnet option:
o := new(dns.OPT) o.Hdr.Name = "." o.Hdr.Rrtype = dns.TypeOPT e := new(dns.EDNS0_SUBNET) e.Code = dns.EDNS0SUBNET e.Family = 1 // 1 for IPv4 source address, 2 for IPv6 e.NetMask = 32 // 32 for IPV4, 128 for IPv6 e.SourceScope = 0 e.Address = net.ParseIP("127.0.0.1").To4() // for IPv4 // e.Address = net.ParseIP("2001:7b8:32a::2") // for IPV6 o.Option = append(o.Option, e)
Note: the spec (draft-ietf-dnsop-edns-client-subnet-00) has some insane logic for which netmask applies to the address. This code will parse all the available bits when unpacking (up to optlen). When packing it will apply SourceNetmask. If you need more advanced logic, patches welcome and good luck.
func (*EDNS0_SUBNET) Option ¶
func (e *EDNS0_SUBNET) Option() uint16
func (*EDNS0_SUBNET) String ¶
func (e *EDNS0_SUBNET) String() (s string)
type EDNS0_UL ¶
The EDNS0_UL (Update Lease) (draft RFC) option is used to tell the server to set an expiration on an update RR. This is helpful for clients that cannot clean up after themselves. This is a draft RFC and more information can be found at http://files.dns-sd.org/draft-sekar-dns-ul.txt
o := new(dns.OPT) o.Hdr.Name = "." o.Hdr.Rrtype = dns.TypeOPT e := new(dns.EDNS0_UL) e.Code = dns.EDNS0UL e.Lease = 120 // in seconds o.Option = append(o.Option, e)
type Envelope ¶
type Envelope struct { RR []RR // The set of RRs in the answer section of the xfr reply message. Error error // If something went wrong, this contains the error. }
Envelope is used when doing a zone transfer with a remote server.
type Error ¶
type Error struct {
// contains filtered or unexported fields
}
Error represents a DNS error
type HIP ¶
type Handler ¶
type Handler interface {
ServeDNS(w ResponseWriter, r *Msg)
}
Handler is implemented by any value that implements ServeDNS.
type HandlerFunc ¶
type HandlerFunc func(ResponseWriter, *Msg)
The HandlerFunc type is an adapter to allow the use of ordinary functions as DNS handlers. If f is a function with the appropriate signature, HandlerFunc(f) is a Handler object that calls f.
func (HandlerFunc) ServeDNS ¶
func (f HandlerFunc) ServeDNS(w ResponseWriter, r *Msg)
ServeDNS calls f(w, r).
type IPSECKEY ¶
type IPSECKEY struct { Hdr RR_Header Precedence uint8 // GatewayType: 1: A record, 2: AAAA record, 3: domainname. // 0 is use for no type and GatewayName should be "." then. GatewayType uint8 Algorithm uint8 // Gateway can be an A record, AAAA record or a domain name. GatewayA net.IP `dns:"a"` GatewayAAAA net.IP `dns:"aaaa"` GatewayName string `dns:"domain-name"` PublicKey string `dns:"base64"` }
type LOC ¶
type MINFO ¶
type Msg ¶
type Msg struct { MsgHdr Compress bool `json:"-"` // If true, the message will be compressed when converted to wire format. This not part of the official DNS packet format. Question []Question // Holds the RR(s) of the question section. Answer []RR // Holds the RR(s) of the answer section. Ns []RR // Holds the RR(s) of the authority section. Extra []RR // Holds the RR(s) of the additional section. }
Msg contains the layout of a DNS message.
func Exchange ¶
Exchange performs a synchronous UDP query. It sends the message m to the address contained in a and waits for an reply. Exchange does not retry a failed query, nor will it fall back to TCP in case of truncation. If you need to send a DNS message on an already existing connection, you can use the following:
co := &dns.Conn{Conn: c} // c is your net.Conn co.WriteMsg(m) in, err := co.ReadMsg() co.Close()
func ExchangeConn ¶
ExchangeConn performs a synchronous query. It sends the message m via the connection c and waits for a reply. The connection c is not closed by ExchangeConn. This function is going away, but can easily be mimicked:
co := &dns.Conn{Conn: c} // c is your net.Conn co.WriteMsg(m) in, _ := co.ReadMsg() co.Close()
func (*Msg) CopyTo ¶
CopyTo copies the contents to the provided message using a deep-copy and returns the copy.
func (*Msg) Insert ¶
Insert creates a dynamic update packet that adds an complete RRset, see RFC 2136 section 2.5.1.
func (*Msg) IsEdns0 ¶
IsEdns0 checks if the message has a EDNS0 (OPT) record, any EDNS0 record in the additional section will do. It returns the OPT record found or nil.
func (*Msg) IsTsig ¶
IsTsig checks if the message has a TSIG record as the last record in the additional section. It returns the TSIG record found or nil.
func (*Msg) Len ¶
Len returns the message length when in (un)compressed wire format. If dns.Compress is true compression it is taken into account. Len() is provided to be a faster way to get the size of the resulting packet, than packing it, measuring the size and discarding the buffer.
func (*Msg) NameNotUsed ¶
NameNotUsed sets the RRs in the prereq section to "Name is in not use" RRs. RFC 2136 section 2.4.5.
func (*Msg) NameUsed ¶
NameUsed sets the RRs in the prereq section to "Name is in use" RRs. RFC 2136 section 2.4.4.
func (*Msg) Pack ¶
Pack packs a Msg: it is converted to to wire format. If the dns.Compress is true the message will be in compressed wire format.
func (*Msg) PackBuffer ¶
PackBuffer packs a Msg, using the given buffer buf. If buf is too small a new buffer is allocated.
func (*Msg) RRsetNotUsed ¶
RRsetNotUsed sets the RRs in the prereq section to "RRset does not exist" RRs. RFC 2136 section 2.4.3.
func (*Msg) RRsetUsed ¶
RRsetUsed sets the RRs in the prereq section to "RRset exists (value independent -- no rdata)" RRs. RFC 2136 section 2.4.1.
func (*Msg) Remove ¶
Remove creates a dynamic update packet deletes RR from a RRSset, see RFC 2136 section 2.5.4
func (*Msg) RemoveName ¶
RemoveName creates a dynamic update packet that deletes all RRsets of a name, see RFC 2136 section 2.5.3
func (*Msg) RemoveRRset ¶
RemoveRRset creates a dynamic update packet that deletes an RRset, see RFC 2136 section 2.5.2.
func (*Msg) SetEdns0 ¶
SetEdns0 appends a EDNS0 OPT RR to the message. TSIG should always the last RR in a message.
func (*Msg) SetNotify ¶
SetNotify creates a notify message, it sets the Question section, generates an Id and sets the Authoritative (AA) bit to true.
func (*Msg) SetQuestion ¶
SetQuestion creates a question message, it sets the Question section, generates an Id and sets the RecursionDesired (RD) bit to true.
func (*Msg) SetRcodeFormatError ¶
SetRcodeFormatError creates a message with FormError set.
func (*Msg) SetTsig ¶
SetTsig appends a TSIG RR to the message. This is only a skeleton TSIG RR that is added as the last RR in the additional section. The Tsig is calculated when the message is being send.
func (*Msg) SetUpdate ¶
SetUpdate makes the message a dynamic update message. It sets the ZONE section to: z, TypeSOA, ClassINET.
func (*Msg) Used ¶
Used sets the RRs in the prereq section to "RRset exists (value dependent -- with rdata)" RRs. RFC 2136 section 2.4.2.
type MsgHdr ¶
type MsgHdr struct { Id uint16 Response bool Opcode int Authoritative bool Truncated bool RecursionDesired bool RecursionAvailable bool Zero bool AuthenticatedData bool CheckingDisabled bool Rcode int }
MsgHdr is a a manually-unpacked version of (id, bits).
type NAPTR ¶
type NSEC ¶
type NSEC struct { Hdr RR_Header NextDomain string `dns:"domain-name"` TypeBitMap []uint16 `dns:"nsec"` }
type NSEC3 ¶
type NSEC3 struct { Hdr RR_Header Hash uint8 Flags uint8 Iterations uint16 SaltLength uint8 Salt string `dns:"size-hex"` HashLength uint8 NextDomain string `dns:"size-base32"` TypeBitMap []uint16 `dns:"nsec"` }
type NSEC3PARAM ¶
type NSEC3PARAM struct { Hdr RR_Header Hash uint8 Flags uint8 Iterations uint16 SaltLength uint8 Salt string `dns:"hex"` }
func (*NSEC3PARAM) Header ¶
func (rr *NSEC3PARAM) Header() *RR_Header
func (*NSEC3PARAM) String ¶
func (rr *NSEC3PARAM) String() string
type OPENPGPKEY ¶
func (*OPENPGPKEY) Header ¶
func (rr *OPENPGPKEY) Header() *RR_Header
func (*OPENPGPKEY) String ¶
func (rr *OPENPGPKEY) String() string
type OPT ¶
OPT is the EDNS0 RR appended to messages to convey extra (meta) information. See RFC 6891.
func (*OPT) ExtendedRcode ¶
ExtendedRcode returns the EDNS extended RCODE field (the upper 8 bits of the TTL).
func (*OPT) SetExtendedRcode ¶
SetExtendedRcode sets the EDNS extended RCODE field.
func (*OPT) SetUDPSize ¶
SetUDPSize sets the UDP buffer size.
func (*OPT) SetVersion ¶
SetVersion sets the version of EDNS. This is usually zero.
type PX ¶
type ParseError ¶
type ParseError struct {
// contains filtered or unexported fields
}
ParseError is a parsing error. It contains the parse error and the location in the io.Reader where the error occurred.
func (*ParseError) Error ¶
func (e *ParseError) Error() (s string)
type PrivateRR ¶
type PrivateRR struct { Hdr RR_Header Data PrivateRdata }
PrivateRR represents an RR that uses a PrivateRdata user-defined type. It mocks normal RRs and implements dns.RR interface.
type PrivateRdata ¶
type PrivateRdata interface { // String returns the text presentaton of the Rdata of the Private RR. String() string // Parse parses the Rdata of the private RR. Parse([]string) error // Pack is used when packing a private RR into a buffer. Pack([]byte) (int, error) // Unpack is used when unpacking a private RR from a buffer. // TODO(miek): diff. signature than Pack, see edns0.go for instance. Unpack([]byte) (int, error) // Copy copies the Rdata. Copy(PrivateRdata) error // Len returns the length in octets of the Rdata. Len() int }
PrivateRdata is an interface used for implementing "Private Use" RR types, see RFC 6895. This allows one to experiment with new RR types, without requesting an official type code. Also see dns.PrivateHandle and dns.PrivateHandleRemove.
type Question ¶
type Question struct { Name string `dns:"cdomain-name"` // "cdomain-name" specifies encoding (and may be compressed) Qtype uint16 Qclass uint16 }
Question holds a DNS question. There can be multiple questions in the question section of a message. Usually there is just one.
type RKEY ¶
type RR ¶
type RR interface { // Header returns the header of an resource record. The header contains // everything up to the rdata. Header() *RR_Header // String returns the text representation of the resource record. String() string // contains filtered or unexported methods }
An RR represents a resource record.
func Dedup ¶
Dedup removes identical RRs from rrs. It preserves the original ordering. The lowest TTL of any duplicates is used in the remaining one. Dedup modifies rrs. m is used to store the RRs temporay. If it is nil a new map will be allocated.
func NewRR ¶
NewRR reads the RR contained in the string s. Only the first RR is returned. If s contains no RR, return nil with no error. The class defaults to IN and TTL defaults to 3600. The full zone file syntax like $TTL, $ORIGIN, etc. is supported. All fields of the returned RR are set, except RR.Header().Rdlength which is set to 0.
type RRSIG ¶
type RRSIG struct { Hdr RR_Header TypeCovered uint16 Algorithm uint8 Labels uint8 OrigTtl uint32 Expiration uint32 Inception uint32 KeyTag uint16 SignerName string `dns:"domain-name"` Signature string `dns:"base64"` }
func (*RRSIG) Sign ¶
Sign signs an RRSet. The signature needs to be filled in with the values: Inception, Expiration, KeyTag, SignerName and Algorithm. The rest is copied from the RRset. Sign returns a non-nill error when the signing went OK. There is no check if RRSet is a proper (RFC 2181) RRSet. If OrigTTL is non zero, it is used as-is, otherwise the TTL of the RRset is used as the OrigTTL.
func (*RRSIG) ValidityPeriod ¶
ValidityPeriod uses RFC1982 serial arithmetic to calculate if a signature period is valid. If t is the zero time, the current time is taken other t is. Returns true if the signature is valid at the given time, otherwise returns false.
type RR_Header ¶
type RR_Header struct { Name string `dns:"cdomain-name"` Rrtype uint16 Class uint16 Ttl uint32 Rdlength uint16 // length of data after header }
RR_Header is the header all DNS resource records share.
type Reader ¶
type Reader interface { // ReadTCP reads a raw message from a TCP connection. Implementations may alter // connection properties, for example the read-deadline. ReadTCP(conn net.Conn, timeout time.Duration) ([]byte, error) // ReadUDP reads a raw message from a UDP connection. Implementations may alter // connection properties, for example the read-deadline. ReadUDP(conn *net.UDPConn, timeout time.Duration) ([]byte, *SessionUDP, error) }
Reader reads raw DNS messages; each call to ReadTCP or ReadUDP should return an entire message.
type ResponseWriter ¶
type ResponseWriter interface { // LocalAddr returns the net.Addr of the server LocalAddr() net.Addr // RemoteAddr returns the net.Addr of the client that sent the current request. RemoteAddr() net.Addr // WriteMsg writes a reply back to the client. WriteMsg(*Msg) error // Write writes a raw buffer back to the client. Write([]byte) (int, error) // Close closes the connection. Close() error // TsigStatus returns the status of the Tsig. TsigStatus() error // TsigTimersOnly sets the tsig timers only boolean. TsigTimersOnly(bool) // Hijack lets the caller take over the connection. // After a call to Hijack(), the DNS package will not do anything with the connection. Hijack() }
A ResponseWriter interface is used by an DNS handler to construct an DNS response.
type SIG ¶
type SIG struct {
RRSIG
}
SIG is identical to RRSIG and nowadays only used for SIG(0), RFC2931.
type SOA ¶
type SRV ¶
type ServeMux ¶
type ServeMux struct {
// contains filtered or unexported fields
}
ServeMux is an DNS request multiplexer. It matches the zone name of each incoming request against a list of registered patterns add calls the handler for the pattern that most closely matches the zone name. ServeMux is DNSSEC aware, meaning that queries for the DS record are redirected to the parent zone (if that is also registered), otherwise the child gets the query. ServeMux is also safe for concurrent access from multiple goroutines.
func (*ServeMux) HandleFunc ¶
func (mux *ServeMux) HandleFunc(pattern string, handler func(ResponseWriter, *Msg))
HandleFunc adds a handler function to the ServeMux for pattern.
func (*ServeMux) HandleRemove ¶
HandleRemove deregistrars the handler specific for pattern from the ServeMux.
func (*ServeMux) ServeDNS ¶
func (mux *ServeMux) ServeDNS(w ResponseWriter, request *Msg)
ServeDNS dispatches the request to the handler whose pattern most closely matches the request message. If DefaultServeMux is used the correct thing for DS queries is done: a possible parent is sought. If no handler is found a standard SERVFAIL message is returned If the request message does not have exactly one question in the question section a SERVFAIL is returned, unlesss Unsafe is true.
type Server ¶
type Server struct { // Address to listen on, ":dns" if empty. Addr string // if "tcp" or "tcp-tls" (DNS over TLS) it will invoke a TCP listener, otherwise an UDP one Net string // TCP Listener to use, this is to aid in systemd's socket activation. Listener net.Listener // TLS connection configuration TLSConfig *tls.Config // UDP "Listener" to use, this is to aid in systemd's socket activation. PacketConn net.PacketConn // Handler to invoke, dns.DefaultServeMux if nil. Handler Handler // Default buffer size to use to read incoming UDP messages. If not set // it defaults to MinMsgSize (512 B). UDPSize int // The net.Conn.SetReadTimeout value for new connections, defaults to 2 * time.Second. ReadTimeout time.Duration // The net.Conn.SetWriteTimeout value for new connections, defaults to 2 * time.Second. WriteTimeout time.Duration // TCP idle timeout for multiple queries, if nil, defaults to 8 * time.Second (RFC 5966). IdleTimeout func() time.Duration // Secret(s) for Tsig map[<zonename>]<base64 secret>. TsigSecret map[string]string // Unsafe instructs the server to disregard any sanity checks and directly hand the message to // the handler. It will specifically not check if the query has the QR bit not set. Unsafe bool // If NotifyStartedFunc is set it is called once the server has started listening. NotifyStartedFunc func() // DecorateReader is optional, allows customization of the process that reads raw DNS messages. DecorateReader DecorateReader // DecorateWriter is optional, allows customization of the process that writes raw DNS messages. DecorateWriter DecorateWriter // contains filtered or unexported fields }
A Server defines parameters for running an DNS server.
func (*Server) ActivateAndServe ¶
ActivateAndServe starts a nameserver with the PacketConn or Listener configured in *Server. Its main use is to start a server from systemd.
func (*Server) ListenAndServe ¶
ListenAndServe starts a nameserver on the configured address in *Server.
type SessionUDP ¶
type SessionUDP struct {
// contains filtered or unexported fields
}
SessionUDP holds the remote address and the associated out-of-band data.
func ReadFromSessionUDP ¶
ReadFromSessionUDP acts just like net.UDPConn.ReadFrom(), but returns a session object instead of a net.UDPAddr.
func (*SessionUDP) RemoteAddr ¶
func (s *SessionUDP) RemoteAddr() net.Addr
RemoteAddr returns the remote network address.
type TA ¶
type TALINK ¶
type TKEY ¶
type TLSA ¶
type TLSA struct { Hdr RR_Header Usage uint8 Selector uint8 MatchingType uint8 Certificate string `dns:"hex"` }
type TSIG ¶
type TSIG struct { Hdr RR_Header Algorithm string `dns:"domain-name"` TimeSigned uint64 `dns:"uint48"` Fudge uint16 MACSize uint16 MAC string `dns:"size-hex"` OrigId uint16 Error uint16 OtherLen uint16 OtherData string `dns:"size-hex"` }
TSIG is the RR the holds the transaction signature of a message. See RFC 2845 and RFC 4635.
type Token ¶
type Token struct { // The scanned resource record when error is not nil. RR // When an error occurred, this has the error specifics. Error *ParseError // A potential comment positioned after the RR and on the same line. Comment string }
Token holds the token that are returned when a zone file is parsed.
type Transfer ¶
type Transfer struct { *Conn DialTimeout time.Duration // net.DialTimeout, defaults to 2 seconds ReadTimeout time.Duration // net.Conn.SetReadTimeout value for connections, defaults to 2 seconds WriteTimeout time.Duration // net.Conn.SetWriteTimeout value for connections, defaults to 2 seconds TsigSecret map[string]string // Secret(s) for Tsig map[<zonename>]<base64 secret>, zonename must be fully qualified // contains filtered or unexported fields }
A Transfer defines parameters that are used during a zone transfer.
func (*Transfer) In ¶
In performs an incoming transfer with the server in a. If you would like to set the source IP, or some other attribute of a Dialer for a Transfer, you can do so by specifying the attributes in the Transfer.Conn:
d := net.Dialer{LocalAddr: transfer_source} con, err := d.Dial("tcp", master) dnscon := &dns.Conn{Conn:con} transfer = &dns.Transfer{Conn: dnscon} channel, err := transfer.In(message, master)
func (*Transfer) Out ¶
func (t *Transfer) Out(w ResponseWriter, q *Msg, ch chan *Envelope) error
Out performs an outgoing transfer with the client connecting in w. Basic use pattern:
ch := make(chan *dns.Envelope) tr := new(dns.Transfer) tr.Out(w, r, ch) c <- &dns.Envelope{RR: []dns.RR{soa, rr1, rr2, rr3, soa}} close(ch) w.Hijack() // w.Close() // Client closes connection
The server is responsible for sending the correct sequence of RRs through the channel ch.
type WKS ¶
Source Files ¶
- client.go
- clientconfig.go
- defaults.go
- dns.go
- dnssec.go
- dnssec_keygen.go
- dnssec_keyscan.go
- dnssec_privkey.go
- doc.go
- edns.go
- format.go
- labels.go
- msg.go
- nsecx.go
- privaterr.go
- rawmsg.go
- sanitize.go
- scanner.go
- server.go
- sig0.go
- singleinflight.go
- tlsa.go
- tsig.go
- types.go
- udp.go
- udp_linux.go
- update.go
- xfr.go
- zgenerate.go
- zscan.go
- zscan_rr.go
- ztypes.go