resolver

package
v1.6.6 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 7, 2026 License: MIT Imports: 27 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	DNSKEYFlagKSK    = 0x0001
	DNSKEYFlagRevoke = 0x0080
)

Variables

View Source 
var ErrQuestion = errors.New("dns: response question did not match request")

ErrQuestion is returned by Conn.Exchange when the response's question section does not match the outstanding request. Accepting a mismatched question lets a malicious upstream plant a cache entry under an unrelated name (issue #469).

Functions

func AcquireBuf added in v1.0.0 

func AcquireBuf(size uint16) []byte

AcquireBuf returns a buffer from the appropriate pool.

func AcquireMsg added in v1.0.0 

func AcquireMsg() *dns.Msg

AcquireMsg returns an empty msg from pool.

func NewNetworkError added in v1.5.1 

func NewNetworkError(err error) *util.EDEError

NewNetworkError creates a network error with EDE information.

func NewNoReachableAuthorityError added in v1.5.1 

func NewNoReachableAuthorityError(message string) *util.EDEError

NewNoReachableAuthorityError creates an error for unreachable servers.

func NoReachableAuthAtZone added in v1.5.1 

func NoReachableAuthAtZone(zone string) *util.EDEError

NoReachableAuthAtZone creates an error with zone context.

func ReleaseBuf added in v1.0.0 

func ReleaseBuf(buf []byte)

ReleaseBuf returns buf to the appropriate pool.

func ReleaseConn added in v1.0.0 

func ReleaseConn(co *Conn)

ReleaseConn returns req to pool.

func ReleaseMsg added in v1.0.0 

func ReleaseMsg(req *dns.Msg)

ReleaseMsg returns req to pool.

func SetEDNSKeepalive added in v1.5.0 

func SetEDNSKeepalive(msg *dns.Msg, timeout uint16)

SetEDNSKeepalive adds EDNS-Keepalive option to a message.

Types

type Conn added in v1.0.0 

type Conn struct {
	net.Conn        // a net.Conn holding the connection
	UDPSize  uint16 // minimum receive buffer for UDP messages
}

Conn A Conn represents a connection to a DNS server.

func AcquireConn added in v1.0.0 

func AcquireConn() *Conn

AcquireConn returns an empty conn from pool.

func (*Conn) Exchange added in v1.0.0 

func (co *Conn) Exchange(m *dns.Msg) (r *dns.Msg, rtt time.Duration, err error)

(*Conn).Exchange exchange performs a synchronous query.

func (*Conn) Read added in v1.0.0 

func (co *Conn) Read(p []byte) (n int, err error)

(*Conn).Read read implements the net.Conn read method.

func (*Conn) ReadMsg added in v1.0.0 

func (co *Conn) ReadMsg() (*dns.Msg, error)

(*Conn).ReadMsg readMsg reads a message from the connection co. If the received message contains a TSIG record the transaction signature is verified. This method always tries to return the message, however if an error is returned there are no guarantees that the returned message is a valid representation of the packet read.

func (*Conn) Write added in v1.0.0 

func (co *Conn) Write(p []byte) (int, error)

(*Conn).Write write implements the net.Conn Write method.

func (*Conn) WriteMsg added in v1.0.0 

func (co *Conn) WriteMsg(m *dns.Msg) (err error)

(*Conn).WriteMsg writeMsg sends a message through the connection co. If the message m contains a TSIG record the transaction signature is calculated.

type DNSHandler 

type DNSHandler struct {
	// contains filtered or unexported fields
}

DNSHandler type.

func New 

func New(cfg *config.Config) *DNSHandler

New returns a new Handler.

func (*DNSHandler) Name 

func (h *DNSHandler) Name() string

(*DNSHandler).Name name return middleware name.

func (*DNSHandler) Purge added in v1.6.4 

func (h *DNSHandler) Purge(q dns.Question)

(*DNSHandler).Purge removes the nameserver cache entry for q under both CD=true and CD=false. Only TypeNS is acted on — purging A/AAAA or other record types is the cache middleware's concern, not the resolver's NS cache. Implements middleware.Purger so the api purge endpoint reaches both stores.

func (*DNSHandler) ServeDNS 

func (h *DNSHandler) ServeDNS(ctx context.Context, ch *middleware.Chain)

(*DNSHandler).ServeDNS serveDNS implements the Handle interface.

func (*DNSHandler) SetQueryer added in v1.6.4 

func (h *DNSHandler) SetQueryer(q middleware.Queryer)

(*DNSHandler).SetQueryer installs the sub-pipeline runner used for policy-aware internal lookups (NS A/AAAA, DNAME target). Auto-wired during middleware.Setup via middleware.QueryerSetter.

func (*DNSHandler) SetStore added in v1.6.4 

func (h *DNSHandler) SetStore(s middleware.Store)

(*DNSHandler).SetStore installs the cache store used by subQuery for internal DNSSEC record lookups. Auto-wired during middleware.Setup via middleware.StoreSetter.

func (*DNSHandler) Stop added in v1.5.0 

func (h *DNSHandler) Stop()

(*DNSHandler).Stop stop gracefully shuts down the resolver.

type Resolver 

type Resolver struct {
	sync.RWMutex
	// contains filtered or unexported fields
}

Resolver type.

func NewResolver 

func NewResolver(cfg *config.Config) *Resolver

NewResolver return a resolver.

func (*Resolver) AutoTA added in v1.3.3 

func (r *Resolver) AutoTA()

func (*Resolver) Resolve 

func (r *Resolver) Resolve(ctx context.Context, req *dns.Msg, servers *authority.Servers, root bool, depth int, level int, nomin bool, parentDS []dns.RR, extra ...bool) (*dns.Msg, error)

(*Resolver).Resolve resolve starts a DNS resolution - public interface with old signature for compatibility.

type SingleflightWrapper added in v1.5.1 

type SingleflightWrapper struct {
	// contains filtered or unexported fields
}

SingleflightWrapper wraps singleflight.Group with timeout tracking.

func NewSingleflightWrapper added in v1.5.1 

func NewSingleflightWrapper() *SingleflightWrapper

NewSingleflightWrapper creates a new wrapper with periodic cleanup.

func (*SingleflightWrapper) DoChan added in v1.5.1 

func (w *SingleflightWrapper) DoChan(key string, fn func() (any, error)) <-chan singleflight.Result

(*SingleflightWrapper).DoChan doChan wraps singleflight.DoChan with timeout tracking.

func (*SingleflightWrapper) Forget added in v1.5.1 

func (w *SingleflightWrapper) Forget(key string)

(*SingleflightWrapper).Forget forget wraps singleflight.Forget and cleans up tracking.

func (*SingleflightWrapper) TimedDoChan added in v1.5.1 

func (w *SingleflightWrapper) TimedDoChan(ctx context.Context, key string, fn func() (any, error)) (val any, shared bool, err error)

(*SingleflightWrapper).TimedDoChan timedDoChan executes a function with built-in timeout handling. The shared return reflects singleflight.Result.Shared — true when the caller received a value that was computed by another goroutine and may therefore be concurrently observed. Callers that mutate or rewrite the value (e.g. set a new message ID) should defensive-copy only when shared is true; uncontended callers can return the value directly.

type State added in v1.3.3 

type State int

State represents the state of a trust anchor in RFC 5011 lifecycle. 

const (
	StateStart State = iota
	StateAddPend
	StateValid
	StateMissing
	StateRevoked
	StateRemoved
)

func (State) String added in v1.3.3 

func (s State) String() string

type TCPConnPool added in v1.5.0 

type TCPConnPool struct {
	// contains filtered or unexported fields
}

TCPConnPool manages persistent TCP connections to DNS servers.

func NewTCPConnPool added in v1.5.0 

func NewTCPConnPool(rootTimeout, tldTimeout time.Duration, maxConns int) *TCPConnPool

NewTCPConnPool creates a new TCP connection pool.

func (*TCPConnPool) Close added in v1.5.0 

func (p *TCPConnPool) Close()

(*TCPConnPool).Close close closes all connections in the pool.

func (*TCPConnPool) Get added in v1.5.0 

func (p *TCPConnPool) Get(server string, isRoot, isTLD bool) *dns.Conn

(*TCPConnPool).Get get retrieves a connection for the given server.

func (*TCPConnPool) Put added in v1.5.0 

func (p *TCPConnPool) Put(conn *dns.Conn, server string, isRoot, isTLD bool, msg *dns.Msg)

(*TCPConnPool).Put put returns a connection to the pool.

func (*TCPConnPool) Stats added in v1.5.0 

func (p *TCPConnPool) Stats() (hits, misses int64, active int)

(*TCPConnPool).Stats stats returns pool statistics.

type Tombstone added in v1.6.4 

type Tombstone struct {
	DNSKey    *dns.DNSKEY
	FirstSeen time.Time
}

Tombstone records a DNSKEY whose revocation we have observed. Per RFC 5011 §2.1 revocation is "immediate and permanent", so these entries live forever.

type Tombstones added in v1.6.4 

type Tombstones map[string]*Tombstone

Tombstones are keyed by DNSKEY material fingerprint — never by key tag. Tag-keyed storage would let a future KSK with a colliding 16-bit tag suppress itself against an unrelated tombstone.

type TrustAnchor added in v1.3.3 

type TrustAnchor struct {
	DNSKey    *dns.DNSKEY
	State     State
	FirstSeen time.Time
}

TrustAnchor holds a DNSSEC trust anchor with its state and metadata.

type TrustAnchors added in v1.3.3 

type TrustAnchors map[uint16]*TrustAnchor

TrustAnchors maps key tags to their trust anchor data.

Source Files

View all Source files

Directories

Path Synopsis
Package dnssec implements pure DNSSEC verification primitives: RRSIG/DS validation, NSEC and NSEC3 denial-of-existence proofs, and the EDE-coded sentinel errors they return.
 Package dnssec implements pure DNSSEC verification primitives: RRSIG/DS validation, NSEC and NSEC3 denial-of-existence proofs, and the EDE-coded sentinel errors they return.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.