package dns
Import Path
github.com/miekg/dns (on go.dev)
Dependency Relation
imports 40 packages, and imported by one package
Involved Source Files
acceptfunc.go
client.go
clientconfig.go
dane.go
defaults.go
dns.go
dnssec.go
dnssec_keygen.go
dnssec_keyscan.go
dnssec_privkey.go
Package dns implements a full featured interface to the Domain Name System.
Both server- and client-side programming is supported. The package allows
complete control over what is sent out to the DNS. The API follows the
less-is-more principle, by presenting a small, clean interface.
It supports (asynchronous) querying/replying, incoming/outgoing zone transfers,
TSIG, EDNS0, dynamic updates, notifies and DNSSEC validation/signing.
Note that domain names MUST be fully qualified before sending them, unqualified
names in a message will result in a packing failure.
Resource records are native types. They are not stored in wire format. Basic
usage pattern for creating a new resource record:
r := new(dns.MX)
r.Hdr = dns.RR_Header{Name: "miek.nl.", Rrtype: dns.TypeMX, Class: dns.ClassINET, Ttl: 3600}
r.Preference = 10
r.Mx = "mx.miek.nl."
Or directly from a string:
mx, err := dns.NewRR("miek.nl. 3600 IN MX 10 mx.miek.nl.")
Or when the default origin (.) and TTL (3600) and class (IN) suit you:
mx, err := dns.NewRR("miek.nl MX 10 mx.miek.nl")
Or even:
mx, err := dns.NewRR("$ORIGIN nl.\nmiek 1H IN MX 10 mx.miek")
In the DNS messages are exchanged, these messages contain resource records
(sets). Use pattern for creating a message:
m := new(dns.Msg)
m.SetQuestion("miek.nl.", dns.TypeMX)
Or when not certain if the domain name is fully qualified:
m.SetQuestion(dns.Fqdn("miek.nl"), dns.TypeMX)
The message m is now a message with the question section set to ask the MX
records for the miek.nl. zone.
The following is slightly more verbose, but more flexible:
m1 := new(dns.Msg)
m1.Id = dns.Id()
m1.RecursionDesired = true
m1.Question = make([]dns.Question, 1)
m1.Question[0] = dns.Question{"miek.nl.", dns.TypeMX, dns.ClassINET}
After creating a message it can be sent. Basic use pattern for synchronous
querying the DNS at a server configured on 127.0.0.1 and port 53:
c := new(dns.Client)
in, rtt, err := c.Exchange(m1, "127.0.0.1:53")
Suppressing multiple outstanding queries (with the same question, type and
class) is as easy as setting:
c.SingleInflight = true
More advanced options are available using a net.Dialer and the corresponding API.
For example it is possible to set a timeout, or to specify a source IP address
and port to use for the connection:
c := new(dns.Client)
laddr := net.UDPAddr{
IP: net.ParseIP("[::1]"),
Port: 12345,
Zone: "",
}
c.Dialer = &net.Dialer{
Timeout: 200 * time.Millisecond,
LocalAddr: &laddr,
}
in, rtt, err := c.Exchange(m1, "8.8.8.8:53")
If these "advanced" features are not needed, a simple UDP query can be sent,
with:
in, err := dns.Exchange(m1, "127.0.0.1:53")
When this functions returns you will get DNS message. A DNS message consists
out of four sections.
The question section: in.Question, the answer section: in.Answer,
the authority section: in.Ns and the additional section: in.Extra.
Each of these sections (except the Question section) contain a []RR. Basic
use pattern for accessing the rdata of a TXT RR as the first RR in
the Answer section:
if t, ok := in.Answer[0].(*dns.TXT); ok {
// do something with t.Txt
}
# Domain Name and TXT Character String Representations
Both domain names and TXT character strings are converted to presentation form
both when unpacked and when converted to strings.
For TXT character strings, tabs, carriage returns and line feeds will be
converted to \t, \r and \n respectively. Back slashes and quotations marks will
be escaped. Bytes below 32 and above 127 will be converted to \DDD form.
For domain names, in addition to the above rules brackets, periods, spaces,
semicolons and the at symbol are escaped.
# DNSSEC
DNSSEC (DNS Security Extension) adds a layer of security to the DNS. It uses
public key cryptography to sign resource records. The public keys are stored in
DNSKEY records and the signatures in RRSIG records.
Requesting DNSSEC information for a zone is done by adding the DO (DNSSEC OK)
bit to a request.
m := new(dns.Msg)
m.SetEdns0(4096, true)
Signature generation, signature verification and key generation are all supported.
# DYNAMIC UPDATES
Dynamic updates reuses the DNS message format, but renames three of the
sections. Question is Zone, Answer is Prerequisite, Authority is Update, only
the Additional is not renamed. See RFC 2136 for the gory details.
You can set a rather complex set of rules for the existence of absence of
certain resource records or names in a zone to specify if resource records
should be added or removed. The table from RFC 2136 supplemented with the Go
DNS function shows which functions exist to specify the prerequisites.
3.2.4 - Table Of Metavalues Used In Prerequisite Section
CLASS TYPE RDATA Meaning Function
--------------------------------------------------------------
ANY ANY empty Name is in use dns.NameUsed
ANY rrset empty RRset exists (value indep) dns.RRsetUsed
NONE ANY empty Name is not in use dns.NameNotUsed
NONE rrset empty RRset does not exist dns.RRsetNotUsed
zone rrset rr RRset exists (value dep) dns.Used
The prerequisite section can also be left empty. If you have decided on the
prerequisites you can tell what RRs should be added or deleted. The next table
shows the options you have and what functions to call.
3.4.2.6 - Table Of Metavalues Used In Update Section
CLASS TYPE RDATA Meaning Function
---------------------------------------------------------------
ANY ANY empty Delete all RRsets from name dns.RemoveName
ANY rrset empty Delete an RRset dns.RemoveRRset
NONE rrset rr Delete an RR from RRset dns.Remove
zone rrset rr Add to an RRset dns.Insert
# TRANSACTION SIGNATURE
An TSIG or transaction signature adds a HMAC TSIG record to each message sent.
The supported algorithms include: HmacSHA1, HmacSHA256 and HmacSHA512.
Basic use pattern when querying with a TSIG name "axfr." (note that these key names
must be fully qualified - as they are domain names) and the base64 secret
"so6ZGir4GPAqINNh9U5c3A==":
If an incoming message contains a TSIG record it MUST be the last record in
the additional section (RFC2845 3.2). This means that you should make the
call to SetTsig last, right before executing the query. If you make any
changes to the RRset after calling SetTsig() the signature will be incorrect.
c := new(dns.Client)
c.TsigSecret = map[string]string{"axfr.": "so6ZGir4GPAqINNh9U5c3A=="}
m := new(dns.Msg)
m.SetQuestion("miek.nl.", dns.TypeMX)
m.SetTsig("axfr.", dns.HmacSHA256, 300, time.Now().Unix())
...
// When sending the TSIG RR is calculated and filled in before sending
When requesting an zone transfer (almost all TSIG usage is when requesting zone
transfers), with TSIG, this is the basic use pattern. In this example we
request an AXFR for miek.nl. with TSIG key named "axfr." and secret
"so6ZGir4GPAqINNh9U5c3A==" and using the server 176.58.119.54:
t := new(dns.Transfer)
m := new(dns.Msg)
t.TsigSecret = map[string]string{"axfr.": "so6ZGir4GPAqINNh9U5c3A=="}
m.SetAxfr("miek.nl.")
m.SetTsig("axfr.", dns.HmacSHA256, 300, time.Now().Unix())
c, err := t.In(m, "176.58.119.54:53")
for r := range c { ... }
You can now read the records from the transfer as they come in. Each envelope
is checked with TSIG. If something is not correct an error is returned.
A custom TSIG implementation can be used. This requires additional code to
perform any session establishment and signature generation/verification. The
client must be configured with an implementation of the TsigProvider interface:
type Provider struct{}
func (*Provider) Generate(msg []byte, tsig *dns.TSIG) ([]byte, error) {
// Use tsig.Hdr.Name and tsig.Algorithm in your code to
// generate the MAC using msg as the payload.
}
func (*Provider) Verify(msg []byte, tsig *dns.TSIG) error {
// Use tsig.Hdr.Name and tsig.Algorithm in your code to verify
// that msg matches the value in tsig.MAC.
}
c := new(dns.Client)
c.TsigProvider = new(Provider)
m := new(dns.Msg)
m.SetQuestion("miek.nl.", dns.TypeMX)
m.SetTsig(keyname, dns.HmacSHA256, 300, time.Now().Unix())
...
// TSIG RR is calculated by calling your Generate method
Basic use pattern validating and replying to a message that has TSIG set.
server := &dns.Server{Addr: ":53", Net: "udp"}
server.TsigSecret = map[string]string{"axfr.": "so6ZGir4GPAqINNh9U5c3A=="}
go server.ListenAndServe()
dns.HandleFunc(".", handleRequest)
func handleRequest(w dns.ResponseWriter, r *dns.Msg) {
m := new(dns.Msg)
m.SetReply(r)
if r.IsTsig() != nil {
if w.TsigStatus() == nil {
// *Msg r has an TSIG record and it was validated
m.SetTsig("axfr.", dns.HmacSHA256, 300, time.Now().Unix())
} else {
// *Msg r has an TSIG records and it was not validated
}
}
w.WriteMsg(m)
}
# PRIVATE RRS
RFC 6895 sets aside a range of type codes for private use. This range is 65,280
- 65,534 (0xFF00 - 0xFFFE). When experimenting with new Resource Records these
can be used, before requesting an official type code from IANA.
See https://miek.nl/2014/september/21/idn-and-private-rr-in-go-dns/ for more
information.
# EDNS0
EDNS0 is an extension mechanism for the DNS defined in RFC 2671 and updated by
RFC 6891. It defines a new RR type, the OPT RR, which is then completely
abused.
Basic use pattern for creating an (empty) OPT RR:
o := new(dns.OPT)
o.Hdr.Name = "." // MUST be the root zone, per definition.
o.Hdr.Rrtype = dns.TypeOPT
The rdata of an OPT RR consists out of a slice of EDNS0 (RFC 6891) interfaces.
Currently only a few have been standardized: EDNS0_NSID (RFC 5001) and
EDNS0_SUBNET (RFC 7871). Note that these options may be combined in an OPT RR.
Basic use pattern for a server to check if (and which) options are set:
// o is a dns.OPT
for _, s := range o.Option {
switch e := s.(type) {
case *dns.EDNS0_NSID:
// do stuff with e.Nsid
case *dns.EDNS0_SUBNET:
// access e.Family, e.Address, etc.
}
}
SIG(0)
From RFC 2931:
SIG(0) provides protection for DNS transactions and requests ....
... protection for glue records, DNS requests, protection for message headers
on requests and responses, and protection of the overall integrity of a response.
It works like TSIG, except that SIG(0) uses public key cryptography, instead of
the shared secret approach in TSIG. Supported algorithms: ECDSAP256SHA256,
ECDSAP384SHA384, RSASHA1, RSASHA256 and RSASHA512.
Signing subsequent messages in multi-message sessions is not implemented.
duplicate.go
edns.go
format.go
generate.go
hash.go
labels.go
listen_socket_options.go
msg.go
msg_helpers.go
msg_truncate.go
nsecx.go
privaterr.go
reverse.go
sanitize.go
scan.go
scan_rr.go
serve_mux.go
server.go
sig0.go
smimea.go
svcb.go
tlsa.go
tsig.go
types.go
udp.go
update.go
version.go
xfr.go
zduplicate.go
zmsg.go
ztypes.go
Code Examples
package main
import (
"fmt"
"net"
"github.com/miekg/dns"
)
func main() {
config, _ := dns.ClientConfigFromFile("/etc/resolv.conf")
c := new(dns.Client)
m := new(dns.Msg)
zone := "miek.nl"
m.SetQuestion(dns.Fqdn(zone), dns.TypeDNSKEY)
m.SetEdns0(4096, true)
r, _, err := c.Exchange(m, net.JoinHostPort(config.Servers[0], config.Port))
if err != nil {
return
}
if r.Rcode != dns.RcodeSuccess {
return
}
for _, k := range r.Answer {
if key, ok := k.(*dns.DNSKEY); ok {
for _, alg := range []uint8{dns.SHA1, dns.SHA256, dns.SHA384} {
fmt.Printf("%s; %d\n", key.ToDS(alg).String(), key.Flags)
}
}
}
}
package main
import (
"fmt"
"net"
"github.com/miekg/dns"
)
func main() {
config, _ := dns.ClientConfigFromFile("/etc/resolv.conf")
c := new(dns.Client)
m := new(dns.Msg)
m.SetQuestion("miek.nl.", dns.TypeMX)
m.RecursionDesired = true
r, _, err := c.Exchange(m, net.JoinHostPort(config.Servers[0], config.Port))
if err != nil {
return
}
if r.Rcode != dns.RcodeSuccess {
return
}
for _, a := range r.Answer {
if mx, ok := a.(*dns.MX); ok {
fmt.Printf("%s\n", mx.String())
}
}
}
package main
import (
"errors"
"fmt"
"log"
"net"
"github.com/miekg/dns"
)
const TypeAPAIR = 0x0F99
type APAIR struct {
addr [2]net.IP
}
func NewAPAIR() dns.PrivateRdata { return new(APAIR) }
func (rd *APAIR) String() string { return rd.addr[0].String() + " " + rd.addr[1].String() }
func (rd *APAIR) Parse(txt []string) error {
if len(txt) != 2 {
return errors.New("two addresses required for APAIR")
}
for i, s := range txt {
ip := net.ParseIP(s)
if ip == nil {
return errors.New("invalid IP in APAIR text representation")
}
rd.addr[i] = ip
}
return nil
}
func (rd *APAIR) Pack(buf []byte) (int, error) {
b := append([]byte(rd.addr[0]), []byte(rd.addr[1])...)
n := copy(buf, b)
if n != len(b) {
return n, dns.ErrBuf
}
return n, nil
}
func (rd *APAIR) Unpack(buf []byte) (int, error) {
ln := net.IPv4len * 2
if len(buf) != ln {
return 0, errors.New("invalid length of APAIR rdata")
}
cp := make([]byte, ln)
copy(cp, buf)
rd.addr[0] = net.IP(cp[:3])
rd.addr[1] = net.IP(cp[4:])
return len(buf), nil
}
func (rd *APAIR) Copy(dest dns.PrivateRdata) error {
cp := make([]byte, rd.Len())
_, err := rd.Pack(cp)
if err != nil {
return err
}
d := dest.(*APAIR)
d.addr[0] = net.IP(cp[:3])
d.addr[1] = net.IP(cp[4:])
return nil
}
func (rd *APAIR) Len() int {
return net.IPv4len * 2
}
func main() {
dns.PrivateHandle("APAIR", TypeAPAIR, NewAPAIR)
defer dns.PrivateHandleRemove(TypeAPAIR)
var oldId = dns.Id
dns.Id = func() uint16 { return 3 }
defer func() { dns.Id = oldId }()
rr, err := dns.NewRR("miek.nl. APAIR (1.2.3.4 1.2.3.5)")
if err != nil {
log.Fatal("could not parse APAIR record: ", err)
}
fmt.Println(rr) // see first line of Output below
m := new(dns.Msg)
m.SetQuestion("miek.nl.", TypeAPAIR)
m.Answer = append(m.Answer, rr)
fmt.Println(m)
}
Package-Level Type Names (total 144)
A RR. See RFC 1035.
A net.IP
Hdr RR_Header
(*A) Header() *RR_Header
(*A) String() string
*A : RR
*A : expvar.Var
*A : fmt.Stringer
AAAA RR. See RFC 3596.
AAAA net.IP
Hdr RR_Header
(*AAAA) Header() *RR_Header
(*AAAA) String() string
*AAAA : RR
*AAAA : expvar.Var
*AAAA : fmt.Stringer
AFSDB RR. See RFC 1183.
Hdr RR_Header
Hostname string
Subtype uint16
(*AFSDB) Header() *RR_Header
(*AFSDB) String() string
*AFSDB : RR
*AFSDB : expvar.Var
*AFSDB : fmt.Stringer
AMTRELAY RR. See RFC 8777.
// packing/unpacking/parsing/etc handled together with GatewayHost
GatewayHost string
// discovery is packed in here at bit 0x80
Hdr RR_Header
Precedence uint8
(*AMTRELAY) Header() *RR_Header
(*AMTRELAY) String() string
*AMTRELAY : RR
*AMTRELAY : expvar.Var
*AMTRELAY : fmt.Stringer
ANY is a wild card record. See RFC 1035, Section 3.2.3. ANY is named "*" there.
The ANY records can be (ab)used to create resource records without any rdata, that
can be used in dynamic update requests. Basic use pattern:
a := &ANY{RR_Header{
Name: "example.org.",
Rrtype: TypeA,
Class: ClassINET,
}}
Results in an A record without rdata.
Hdr RR_Header
(*ANY) Header() *RR_Header
(*ANY) String() string
*ANY : RR
*ANY : expvar.Var
*ANY : fmt.Stringer
APL RR. See RFC 3123.
Hdr RR_Header
Prefixes []APLPrefix
(*APL) Header() *RR_Header
String returns presentation form of the APL record.
*APL : RR
*APL : expvar.Var
*APL : fmt.Stringer
AVC RR. See https://www.iana.org/assignments/dns-parameters/AVC/avc-completed-template.
Hdr RR_Header
Txt []string
(*AVC) Header() *RR_Header
(*AVC) String() string
*AVC : RR
*AVC : expvar.Var
*AVC : fmt.Stringer
CAA RR. See RFC 6844.
Flag uint8
Hdr RR_Header
Tag string
Value string
(*CAA) Header() *RR_Header
rr.Value Is the character-string encoding of the value field as specified in RFC 1035, Section 5.1.
*CAA : RR
*CAA : expvar.Var
*CAA : fmt.Stringer
CDNSKEY RR. See RFC 7344.
DNSKEY DNSKEY
DNSKEY.Algorithm uint8
DNSKEY.Flags uint16
DNSKEY.Hdr RR_Header
DNSKEY.Protocol uint8
DNSKEY.PublicKey string
Generate generates a DNSKEY of the given bit size.
The public part is put inside the DNSKEY record.
The Algorithm in the key must be set as this will define
what kind of DNSKEY will be generated.
The ECDSA algorithms imply a fixed keysize, in that case
bits should be set to the size of the algorithm.
(*CDNSKEY) Header() *RR_Header
KeyTag calculates the keytag (or key-id) of the DNSKEY.
NewPrivateKey returns a PrivateKey by parsing the string s.
s should be in the same form of the BIND private key files.
PrivateKeyString converts a PrivateKey to a string. This string has the same
format as the private-key-file of BIND9 (Private-key-format: v1.3).
It needs some info from the key (the algorithm), so its a method of the DNSKEY.
It supports *rsa.PrivateKey, *ecdsa.PrivateKey and ed25519.PrivateKey.
ReadPrivateKey reads a private key from the io.Reader q. The string file is
only used in error reporting.
The public key must be known, because some cryptographic algorithms embed
the public inside the privatekey.
(*CDNSKEY) String() string
ToCDNSKEY converts a DNSKEY record to a CDNSKEY record.
ToDS converts a DNSKEY record to a DS record.
*CDNSKEY : RR
*CDNSKEY : expvar.Var
*CDNSKEY : fmt.Stringer
func (*DNSKEY).ToCDNSKEY() *CDNSKEY
CDS RR. See RFC 7344.
DS DS
DS.Algorithm uint8
DS.Digest string
DS.DigestType uint8
DS.Hdr RR_Header
DS.KeyTag uint16
(*CDS) Header() *RR_Header
(*CDS) String() string
ToCDS converts a DS record to a CDS record.
*CDS : RR
*CDS : expvar.Var
*CDS : fmt.Stringer
func (*DS).ToCDS() *CDS
CERT RR. See RFC 4398.
Algorithm uint8
Certificate string
Hdr RR_Header
KeyTag uint16
Type uint16
(*CERT) Header() *RR_Header
(*CERT) String() string
*CERT : RR
*CERT : expvar.Var
*CERT : fmt.Stringer
Class is a DNS class.
String returns the string representation for the class c.
Class : expvar.Var
Class : fmt.Stringer
A Client defines parameters for a DNS client.
// net.DialTimeout, defaults to 2 seconds, or net.Dialer.Timeout if expiring earlier - overridden by Timeout when that value is non-zero
// a net.Dialer used to set local address, timeouts and more
// if "tcp" or "tcp-tls" (DNS over TLS) a TCP query will be initiated, otherwise an UDP one (default is "" for UDP)
// net.Conn.SetReadTimeout value for connections, defaults to 2 seconds - overridden by Timeout when that value is non-zero
SingleInflight previously serialised multiple concurrent queries for the
same Qname, Qtype and Qclass to ensure only one would be in flight at a
time.
Deprecated: This is a no-op. Callers should implement their own in flight
query caching if needed. See github.com/miekg/dns/issues/1449.
// TLS connection configuration
Timeout is a cumulative timeout for dial, write and read, defaults to 0 (disabled) - overrides DialTimeout, ReadTimeout,
WriteTimeout when non-zero. Can be overridden with net.Dialer.Timeout (see Client.ExchangeWithDialer and
Client.Dialer) or context.Context.Deadline (see ExchangeContext)
// An implementation of the TsigProvider interface. If defined it replaces TsigSecret and is used for all TSIG operations.
// secret(s) for Tsig map[<zonename>]<base64 secret>, zonename must be in canonical form (lowercase, fqdn, see RFC 4034 Section 6.2)
// minimum receive buffer for UDP messages
// net.Conn.SetWriteTimeout value for connections, defaults to 2 seconds - overridden by Timeout when that value is non-zero
Dial connects to the address on the named network.
DialContext connects to the address on the named network, with a context.Context.
Exchange performs a synchronous query. It sends the message m to the address
contained in a and waits for a reply. Basic use pattern with a *dns.Client:
c := new(dns.Client)
in, rtt, err := c.Exchange(message, "127.0.0.1:53")
Exchange does not retry a failed query, nor will it fall back to TCP in
case of truncation.
It is up to the caller to create a message that allows for larger responses to be
returned. Specifically this means adding an EDNS0 OPT RR that will advertise a larger
buffer, see SetEdns0. Messages without an OPT RR will fallback to the historic limit
of 512 bytes
To specify a local address or a timeout, the caller has to set the `Client.Dialer`
attribute appropriately
ExchangeContext acts like Exchange, but honors the deadline on the provided
context, if present. If there is both a context deadline and a configured
timeout on the client, the earliest of the two takes effect.
ExchangeWithConn has the same behavior as Exchange, just with a predetermined connection
that will be used instead of creating a new one.
Usage pattern with a *dns.Client:
c := new(dns.Client)
// connection management logic goes here
conn := c.Dial(address)
in, rtt, err := c.ExchangeWithConn(message, conn)
This allows users of the library to implement their own connection management,
as opposed to Exchange, which will always use new connections and incur the added overhead
that entails when using "tcp" and especially "tcp-tls" clients.
ExchangeWithConnContext has the same behaviour as ExchangeWithConn and
additionally obeys deadlines from the passed Context.
ClientConfig wraps the contents of the /etc/resolv.conf file.
// lost packets before giving up on server, not used in the package dns
// number of dots in name to trigger absolute lookup
// what port to use
// suffixes to append to local name
// servers to use
// seconds before giving up on packet
NameList returns all of the names that should be queried based on the
config. It is based off of go's net/dns name building, but it does not
check the length of the resulting names.
func ClientConfigFromFile(resolvconf string) (*ClientConfig, error)
func ClientConfigFromReader(resolvconf io.Reader) (*ClientConfig, error)
CNAME RR. See RFC 1034.
Hdr RR_Header
Target string
(*CNAME) Header() *RR_Header
(*CNAME) String() string
*CNAME : RR
*CNAME : expvar.Var
*CNAME : fmt.Stringer
A Conn represents a connection to a DNS server.
// a net.Conn holding the connection
// An implementation of the TsigProvider interface. If defined it replaces TsigSecret and is used for all TSIG operations.
// secret(s) for Tsig map[<zonename>]<base64 secret>, zonename must be in canonical form (lowercase, fqdn, see RFC 4034 Section 6.2)
// minimum receive buffer for UDP messages
Close closes the connection.
Any blocked Read or Write operations will be unblocked and return errors.
Close may or may not block until any buffered data is sent;
for TCP connections see [*TCPConn.SetLinger].
LocalAddr returns the local network address, if known.
Read implements the net.Conn read method.
ReadMsg reads a message from the connection co.
If the received message contains a TSIG record the transaction signature
is verified. This method always tries to return the message, however if an
error is returned there are no guarantees that the returned message is a
valid representation of the packet read.
ReadMsgHeader reads a DNS message, parses and populates hdr (when hdr is not nil).
Returns message as a byte slice to be parsed with Msg.Unpack later on.
Note that error handling on the message body is not possible as only the header is parsed.
RemoteAddr returns the remote network address, if known.
SetDeadline sets the read and write deadlines associated
with the connection. It is equivalent to calling both
SetReadDeadline and SetWriteDeadline.
A deadline is an absolute time after which I/O operations
fail instead of blocking. The deadline applies to all future
and pending I/O, not just the immediately following call to
Read or Write. After a deadline has been exceeded, the
connection can be refreshed by setting a deadline in the future.
If the deadline is exceeded a call to Read or Write or to other
I/O methods will return an error that wraps os.ErrDeadlineExceeded.
This can be tested using errors.Is(err, os.ErrDeadlineExceeded).
The error's Timeout method will return true, but note that there
are other possible errors for which the Timeout method will
return true even if the deadline has not been exceeded.
An idle timeout can be implemented by repeatedly extending
the deadline after successful Read or Write calls.
A zero value for t means I/O operations will not time out.
SetReadDeadline sets the deadline for future Read calls
and any currently-blocked Read call.
A zero value for t means Read will not time out.
SetWriteDeadline sets the deadline for future Write calls
and any currently-blocked Write call.
Even if write times out, it may return n > 0, indicating that
some of the data was successfully written.
A zero value for t means Write will not time out.
Write implements the net.Conn Write method.
WriteMsg sends a message through the connection co.
If the message m contains a TSIG record the transaction
signature is calculated.
*Conn : Writer
Conn : github.com/pion/datachannel.ReadDeadliner
Conn : github.com/pion/datachannel.WriteDeadliner
*Conn : github.com/pion/stun.Connection
*Conn : github.com/pion/stun/v3.Connection
Conn : github.com/prometheus/common/expfmt.Closer
*Conn : internal/bisect.Writer
Conn : io.Closer
*Conn : io.ReadCloser
*Conn : io.Reader
*Conn : io.ReadWriteCloser
*Conn : io.ReadWriter
*Conn : io.WriteCloser
*Conn : io.Writer
*Conn : net.Conn
func Dial(network, address string) (conn *Conn, err error)
func DialTimeout(network, address string, timeout time.Duration) (conn *Conn, err error)
func DialTimeoutWithTLS(network, address string, tlsConfig *tls.Config, timeout time.Duration) (conn *Conn, err error)
func DialWithTLS(network, address string, tlsConfig *tls.Config) (conn *Conn, err error)
func (*Client).Dial(address string) (conn *Conn, err error)
func (*Client).DialContext(ctx context.Context, address string) (conn *Conn, err error)
func (*Client).ExchangeWithConn(m *Msg, conn *Conn) (r *Msg, rtt time.Duration, err error)
func (*Client).ExchangeWithConnContext(ctx context.Context, m *Msg, co *Conn) (r *Msg, rtt time.Duration, err error)
A ConnectionStater interface is used by a DNS Handler to access TLS connection state
when available.
( ConnectionStater) ConnectionState() *tls.ConnectionState
CSYNC RR. See RFC 7477.
Flags uint16
Hdr RR_Header
Serial uint32
TypeBitMap []uint16
(*CSYNC) Header() *RR_Header
(*CSYNC) String() string
*CSYNC : RR
*CSYNC : expvar.Var
*CSYNC : fmt.Stringer
DecorateReader is a decorator hook for extending or supplanting the functionality of a Reader.
Implementations should never return a nil Reader.
Readers should also implement the optional PacketConnReader interface.
PacketConnReader is required to use a generic net.PacketConn.
DecorateWriter is a decorator hook for extending or supplanting the functionality of a Writer.
Implementations should never return a nil Writer.
DHCID RR. See RFC 4701.
Digest string
Hdr RR_Header
(*DHCID) Header() *RR_Header
(*DHCID) String() string
*DHCID : RR
*DHCID : expvar.Var
*DHCID : fmt.Stringer
DLV RR. See RFC 4431.
DS DS
DS.Algorithm uint8
DS.Digest string
DS.DigestType uint8
DS.Hdr RR_Header
DS.KeyTag uint16
(*DLV) Header() *RR_Header
(*DLV) String() string
ToCDS converts a DS record to a CDS record.
*DLV : RR
*DLV : expvar.Var
*DLV : fmt.Stringer
DNAME RR. See RFC 2672.
Hdr RR_Header
Target string
(*DNAME) Header() *RR_Header
(*DNAME) String() string
*DNAME : RR
*DNAME : expvar.Var
*DNAME : fmt.Stringer
DNSKEY RR. See RFC 4034 and RFC 3755.
Algorithm uint8
Flags uint16
Hdr RR_Header
Protocol uint8
PublicKey string
Generate generates a DNSKEY of the given bit size.
The public part is put inside the DNSKEY record.
The Algorithm in the key must be set as this will define
what kind of DNSKEY will be generated.
The ECDSA algorithms imply a fixed keysize, in that case
bits should be set to the size of the algorithm.
(*DNSKEY) Header() *RR_Header
KeyTag calculates the keytag (or key-id) of the DNSKEY.
NewPrivateKey returns a PrivateKey by parsing the string s.
s should be in the same form of the BIND private key files.
PrivateKeyString converts a PrivateKey to a string. This string has the same
format as the private-key-file of BIND9 (Private-key-format: v1.3).
It needs some info from the key (the algorithm), so its a method of the DNSKEY.
It supports *rsa.PrivateKey, *ecdsa.PrivateKey and ed25519.PrivateKey.
ReadPrivateKey reads a private key from the io.Reader q. The string file is
only used in error reporting.
The public key must be known, because some cryptographic algorithms embed
the public inside the privatekey.
(*DNSKEY) String() string
ToCDNSKEY converts a DNSKEY record to a CDNSKEY record.
ToDS converts a DNSKEY record to a DS record.
*DNSKEY : RR
*DNSKEY : expvar.Var
*DNSKEY : fmt.Stringer
func (*RRSIG).Verify(k *DNSKEY, rrset []RR) error
DS RR. See RFC 4034 and RFC 3658.
Algorithm uint8
Digest string
DigestType uint8
Hdr RR_Header
KeyTag uint16
(*DS) Header() *RR_Header
(*DS) String() string
ToCDS converts a DS record to a CDS record.
*DS : RR
*DS : expvar.Var
*DS : fmt.Stringer
func (*DNSKEY).ToDS(h uint8) *DS
EDNS0 defines an EDNS0 Option. An OPT RR can have multiple options appended to it.
Option returns the option code for the option.
String returns the string representation of the option.
*EDNS0_COOKIE
*EDNS0_DAU
*EDNS0_DHU
*EDNS0_EDE
*EDNS0_ESU
*EDNS0_EXPIRE
*EDNS0_LLQ
*EDNS0_LOCAL
*EDNS0_N3U
*EDNS0_NSID
*EDNS0_PADDING
*EDNS0_SUBNET
*EDNS0_TCP_KEEPALIVE
*EDNS0_UL
EDNS0 : expvar.Var
EDNS0 : fmt.Stringer
The EDNS0_COOKIE option is used to add a DNS Cookie to a message.
o := new(dns.OPT)
o.Hdr.Name = "."
o.Hdr.Rrtype = dns.TypeOPT
e := new(dns.EDNS0_COOKIE)
e.Code = dns.EDNS0COOKIE
e.Cookie = "24a5ac.."
o.Option = append(o.Option, e)
The Cookie field consists out of a client cookie (RFC 7873 Section 4), that is
always 8 bytes. It may then optionally be followed by the server cookie. The server
cookie is of variable length, 8 to a maximum of 32 bytes. In other words:
cCookie := o.Cookie[:16]
sCookie := o.Cookie[16:]
There is no guarantee that the Cookie string has a specific length.
// always EDNS0COOKIE
// hex encoded cookie data
Option implements the EDNS0 interface.
(*EDNS0_COOKIE) String() string
*EDNS0_COOKIE : EDNS0
*EDNS0_COOKIE : expvar.Var
*EDNS0_COOKIE : fmt.Stringer
EDNS0_DAU implements the EDNS0 "DNSSEC Algorithm Understood" option. See RFC 6975.
AlgCode []uint8
// always EDNS0DAU
Option implements the EDNS0 interface.
(*EDNS0_DAU) String() string
*EDNS0_DAU : EDNS0
*EDNS0_DAU : expvar.Var
*EDNS0_DAU : fmt.Stringer
EDNS0_DHU implements the EDNS0 "DS Hash Understood" option. See RFC 6975.
AlgCode []uint8
// always EDNS0DAU
Option implements the EDNS0 interface.
(*EDNS0_DHU) String() string
*EDNS0_DHU : EDNS0
*EDNS0_DHU : expvar.Var
*EDNS0_DHU : fmt.Stringer
EDNS0_EDE option is used to return additional information about the cause of
DNS errors.
ExtraText string
InfoCode uint16
Option implements the EDNS0 interface.
(*EDNS0_EDE) String() string
*EDNS0_EDE : EDNS0
*EDNS0_EDE : expvar.Var
*EDNS0_EDE : fmt.Stringer
The EDNS0_ESU option for ENUM Source-URI Extension.
// always EDNS0ESU
Uri string
(*EDNS0_ESU) Option() uint16
(*EDNS0_ESU) String() string
*EDNS0_ESU : EDNS0
*EDNS0_ESU : expvar.Var
*EDNS0_ESU : fmt.Stringer
EDNS0_EXPIRE implements the EDNS0 option as described in RFC 7314.
// always EDNS0EXPIRE
// Empty is used to signal an empty Expire option in a backwards compatible way, it's not used on the wire.
Expire uint32
Option implements the EDNS0 interface.
(*EDNS0_EXPIRE) String() (s string)
*EDNS0_EXPIRE : EDNS0
*EDNS0_EXPIRE : expvar.Var
*EDNS0_EXPIRE : fmt.Stringer
EDNS0_LLQ stands for Long Lived Queries: http://tools.ietf.org/html/draft-sekar-dns-llq-01
Implemented for completeness, as the EDNS0 type code is assigned.
// always EDNS0LLQ
Error uint16
Id uint64
LeaseLife uint32
Opcode uint16
Version uint16
Option implements the EDNS0 interface.
(*EDNS0_LLQ) String() string
*EDNS0_LLQ : EDNS0
*EDNS0_LLQ : expvar.Var
*EDNS0_LLQ : fmt.Stringer
The EDNS0_LOCAL option is used for local/experimental purposes. The option
code is recommended to be within the range [EDNS0LOCALSTART, EDNS0LOCALEND]
(RFC6891), although any unassigned code can actually be used. The content of
the option is made available in Data, unaltered.
Basic use pattern for creating a local option:
o := new(dns.OPT)
o.Hdr.Name = "."
o.Hdr.Rrtype = dns.TypeOPT
e := new(dns.EDNS0_LOCAL)
e.Code = dns.EDNS0LOCALSTART
e.Data = []byte{72, 82, 74}
o.Option = append(o.Option, e)
// option code
Data []byte
Option implements the EDNS0 interface.
(*EDNS0_LOCAL) String() string
*EDNS0_LOCAL : EDNS0
*EDNS0_LOCAL : expvar.Var
*EDNS0_LOCAL : fmt.Stringer
EDNS0_N3U implements the EDNS0 "NSEC3 Hash Understood" option. See RFC 6975.
AlgCode []uint8
// always EDNS0DAU
Option implements the EDNS0 interface.
(*EDNS0_N3U) String() string
*EDNS0_N3U : EDNS0
*EDNS0_N3U : expvar.Var
*EDNS0_N3U : fmt.Stringer
EDNS0_NSID option is used to retrieve a nameserver
identifier. When sending a request Nsid must be set to the empty string
The identifier is an opaque string encoded as hex.
Basic use pattern for creating an nsid option:
o := new(dns.OPT)
o.Hdr.Name = "."
o.Hdr.Rrtype = dns.TypeOPT
e := new(dns.EDNS0_NSID)
e.Code = dns.EDNS0NSID
e.Nsid = "AA"
o.Option = append(o.Option, e)
// always EDNS0NSID
// string needs to be hex encoded
Option implements the EDNS0 interface.
(*EDNS0_NSID) String() string
*EDNS0_NSID : EDNS0
*EDNS0_NSID : expvar.Var
*EDNS0_NSID : fmt.Stringer
EDNS0_PADDING option is used to add padding to a request/response. The default
value of padding SHOULD be 0x0 but other values MAY be used, for instance if
compression is applied before encryption which may break signatures.
Padding []byte
Option implements the EDNS0 interface.
(*EDNS0_PADDING) String() string
*EDNS0_PADDING : EDNS0
*EDNS0_PADDING : expvar.Var
*EDNS0_PADDING : fmt.Stringer
EDNS0_SUBNET is the subnet option that is used to give the remote nameserver
an idea of where the client lives. See RFC 7871. It can then give back a different
answer depending on the location or network topology.
Basic use pattern for creating an subnet option:
o := new(dns.OPT)
o.Hdr.Name = "."
o.Hdr.Rrtype = dns.TypeOPT
e := new(dns.EDNS0_SUBNET)
e.Code = dns.EDNS0SUBNET // by default this is filled in through unpacking OPT packets (unpackDataOpt)
e.Family = 1 // 1 for IPv4 source address, 2 for IPv6
e.SourceNetmask = 32 // 32 for IPV4, 128 for IPv6
e.SourceScope = 0
e.Address = net.ParseIP("127.0.0.1").To4() // for IPv4
// e.Address = net.ParseIP("2001:7b8:32a::2") // for IPV6
o.Option = append(o.Option, e)
This code will parse all the available bits when unpacking (up to optlen).
When packing it will apply SourceNetmask. If you need more advanced logic,
patches welcome and good luck.
Address net.IP
// always EDNS0SUBNET
// 1 for IP, 2 for IP6
SourceNetmask uint8
SourceScope uint8
Option implements the EDNS0 interface.
(*EDNS0_SUBNET) String() (s string)
*EDNS0_SUBNET : EDNS0
*EDNS0_SUBNET : expvar.Var
*EDNS0_SUBNET : fmt.Stringer
EDNS0_TCP_KEEPALIVE is an EDNS0 option that instructs the server to keep
the TCP connection alive. See RFC 7828.
// always EDNSTCPKEEPALIVE
Length is the option's length.
Deprecated: this field is deprecated and is always equal to 0.
Timeout is an idle timeout value for the TCP connection, specified in
units of 100 milliseconds, encoded in network byte order. If set to 0,
pack will return a nil slice.
Option implements the EDNS0 interface.
(*EDNS0_TCP_KEEPALIVE) String() string
*EDNS0_TCP_KEEPALIVE : EDNS0
*EDNS0_TCP_KEEPALIVE : expvar.Var
*EDNS0_TCP_KEEPALIVE : fmt.Stringer
The EDNS0_UL (Update Lease) (draft RFC) option is used to tell the server to set
an expiration on an update RR. This is helpful for clients that cannot clean
up after themselves. This is a draft RFC and more information can be found at
https://tools.ietf.org/html/draft-sekar-dns-ul-02
o := new(dns.OPT)
o.Hdr.Name = "."
o.Hdr.Rrtype = dns.TypeOPT
e := new(dns.EDNS0_UL)
e.Code = dns.EDNS0UL
e.Lease = 120 // in seconds
o.Option = append(o.Option, e)
// always EDNS0UL
KeyLease uint32
Lease uint32
Option implements the EDNS0 interface.
(*EDNS0_UL) String() string
*EDNS0_UL : EDNS0
*EDNS0_UL : expvar.Var
*EDNS0_UL : fmt.Stringer
EID RR. See http://ana-3.lcs.mit.edu/~jnc/nimrod/dns.txt.
Endpoint string
Hdr RR_Header
(*EID) Header() *RR_Header
(*EID) String() string
*EID : RR
*EID : expvar.Var
*EID : fmt.Stringer
Envelope is used when doing a zone transfer with a remote server.
// If something went wrong, this contains the error.
// The set of RRs in the answer section of the xfr reply message.
func (*Transfer).In(q *Msg, a string) (env chan *Envelope, err error)
func (*Transfer).Out(w ResponseWriter, q *Msg, ch chan *Envelope) error
EUI48 RR. See RFC 7043.
Address uint64
Hdr RR_Header
(*EUI48) Header() *RR_Header
(*EUI48) String() string
*EUI48 : RR
*EUI48 : expvar.Var
*EUI48 : fmt.Stringer
EUI64 RR. See RFC 7043.
Address uint64
Hdr RR_Header
(*EUI64) Header() *RR_Header
(*EUI64) String() string
*EUI64 : RR
*EUI64 : expvar.Var
*EUI64 : fmt.Stringer
GID RR. Deprecated, IANA-Reserved.
Gid uint32
Hdr RR_Header
(*GID) Header() *RR_Header
(*GID) String() string
*GID : RR
*GID : expvar.Var
*GID : fmt.Stringer
GPOS RR. See RFC 1712.
Altitude string
Hdr RR_Header
Latitude string
Longitude string
(*GPOS) Header() *RR_Header
(*GPOS) String() string
*GPOS : RR
*GPOS : expvar.Var
*GPOS : fmt.Stringer
Handler is implemented by any value that implements ServeDNS.
( Handler) ServeDNS(w ResponseWriter, r *Msg)
HandlerFunc
*ServeMux
func ActivateAndServe(l net.Listener, p net.PacketConn, handler Handler) error
func Handle(pattern string, handler Handler)
func ListenAndServe(addr string, network string, handler Handler) error
func ListenAndServeTLS(addr, certFile, keyFile string, handler Handler) error
func (*ServeMux).Handle(pattern string, handler Handler)
The HandlerFunc type is an adapter to allow the use of
ordinary functions as DNS handlers. If f is a function
with the appropriate signature, HandlerFunc(f) is a
Handler object that calls f.
ServeDNS calls f(w, r).
HandlerFunc : Handler
Header is the wire format for the DNS packet header.
Ancount uint16
Arcount uint16
Bits uint16
Id uint16
Nscount uint16
Qdcount uint16
func (*Conn).ReadMsgHeader(hdr *Header) ([]byte, error)
HINFO RR. See RFC 1034.
Cpu string
Hdr RR_Header
Os string
(*HINFO) Header() *RR_Header
(*HINFO) String() string
*HINFO : RR
*HINFO : expvar.Var
*HINFO : fmt.Stringer
HIP RR. See RFC 8005.
Hdr RR_Header
Hit string
HitLength uint8
PublicKey string
PublicKeyAlgorithm uint8
PublicKeyLength uint16
RendezvousServers []string
(*HIP) Header() *RR_Header
(*HIP) String() string
*HIP : RR
*HIP : expvar.Var
*HIP : fmt.Stringer
HTTPS RR. See RFC 9460. Everything valid for SVCB applies to HTTPS as well.
Except that the HTTPS record is intended for use with the HTTP and HTTPS protocols.
SVCB SVCB
SVCB.Hdr RR_Header
// If zero, Value must be empty or discarded by the user of this library
SVCB.Target string
SVCB.Value []SVCBKeyValue
(*HTTPS) Header() *RR_Header
(*HTTPS) String() string
*HTTPS : RR
*HTTPS : expvar.Var
*HTTPS : fmt.Stringer
IPSECKEY RR. See RFC 4025.
Algorithm uint8
// packing/unpacking/parsing/etc handled together with GatewayHost
GatewayHost string
GatewayType uint8
Hdr RR_Header
Precedence uint8
PublicKey string
(*IPSECKEY) Header() *RR_Header
(*IPSECKEY) String() string
*IPSECKEY : RR
*IPSECKEY : expvar.Var
*IPSECKEY : fmt.Stringer
ISDN RR. See RFC 1183, Section 3.2.
Address string
Hdr RR_Header
SubAddress string
(*ISDN) Header() *RR_Header
(*ISDN) String() string
*ISDN : RR
*ISDN : expvar.Var
*ISDN : fmt.Stringer
KEY RR. See RFC 2535.
DNSKEY DNSKEY
DNSKEY.Algorithm uint8
DNSKEY.Flags uint16
DNSKEY.Hdr RR_Header
DNSKEY.Protocol uint8
DNSKEY.PublicKey string
Generate generates a DNSKEY of the given bit size.
The public part is put inside the DNSKEY record.
The Algorithm in the key must be set as this will define
what kind of DNSKEY will be generated.
The ECDSA algorithms imply a fixed keysize, in that case
bits should be set to the size of the algorithm.
(*KEY) Header() *RR_Header
KeyTag calculates the keytag (or key-id) of the DNSKEY.
NewPrivateKey returns a PrivateKey by parsing the string s.
s should be in the same form of the BIND private key files.
PrivateKeyString converts a PrivateKey to a string. This string has the same
format as the private-key-file of BIND9 (Private-key-format: v1.3).
It needs some info from the key (the algorithm), so its a method of the DNSKEY.
It supports *rsa.PrivateKey, *ecdsa.PrivateKey and ed25519.PrivateKey.
ReadPrivateKey reads a private key from the io.Reader q. The string file is
only used in error reporting.
The public key must be known, because some cryptographic algorithms embed
the public inside the privatekey.
(*KEY) String() string
ToCDNSKEY converts a DNSKEY record to a CDNSKEY record.
ToDS converts a DNSKEY record to a DS record.
*KEY : RR
*KEY : expvar.Var
*KEY : fmt.Stringer
func (*SIG).Verify(k *KEY, buf []byte) error
KX RR. See RFC 2230.
Exchanger string
Hdr RR_Header
Preference uint16
(*KX) Header() *RR_Header
(*KX) String() string
*KX : RR
*KX : expvar.Var
*KX : fmt.Stringer
L32 RR, See RFC 6742.
Hdr RR_Header
Locator32 net.IP
Preference uint16
(*L32) Header() *RR_Header
(*L32) String() string
*L32 : RR
*L32 : expvar.Var
*L32 : fmt.Stringer
L64 RR, See RFC 6742.
Hdr RR_Header
Locator64 uint64
Preference uint16
(*L64) Header() *RR_Header
(*L64) String() string
*L64 : RR
*L64 : expvar.Var
*L64 : fmt.Stringer
LOC RR. See RFC 1876.
Altitude uint32
Hdr RR_Header
HorizPre uint8
Latitude uint32
Longitude uint32
Size uint8
Version uint8
VertPre uint8
(*LOC) Header() *RR_Header
(*LOC) String() string
*LOC : RR
*LOC : expvar.Var
*LOC : fmt.Stringer
LP RR. See RFC 6742.
Fqdn string
Hdr RR_Header
Preference uint16
(*LP) Header() *RR_Header
(*LP) String() string
*LP : RR
*LP : expvar.Var
*LP : fmt.Stringer
MB RR. See RFC 1035.
Hdr RR_Header
Mb string
(*MB) Header() *RR_Header
(*MB) String() string
*MB : RR
*MB : expvar.Var
*MB : fmt.Stringer
MD RR. See RFC 1035.
Hdr RR_Header
Md string
(*MD) Header() *RR_Header
(*MD) String() string
*MD : RR
*MD : expvar.Var
*MD : fmt.Stringer
MF RR. See RFC 1035.
Hdr RR_Header
Mf string
(*MF) Header() *RR_Header
(*MF) String() string
*MF : RR
*MF : expvar.Var
*MF : fmt.Stringer
MG RR. See RFC 1035.
Hdr RR_Header
Mg string
(*MG) Header() *RR_Header
(*MG) String() string
*MG : RR
*MG : expvar.Var
*MG : fmt.Stringer
MINFO RR. See RFC 1035.
Email string
Hdr RR_Header
Rmail string
(*MINFO) Header() *RR_Header
(*MINFO) String() string
*MINFO : RR
*MINFO : expvar.Var
*MINFO : fmt.Stringer
MR RR. See RFC 1035.
Hdr RR_Header
Mr string
(*MR) Header() *RR_Header
(*MR) String() string
*MR : RR
*MR : expvar.Var
*MR : fmt.Stringer
Msg contains the layout of a DNS message.
// Holds the RR(s) of the answer section.
// If true, the message will be compressed when converted to wire format.
// Holds the RR(s) of the additional section.
MsgHdr MsgHdr
MsgHdr.AuthenticatedData bool
MsgHdr.Authoritative bool
MsgHdr.CheckingDisabled bool
MsgHdr.Id uint16
MsgHdr.Opcode int
MsgHdr.Rcode int
MsgHdr.RecursionAvailable bool
MsgHdr.RecursionDesired bool
MsgHdr.Response bool
MsgHdr.Truncated bool
MsgHdr.Zero bool
// Holds the RR(s) of the authority section.
// Holds the RR(s) of the question section.
Copy returns a new *Msg which is a deep-copy of dns.
CopyTo copies the contents to the provided message using a deep-copy and returns the copy.
Insert creates a dynamic update packet that adds an complete RRset, see RFC 2136 section 2.5.1.
See [ANY] on how to make RRs without rdata.
IsEdns0 checks if the message has a EDNS0 (OPT) record, any EDNS0
record in the additional section will do. It returns the OPT record
found or nil.
IsTsig checks if the message has a TSIG record as the last record
in the additional section. It returns the TSIG record found or nil.
Len returns the message length when in (un)compressed wire format.
If dns.Compress is true compression it is taken into account. Len()
is provided to be a faster way to get the size of the resulting packet,
than packing it, measuring the size and discarding the buffer.
NameNotUsed sets the RRs in the prereq section to
"Name is in not use" RRs. RFC 2136 section 2.4.5.
NameUsed sets the RRs in the prereq section to
"Name is in use" RRs. RFC 2136 section 2.4.4.
See [ANY] on how to make RRs without rdata.
Pack packs a Msg: it is converted to wire format.
If the dns.Compress is true the message will be in compressed wire format.
PackBuffer packs a Msg, using the given buffer buf. If buf is too small a new buffer is allocated.
RRsetNotUsed sets the RRs in the prereq section to
"RRset does not exist" RRs. RFC 2136 section 2.4.3.
See [ANY] on how to make RRs without rdata.
RRsetUsed sets the RRs in the prereq section to
"RRset exists (value independent -- no rdata)" RRs. RFC 2136 section 2.4.1.
See [ANY] on how to make RRs without rdata.
Remove creates a dynamic update packet deletes RR from a RRSset, see RFC 2136 section 2.5.4
See [ANY] on how to make RRs without rdata.
RemoveName creates a dynamic update packet that deletes all RRsets of a name, see RFC 2136 section 2.5.3
See [ANY] on how to make RRs without rdata.
RemoveRRset creates a dynamic update packet that deletes an RRset, see RFC 2136 section 2.5.2.
See [ANY] on how to make RRs without rdata.
SetAxfr creates message for requesting an AXFR.
SetEdns0 appends a EDNS0 OPT RR to the message.
TSIG should always the last RR in a message.
SetIxfr creates message for requesting an IXFR.
SetNotify creates a notify message, it sets the Question
section, generates an Id and sets the Authoritative (AA)
bit to true.
SetQuestion creates a question message, it sets the Question
section, generates an Id and sets the RecursionDesired (RD)
bit to true.
SetRcode creates an error message suitable for the request.
SetRcodeFormatError creates a message with FormError set.
SetReply creates a reply message from a request message.
SetTsig appends a TSIG RR to the message.
This is only a skeleton TSIG RR that is added as the last RR in the
additional section. The TSIG is calculated when the message is being send.
SetUpdate makes the message a dynamic update message. It
sets the ZONE section to: z, TypeSOA, ClassINET.
Convert a complete message to a string with dig-like output.
Truncate ensures the reply message will fit into the requested buffer
size by removing records that exceed the requested size.
It will first check if the reply fits without compression and then with
compression. If it won't fit with compression, Truncate then walks the
record adding as many records as possible without exceeding the
requested buffer size.
If the message fits within the requested size without compression,
Truncate will set the message's Compress attribute to false. It is
the caller's responsibility to set it back to true if they wish to
compress the payload regardless of size.
The TC bit will be set if any records were excluded from the message.
If the TC bit is already set on the message it will be retained.
TC indicates that the client should retry over TCP.
According to RFC 2181, the TC bit should only be set if not all of the
"required" RRs can be included in the response. Unfortunately, we have
no way of knowing which RRs are required so we set the TC bit if any RR
had to be omitted from the response.
The appropriate buffer size can be retrieved from the requests OPT
record, if present, and is transport specific otherwise. dns.MinMsgSize
should be used for UDP requests without an OPT record, and
dns.MaxMsgSize for TCP requests without an OPT record.
Unpack unpacks a binary message to a Msg structure.
Used sets the RRs in the prereq section to
"RRset exists (value dependent -- with rdata)" RRs. RFC 2136 section 2.4.2.
*Msg : expvar.Var
*Msg : fmt.Stringer
func Exchange(m *Msg, a string) (r *Msg, err error)
func ExchangeConn(c net.Conn, m *Msg) (r *Msg, err error)
func ExchangeContext(ctx context.Context, m *Msg, a string) (r *Msg, err error)
func (*Client).Exchange(m *Msg, address string) (r *Msg, rtt time.Duration, err error)
func (*Client).ExchangeContext(ctx context.Context, m *Msg, a string) (r *Msg, rtt time.Duration, err error)
func (*Client).ExchangeWithConn(m *Msg, conn *Conn) (r *Msg, rtt time.Duration, err error)
func (*Client).ExchangeWithConnContext(ctx context.Context, m *Msg, co *Conn) (r *Msg, rtt time.Duration, err error)
func (*Conn).ReadMsg() (*Msg, error)
func (*Msg).Copy() *Msg
func (*Msg).CopyTo(r1 *Msg) *Msg
func (*Msg).SetAxfr(z string) *Msg
func (*Msg).SetEdns0(udpsize uint16, do bool) *Msg
func (*Msg).SetIxfr(z string, serial uint32, ns, mbox string) *Msg
func (*Msg).SetNotify(z string) *Msg
func (*Msg).SetQuestion(z string, t uint16) *Msg
func (*Msg).SetRcode(request *Msg, rcode int) *Msg
func (*Msg).SetRcodeFormatError(request *Msg) *Msg
func (*Msg).SetReply(request *Msg) *Msg
func (*Msg).SetTsig(z, algo string, fudge uint16, timesigned int64) *Msg
func (*Msg).SetUpdate(z string) *Msg
func (*Transfer).ReadMsg() (*Msg, error)
func Exchange(m *Msg, a string) (r *Msg, err error)
func ExchangeConn(c net.Conn, m *Msg) (r *Msg, err error)
func ExchangeContext(ctx context.Context, m *Msg, a string) (r *Msg, err error)
func HandleFailed(w ResponseWriter, r *Msg)
func TsigGenerate(m *Msg, secret, requestMAC string, timersOnly bool) ([]byte, string, error)
func TsigGenerateWithProvider(m *Msg, provider TsigProvider, requestMAC string, timersOnly bool) ([]byte, string, error)
func (*Client).Exchange(m *Msg, address string) (r *Msg, rtt time.Duration, err error)
func (*Client).ExchangeContext(ctx context.Context, m *Msg, a string) (r *Msg, rtt time.Duration, err error)
func (*Client).ExchangeWithConn(m *Msg, conn *Conn) (r *Msg, rtt time.Duration, err error)
func (*Client).ExchangeWithConnContext(ctx context.Context, m *Msg, co *Conn) (r *Msg, rtt time.Duration, err error)
func (*Conn).WriteMsg(m *Msg) (err error)
func Handler.ServeDNS(w ResponseWriter, r *Msg)
func HandlerFunc.ServeDNS(w ResponseWriter, r *Msg)
func (*Msg).CopyTo(r1 *Msg) *Msg
func (*Msg).SetRcode(request *Msg, rcode int) *Msg
func (*Msg).SetRcodeFormatError(request *Msg) *Msg
func (*Msg).SetReply(request *Msg) *Msg
func ResponseWriter.WriteMsg(*Msg) error
func (*ServeMux).ServeDNS(w ResponseWriter, req *Msg)
func (*SIG).Sign(k crypto.Signer, m *Msg) ([]byte, error)
func (*Transfer).In(q *Msg, a string) (env chan *Envelope, err error)
func (*Transfer).Out(w ResponseWriter, q *Msg, ch chan *Envelope) error
func (*Transfer).WriteMsg(m *Msg) (err error)
MsgAcceptAction represents the action to be taken.
const MsgAccept
const MsgIgnore
const MsgReject
const MsgRejectNotImplemented
MsgAcceptFunc is used early in the server code to accept or reject a message with RcodeFormatError.
It returns a MsgAcceptAction to indicate what should happen with the message.
var DefaultMsgAcceptFunc
MsgHdr is a a manually-unpacked version of (id, bits).
AuthenticatedData bool
Authoritative bool
CheckingDisabled bool
Id uint16
Opcode int
Rcode int
RecursionAvailable bool
RecursionDesired bool
Response bool
Truncated bool
Zero bool
Convert a MsgHdr to a string, with dig-like headers:
;; opcode: QUERY, status: NOERROR, id: 48404
;; flags: qr aa rd ra;
*MsgHdr : expvar.Var
*MsgHdr : fmt.Stringer
MsgInvalidFunc is a listener hook for observing incoming messages that were discarded
because they could not be parsed.
Every message that is read by a Reader will eventually be provided to the Handler,
rejected (or ignored) by the MsgAcceptFunc, or passed to this function.
MX RR. See RFC 1035.
Hdr RR_Header
Mx string
Preference uint16
(*MX) Header() *RR_Header
(*MX) String() string
*MX : RR
*MX : expvar.Var
*MX : fmt.Stringer
Name is a DNS domain name.
String returns the string representation for the name n.
Name : expvar.Var
Name : fmt.Stringer
NAPTR RR. See RFC 2915.
Flags string
Hdr RR_Header
Order uint16
Preference uint16
Regexp string
Replacement string
Service string
(*NAPTR) Header() *RR_Header
(*NAPTR) String() string
*NAPTR : RR
*NAPTR : expvar.Var
*NAPTR : fmt.Stringer
NID RR. See RFC 6742.
Hdr RR_Header
NodeID uint64
Preference uint16
(*NID) Header() *RR_Header
(*NID) String() string
*NID : RR
*NID : expvar.Var
*NID : fmt.Stringer
NIMLOC RR. See http://ana-3.lcs.mit.edu/~jnc/nimrod/dns.txt.
Hdr RR_Header
Locator string
(*NIMLOC) Header() *RR_Header
(*NIMLOC) String() string
*NIMLOC : RR
*NIMLOC : expvar.Var
*NIMLOC : fmt.Stringer
NINFO RR. See https://www.iana.org/assignments/dns-parameters/NINFO/ninfo-completed-template.
Hdr RR_Header
ZSData []string
(*NINFO) Header() *RR_Header
(*NINFO) String() string
*NINFO : RR
*NINFO : expvar.Var
*NINFO : fmt.Stringer
NS RR. See RFC 1035.
Hdr RR_Header
Ns string
(*NS) Header() *RR_Header
(*NS) String() string
*NS : RR
*NS : expvar.Var
*NS : fmt.Stringer
NSAPPTR RR. See RFC 1348.
Hdr RR_Header
Ptr string
(*NSAPPTR) Header() *RR_Header
(*NSAPPTR) String() string
*NSAPPTR : RR
*NSAPPTR : expvar.Var
*NSAPPTR : fmt.Stringer
NSEC RR. See RFC 4034 and RFC 3755.
Hdr RR_Header
NextDomain string
TypeBitMap []uint16
(*NSEC) Header() *RR_Header
(*NSEC) String() string
*NSEC : RR
*NSEC : expvar.Var
*NSEC : fmt.Stringer
NSEC3 RR. See RFC 5155.
Flags uint8
Hash uint8
HashLength uint8
Hdr RR_Header
Iterations uint16
NextDomain string
Salt string
SaltLength uint8
TypeBitMap []uint16
Cover returns true if a name is covered by the NSEC3 record.
(*NSEC3) Header() *RR_Header
Match returns true if a name matches the NSEC3 record
(*NSEC3) String() string
*NSEC3 : RR
*NSEC3 : expvar.Var
*NSEC3 : fmt.Stringer
NSEC3PARAM RR. See RFC 5155.
Flags uint8
Hash uint8
Hdr RR_Header
Iterations uint16
Salt string
SaltLength uint8
(*NSEC3PARAM) Header() *RR_Header
(*NSEC3PARAM) String() string
*NSEC3PARAM : RR
*NSEC3PARAM : expvar.Var
*NSEC3PARAM : fmt.Stringer
NULL RR. See RFC 1035.
Data string
Hdr RR_Header
(*NULL) Header() *RR_Header
(*NULL) String() string
*NULL : RR
*NULL : expvar.Var
*NULL : fmt.Stringer
NXNAME is a meta record. See https://www.iana.org/go/draft-ietf-dnsop-compact-denial-of-existence-04
Reference: https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml
Hdr RR_Header
(*NXNAME) Header() *RR_Header
(*NXNAME) String() string
*NXNAME : RR
*NXNAME : expvar.Var
*NXNAME : fmt.Stringer
NXT RR. See RFC 2535.
NSEC NSEC
NSEC.Hdr RR_Header
NSEC.NextDomain string
NSEC.TypeBitMap []uint16
(*NXT) Header() *RR_Header
(*NXT) String() string
*NXT : RR
*NXT : expvar.Var
*NXT : fmt.Stringer
OPENPGPKEY RR. See RFC 7929.
Hdr RR_Header
PublicKey string
(*OPENPGPKEY) Header() *RR_Header
(*OPENPGPKEY) String() string
*OPENPGPKEY : RR
*OPENPGPKEY : expvar.Var
*OPENPGPKEY : fmt.Stringer
OPT is the EDNS0 RR appended to messages to convey extra (meta) information. See RFC 6891.
Hdr RR_Header
Option []EDNS0
Co returns the value of the CO (Compact Answers OK) bit.
Do returns the value of the DO (DNSSEC OK) bit.
ExtendedRcode returns the EDNS extended RCODE field (the upper 8 bits of the TTL).
(*OPT) Header() *RR_Header
SetCo sets the CO (Compact Answers OK) bit.
If we pass an argument, set the CO bit to that value.
It is possible to pass 2 or more arguments, but they will be ignored.
SetDo sets the DO (DNSSEC OK) bit.
If we pass an argument, set the DO bit to that value.
It is possible to pass 2 or more arguments, but they will be ignored.
SetExtendedRcode sets the EDNS extended RCODE field.
If the RCODE is not an extended RCODE, will reset the extended RCODE field to 0.
SetUDPSize sets the UDP buffer size.
SetVersion sets the version of EDNS. This is usually zero.
SetZ sets the Z part of the OPT RR, note only the 14 least significant bits of z are used.
(*OPT) String() string
UDPSize returns the UDP buffer size.
Version returns the EDNS version used. Only zero is defined.
Z returns the Z part of the OPT RR as a uint16 with only the 14 least significant bits used.
*OPT : RR
*OPT : expvar.Var
*OPT : fmt.Stringer
func (*Msg).IsEdns0() *OPT
PacketConnReader is an optional interface that Readers can implement to support using generic net.PacketConns.
ReadPacketConn reads a raw message from a generic net.PacketConn UDP connection. Implementations may
alter connection properties, for example the read-deadline.
ReadTCP reads a raw message from a TCP connection. Implementations may alter
connection properties, for example the read-deadline.
ReadUDP reads a raw message from a UDP connection. Implementations may alter
connection properties, for example the read-deadline.
PacketConnReader : Reader
ParseError is a parsing error. It contains the parse error and the location in the io.Reader
where the error occurred.
(*ParseError) Error() (s string)
(*ParseError) Unwrap() error
*ParseError : error
*ParseError : golang.org/x/xerrors.Wrapper
PrivateRdata is an interface used for implementing "Private Use" RR types, see
RFC 6895. This allows one to experiment with new RR types, without requesting an
official type code. Also see dns.PrivateHandle and dns.PrivateHandleRemove.
Copy copies the Rdata into the PrivateRdata argument.
Len returns the length in octets of the Rdata.
Pack is used when packing a private RR into a buffer.
Parse parses the Rdata of the private RR.
String returns the text presentation of the Rdata of the Private RR.
Unpack is used when unpacking a private RR from a buffer.
PrivateRdata : expvar.Var
PrivateRdata : fmt.Stringer
func PrivateRdata.Copy(PrivateRdata) error
PrivateRR represents an RR that uses a PrivateRdata user-defined type.
It mocks normal RRs and implements dns.RR interface.
Data PrivateRdata
Hdr RR_Header
Header return the RR header of r.
(*PrivateRR) String() string
*PrivateRR : RR
*PrivateRR : expvar.Var
*PrivateRR : fmt.Stringer
PTR RR. See RFC 1035.
Hdr RR_Header
Ptr string
(*PTR) Header() *RR_Header
(*PTR) String() string
*PTR : RR
*PTR : expvar.Var
*PTR : fmt.Stringer
PX RR. See RFC 2163.
Hdr RR_Header
Map822 string
Mapx400 string
Preference uint16
(*PX) Header() *RR_Header
(*PX) String() string
*PX : RR
*PX : expvar.Var
*PX : fmt.Stringer
Question holds a DNS question. Usually there is just one. While the
original DNS RFCs allow multiple questions in the question section of a
message, in practice it never works. Because most DNS servers see multiple
questions as an error, it is recommended to only have one question per
message.
// "cdomain-name" specifies encoding (and may be compressed)
Qclass uint16
Qtype uint16
(*Question) String() (s string)
*Question : expvar.Var
*Question : fmt.Stringer
Reader reads raw DNS messages; each call to ReadTCP or ReadUDP should return an entire message.
ReadTCP reads a raw message from a TCP connection. Implementations may alter
connection properties, for example the read-deadline.
ReadUDP reads a raw message from a UDP connection. Implementations may alter
connection properties, for example the read-deadline.
PacketConnReader (interface)
Hdr RR_Header
Txt []string
(*RESINFO) Header() *RR_Header
(*RESINFO) String() string
*RESINFO : RR
*RESINFO : expvar.Var
*RESINFO : fmt.Stringer
A ResponseWriter interface is used by an DNS handler to
construct an DNS response.
Close closes the connection.
Hijack lets the caller take over the connection.
After a call to Hijack(), the DNS package will not do anything with the connection.
LocalAddr returns the net.Addr of the server
RemoteAddr returns the net.Addr of the client that sent the current request.
TsigStatus returns the status of the Tsig.
TsigTimersOnly sets the tsig timers only boolean.
Write writes a raw buffer back to the client.
WriteMsg writes a reply back to the client.
ResponseWriter : Writer
ResponseWriter : github.com/prometheus/common/expfmt.Closer
ResponseWriter : internal/bisect.Writer
ResponseWriter : io.Closer
ResponseWriter : io.WriteCloser
ResponseWriter : io.Writer
func HandleFailed(w ResponseWriter, r *Msg)
func Handler.ServeDNS(w ResponseWriter, r *Msg)
func HandlerFunc.ServeDNS(w ResponseWriter, r *Msg)
func (*ServeMux).ServeDNS(w ResponseWriter, req *Msg)
func (*Transfer).Out(w ResponseWriter, q *Msg, ch chan *Envelope) error
RFC3597 represents an unknown/generic RR. See RFC 3597.
Hdr RR_Header
Rdata string
(*RFC3597) Header() *RR_Header
(*RFC3597) String() string
ToRFC3597 converts a known RR to the unknown RR representation from RFC 3597.
*RFC3597 : RR
*RFC3597 : expvar.Var
*RFC3597 : fmt.Stringer
RKEY RR. See https://www.iana.org/assignments/dns-parameters/RKEY/rkey-completed-template.
Algorithm uint8
Flags uint16
Hdr RR_Header
Protocol uint8
PublicKey string
(*RKEY) Header() *RR_Header
(*RKEY) String() string
*RKEY : RR
*RKEY : expvar.Var
*RKEY : fmt.Stringer
RP RR. See RFC 1138, Section 2.2.
Hdr RR_Header
Mbox string
Txt string
(*RP) Header() *RR_Header
(*RP) String() string
*RP : RR
*RP : expvar.Var
*RP : fmt.Stringer
An RR represents a resource record.
Header returns the header of an resource record. The header contains
everything up to the rdata.
String returns the text representation of the resource record.
*A
*AAAA
*AFSDB
*AMTRELAY
*ANY
*APL
*AVC
*CAA
*CDNSKEY
*CDS
*CERT
*CNAME
*CSYNC
*DHCID
*DLV
*DNAME
*DNSKEY
*DS
*EID
*EUI48
*EUI64
*GID
*GPOS
*HINFO
*HIP
*HTTPS
*IPSECKEY
*ISDN
*KEY
*KX
*L32
*L64
*LOC
*LP
*MB
*MD
*MF
*MG
*MINFO
*MR
*MX
*NAPTR
*NID
*NIMLOC
*NINFO
*NS
*NSAPPTR
*NSEC
*NSEC3
*NSEC3PARAM
*NULL
*NXNAME
*NXT
*OPENPGPKEY
*OPT
*PrivateRR
*PTR
*PX
*RESINFO
*RFC3597
*RKEY
*RP
*RR_Header
*RRSIG
*RT
*SIG
*SMIMEA
*SOA
*SPF
*SRV
*SSHFP
*SVCB
*TA
*TALINK
*TKEY
*TLSA
*TSIG
*TXT
*UID
*UINFO
*URI
*X25
*ZONEMD
RR : expvar.Var
RR : fmt.Stringer
func Copy(r RR) RR
func Dedup(rrs []RR, m map[string]RR) []RR
func NewRR(s string) (RR, error)
func ReadRR(r io.Reader, file string) (RR, error)
func UnpackRR(msg []byte, off int) (rr RR, off1 int, err error)
func UnpackRRWithHeader(h RR_Header, msg []byte, off int) (rr RR, off1 int, err error)
func (*ZoneParser).Next() (RR, bool)
func Copy(r RR) RR
func Dedup(rrs []RR, m map[string]RR) []RR
func Dedup(rrs []RR, m map[string]RR) []RR
func Field(r RR, i int) string
func IsDuplicate(r1, r2 RR) bool
func IsRRset(rrset []RR) bool
func Len(r RR) int
func NumField(r RR) int
func PackRR(rr RR, msg []byte, off int, compression map[string]int, compress bool) (off1 int, err error)
func (*Msg).Insert(rr []RR)
func (*Msg).NameNotUsed(rr []RR)
func (*Msg).NameUsed(rr []RR)
func (*Msg).Remove(rr []RR)
func (*Msg).RemoveName(rr []RR)
func (*Msg).RemoveRRset(rr []RR)
func (*Msg).RRsetNotUsed(rr []RR)
func (*Msg).RRsetUsed(rr []RR)
func (*Msg).Used(rr []RR)
func (*RFC3597).ToRFC3597(r RR) error
func (*RRSIG).Sign(k crypto.Signer, rrset []RR) error
func (*RRSIG).Verify(k *DNSKEY, rrset []RR) error
RR_Header is the header all DNS resource records share.
Class uint16
Name string
// Length of data after header.
Rrtype uint16
Ttl uint32
Header returns itself. This is here to make RR_Header implements the RR interface.
(*RR_Header) String() string
*RR_Header : RR
*RR_Header : expvar.Var
*RR_Header : fmt.Stringer
func (*A).Header() *RR_Header
func (*AAAA).Header() *RR_Header
func (*AFSDB).Header() *RR_Header
func (*AMTRELAY).Header() *RR_Header
func (*ANY).Header() *RR_Header
func (*APL).Header() *RR_Header
func (*AVC).Header() *RR_Header
func (*CAA).Header() *RR_Header
func (*CDNSKEY).Header() *RR_Header
func (*CDS).Header() *RR_Header
func (*CERT).Header() *RR_Header
func (*CNAME).Header() *RR_Header
func (*CSYNC).Header() *RR_Header
func (*DHCID).Header() *RR_Header
func (*DLV).Header() *RR_Header
func (*DNAME).Header() *RR_Header
func (*DNSKEY).Header() *RR_Header
func (*DS).Header() *RR_Header
func (*EID).Header() *RR_Header
func (*EUI48).Header() *RR_Header
func (*EUI64).Header() *RR_Header
func (*GID).Header() *RR_Header
func (*GPOS).Header() *RR_Header
func (*HINFO).Header() *RR_Header
func (*HIP).Header() *RR_Header
func (*HTTPS).Header() *RR_Header
func (*IPSECKEY).Header() *RR_Header
func (*ISDN).Header() *RR_Header
func (*KEY).Header() *RR_Header
func (*KX).Header() *RR_Header
func (*L32).Header() *RR_Header
func (*L64).Header() *RR_Header
func (*LOC).Header() *RR_Header
func (*LP).Header() *RR_Header
func (*MB).Header() *RR_Header
func (*MD).Header() *RR_Header
func (*MF).Header() *RR_Header
func (*MG).Header() *RR_Header
func (*MINFO).Header() *RR_Header
func (*MR).Header() *RR_Header
func (*MX).Header() *RR_Header
func (*NAPTR).Header() *RR_Header
func (*NID).Header() *RR_Header
func (*NIMLOC).Header() *RR_Header
func (*NINFO).Header() *RR_Header
func (*NS).Header() *RR_Header
func (*NSAPPTR).Header() *RR_Header
func (*NSEC).Header() *RR_Header
func (*NSEC3).Header() *RR_Header
func (*NSEC3PARAM).Header() *RR_Header
func (*NULL).Header() *RR_Header
func (*NXNAME).Header() *RR_Header
func (*NXT).Header() *RR_Header
func (*OPENPGPKEY).Header() *RR_Header
func (*OPT).Header() *RR_Header
func (*PrivateRR).Header() *RR_Header
func (*PTR).Header() *RR_Header
func (*PX).Header() *RR_Header
func (*RESINFO).Header() *RR_Header
func (*RFC3597).Header() *RR_Header
func (*RKEY).Header() *RR_Header
func (*RP).Header() *RR_Header
func RR.Header() *RR_Header
func (*RR_Header).Header() *RR_Header
func (*RRSIG).Header() *RR_Header
func (*RT).Header() *RR_Header
func (*SIG).Header() *RR_Header
func (*SMIMEA).Header() *RR_Header
func (*SOA).Header() *RR_Header
func (*SPF).Header() *RR_Header
func (*SRV).Header() *RR_Header
func (*SSHFP).Header() *RR_Header
func (*SVCB).Header() *RR_Header
func (*TA).Header() *RR_Header
func (*TALINK).Header() *RR_Header
func (*TKEY).Header() *RR_Header
func (*TLSA).Header() *RR_Header
func (*TSIG).Header() *RR_Header
func (*TXT).Header() *RR_Header
func (*UID).Header() *RR_Header
func (*UINFO).Header() *RR_Header
func (*URI).Header() *RR_Header
func (*X25).Header() *RR_Header
func (*ZONEMD).Header() *RR_Header
func UnpackRRWithHeader(h RR_Header, msg []byte, off int) (rr RR, off1 int, err error)
RRSIG RR. See RFC 4034 and RFC 3755.
Algorithm uint8
Expiration uint32
Hdr RR_Header
Inception uint32
KeyTag uint16
Labels uint8
OrigTtl uint32
Signature string
SignerName string
TypeCovered uint16
(*RRSIG) Header() *RR_Header
Sign signs an RRSet. The signature needs to be filled in with the values:
Inception, Expiration, KeyTag, SignerName and Algorithm. The rest is copied
from the RRset. Sign returns a non-nill error when the signing went OK.
There is no check if RRSet is a proper (RFC 2181) RRSet. If OrigTTL is non
zero, it is used as-is, otherwise the TTL of the RRset is used as the
OrigTTL.
(*RRSIG) String() string
ValidityPeriod uses RFC1982 serial arithmetic to calculate
if a signature period is valid. If t is the zero time, the
current time is taken other t is. Returns true if the signature
is valid at the given time, otherwise returns false.
Verify validates an RRSet with the signature and key. This is only the
cryptographic test, the signature validity period must be checked separately.
This function copies the rdata of some RRs (to lowercase domain names) for the validation to work.
It also checks that the Zone Key bit (RFC 4034 2.1.1) is set on the DNSKEY
and that the Protocol field is set to 3 (RFC 4034 2.1.2).
*RRSIG : RR
*RRSIG : expvar.Var
*RRSIG : fmt.Stringer
RT RR. See RFC 1183, Section 3.3.
Hdr RR_Header
// RFC 3597 prohibits compressing records not defined in RFC 1035.
Preference uint16
(*RT) Header() *RR_Header
(*RT) String() string
*RT : RR
*RT : expvar.Var
*RT : fmt.Stringer
ServeMux is an DNS request multiplexer. It matches the zone name of
each incoming request against a list of registered patterns add calls
the handler for the pattern that most closely matches the zone name.
ServeMux is DNSSEC aware, meaning that queries for the DS record are
redirected to the parent zone (if that is also registered), otherwise
the child gets the query.
ServeMux is also safe for concurrent access from multiple goroutines.
The zero ServeMux is empty and ready for use.
Handle adds a handler to the ServeMux for pattern.
HandleFunc adds a handler function to the ServeMux for pattern.
HandleRemove deregisters the handler specific for pattern from the ServeMux.
ServeDNS dispatches the request to the handler whose pattern most
closely matches the request message.
ServeDNS is DNSSEC aware, meaning that queries for the DS record
are redirected to the parent zone (if that is also registered),
otherwise the child gets the query.
If no handler is found, or there is no question, a standard REFUSED
message is returned
*ServeMux : Handler
func NewServeMux() *ServeMux
var DefaultServeMux *ServeMux
A Server defines parameters for running an DNS server.
Address to listen on, ":dns" if empty.
DecorateReader is optional, allows customization of the process that reads raw DNS messages.
The decorated reader must not mutate the data read from the conn.
DecorateWriter is optional, allows customization of the process that writes raw DNS messages.
Handler to invoke, dns.DefaultServeMux if nil.
TCP idle timeout for multiple queries, if nil, defaults to 8 * time.Second (RFC 5966).
TCP Listener to use, this is to aid in systemd's socket activation.
Maximum number of TCP queries before we close the socket. Default is maxTCPQueries (unlimited if -1).
AcceptMsgFunc will check the incoming message and will reject it early in the process.
By default DefaultMsgAcceptFunc will be used.
MsgInvalidFunc is optional, will be called if a message is received but cannot be parsed.
if "tcp" or "tcp-tls" (DNS over TLS) it will invoke a TCP listener, otherwise an UDP one
If NotifyStartedFunc is set it is called once the server has started listening.
UDP "Listener" to use, this is to aid in systemd's socket activation.
The net.Conn.SetReadTimeout value for new connections, defaults to 2 * time.Second.
Whether to set the SO_REUSEADDR socket option, allowing multiple listeners to be bound to a single address.
Crucially this allows binding when an existing server is listening on `0.0.0.0` or `::`.
It is only supported on certain GOOSes and when using ListenAndServe.
Whether to set the SO_REUSEPORT socket option, allowing multiple listeners to be bound to a single address.
It is only supported on certain GOOSes and when using ListenAndServe.
TLS connection configuration
An implementation of the TsigProvider interface. If defined it replaces TsigSecret and is used for all TSIG operations.
Secret(s) for Tsig map[<zonename>]<base64 secret>. The zonename must be in canonical form (lowercase, fqdn, see RFC 4034 Section 6.2).
Default buffer size to use to read incoming UDP messages. If not set
it defaults to MinMsgSize (512 B).
The net.Conn.SetWriteTimeout value for new connections, defaults to 2 * time.Second.
ActivateAndServe starts a nameserver with the PacketConn or Listener
configured in *Server. Its main use is to start a server from systemd.
ListenAndServe starts a nameserver on the configured address in *Server.
Shutdown shuts down a server. After a call to Shutdown, ListenAndServe and
ActivateAndServe will return.
ShutdownContext shuts down a server. After a call to ShutdownContext,
ListenAndServe and ActivateAndServe will return.
A context.Context may be passed to limit how long to wait for connections
to terminate.
SessionUDP holds the remote address and the associated
out-of-band data.
RemoteAddr returns the remote network address.
func ReadFromSessionUDP(conn *net.UDPConn, b []byte) (int, *SessionUDP, error)
func PacketConnReader.ReadUDP(conn *net.UDPConn, timeout time.Duration) ([]byte, *SessionUDP, error)
func Reader.ReadUDP(conn *net.UDPConn, timeout time.Duration) ([]byte, *SessionUDP, error)
func WriteToSessionUDP(conn *net.UDPConn, b []byte, session *SessionUDP) (int, error)
SIG RR. See RFC 2535. The SIG RR is identical to RRSIG and nowadays only used for SIG(0), See RFC 2931.
RRSIG RRSIG
RRSIG.Algorithm uint8
RRSIG.Expiration uint32
RRSIG.Hdr RR_Header
RRSIG.Inception uint32
RRSIG.KeyTag uint16
RRSIG.Labels uint8
RRSIG.OrigTtl uint32
RRSIG.Signature string
RRSIG.SignerName string
RRSIG.TypeCovered uint16
(*SIG) Header() *RR_Header
Sign signs a dns.Msg. It fills the signature with the appropriate data.
The SIG record should have the SignerName, KeyTag, Algorithm, Inception
and Expiration set.
(*SIG) String() string
ValidityPeriod uses RFC1982 serial arithmetic to calculate
if a signature period is valid. If t is the zero time, the
current time is taken other t is. Returns true if the signature
is valid at the given time, otherwise returns false.
Verify validates the message buf using the key k.
It's assumed that buf is a valid message from which rr was unpacked.
*SIG : RR
*SIG : expvar.Var
*SIG : fmt.Stringer
SMIMEA RR. See RFC 8162.
Certificate string
Hdr RR_Header
MatchingType uint8
Selector uint8
Usage uint8
(*SMIMEA) Header() *RR_Header
Sign creates a SMIMEA record from an SSL certificate.
(*SMIMEA) String() string
Verify verifies a SMIMEA record against an SSL certificate. If it is OK
a nil error is returned.
*SMIMEA : RR
*SMIMEA : expvar.Var
*SMIMEA : fmt.Stringer
SOA RR. See RFC 1035.
Expire uint32
Hdr RR_Header
Mbox string
Minttl uint32
Ns string
Refresh uint32
Retry uint32
Serial uint32
(*SOA) Header() *RR_Header
(*SOA) String() string
*SOA : RR
*SOA : expvar.Var
*SOA : fmt.Stringer
SPF RR. See RFC 4408, Section 3.1.1.
Hdr RR_Header
Txt []string
(*SPF) Header() *RR_Header
(*SPF) String() string
*SPF : RR
*SPF : expvar.Var
*SPF : fmt.Stringer
SRV RR. See RFC 2782.
Hdr RR_Header
Port uint16
Priority uint16
Target string
Weight uint16
(*SRV) Header() *RR_Header
(*SRV) String() string
*SRV : RR
*SRV : expvar.Var
*SRV : fmt.Stringer
SSHFP RR. See RFC 4255.
Algorithm uint8
FingerPrint string
Hdr RR_Header
Type uint8
(*SSHFP) Header() *RR_Header
(*SSHFP) String() string
*SSHFP : RR
*SSHFP : expvar.Var
*SSHFP : fmt.Stringer
SVCB RR. See RFC 9460.
Hdr RR_Header
// If zero, Value must be empty or discarded by the user of this library
Target string
Value []SVCBKeyValue
(*SVCB) Header() *RR_Header
(*SVCB) String() string
*SVCB : RR
*SVCB : expvar.Var
*SVCB : fmt.Stringer
SVCBAlpn pair is used to list supported connection protocols.
The user of this library must ensure that at least one protocol is listed when alpn is present.
Protocol IDs can be found at:
https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids
Basic use pattern for creating an alpn option:
h := new(dns.HTTPS)
h.Hdr = dns.RR_Header{Name: ".", Rrtype: dns.TypeHTTPS, Class: dns.ClassINET}
e := new(dns.SVCBAlpn)
e.Alpn = []string{"h2", "http/1.1"}
h.Value = append(h.Value, e)
Alpn []string
(*SVCBAlpn) Key() SVCBKey
(*SVCBAlpn) String() string
*SVCBAlpn : SVCBKeyValue
*SVCBAlpn : expvar.Var
*SVCBAlpn : fmt.Stringer
SVCBDoHPath pair is used to indicate the URI template that the
clients may use to construct a DNS over HTTPS URI.
See RFC 9461 (https://datatracker.ietf.org/doc/html/rfc9461)
and RFC 9462 (https://datatracker.ietf.org/doc/html/rfc9462).
A basic example of using the dohpath option together with the alpn
option to indicate support for DNS over HTTPS on a certain path:
s := new(dns.SVCB)
s.Hdr = dns.RR_Header{Name: ".", Rrtype: dns.TypeSVCB, Class: dns.ClassINET}
e := new(dns.SVCBAlpn)
e.Alpn = []string{"h2", "h3"}
p := new(dns.SVCBDoHPath)
p.Template = "/dns-query{?dns}"
s.Value = append(s.Value, e, p)
The parsing currently doesn't validate that Template is a valid
RFC 6570 URI template.
Template string
(*SVCBDoHPath) Key() SVCBKey
(*SVCBDoHPath) String() string
*SVCBDoHPath : SVCBKeyValue
*SVCBDoHPath : expvar.Var
*SVCBDoHPath : fmt.Stringer
SVCBECHConfig pair contains the ECHConfig structure defined in draft-ietf-tls-esni [RFC xxxx].
Basic use pattern for creating an ech option:
h := new(dns.HTTPS)
h.Hdr = dns.RR_Header{Name: ".", Rrtype: dns.TypeHTTPS, Class: dns.ClassINET}
e := new(dns.SVCBECHConfig)
e.ECH = []byte{0xfe, 0x08, ...}
h.Value = append(h.Value, e)
// Specifically ECHConfigList including the redundant length prefix
(*SVCBECHConfig) Key() SVCBKey
(*SVCBECHConfig) String() string
*SVCBECHConfig : SVCBKeyValue
*SVCBECHConfig : expvar.Var
*SVCBECHConfig : fmt.Stringer
SVCBIPv4Hint pair suggests an IPv4 address which may be used to open connections
if A and AAAA record responses for SVCB's Target domain haven't been received.
In that case, optionally, A and AAAA requests can be made, after which the connection
to the hinted IP address may be terminated and a new connection may be opened.
Basic use pattern for creating an ipv4hint option:
h := new(dns.HTTPS)
h.Hdr = dns.RR_Header{Name: ".", Rrtype: dns.TypeHTTPS, Class: dns.ClassINET}
e := new(dns.SVCBIPv4Hint)
e.Hint = []net.IP{net.IPv4(1,1,1,1).To4()}
Or
e.Hint = []net.IP{net.ParseIP("1.1.1.1").To4()}
h.Value = append(h.Value, e)
Hint []net.IP
(*SVCBIPv4Hint) Key() SVCBKey
(*SVCBIPv4Hint) String() string
*SVCBIPv4Hint : SVCBKeyValue
*SVCBIPv4Hint : expvar.Var
*SVCBIPv4Hint : fmt.Stringer
SVCBIPv6Hint pair suggests an IPv6 address which may be used to open connections
if A and AAAA record responses for SVCB's Target domain haven't been received.
In that case, optionally, A and AAAA requests can be made, after which the
connection to the hinted IP address may be terminated and a new connection may be opened.
Basic use pattern for creating an ipv6hint option:
h := new(dns.HTTPS)
h.Hdr = dns.RR_Header{Name: ".", Rrtype: dns.TypeHTTPS, Class: dns.ClassINET}
e := new(dns.SVCBIPv6Hint)
e.Hint = []net.IP{net.ParseIP("2001:db8::1")}
h.Value = append(h.Value, e)
Hint []net.IP
(*SVCBIPv6Hint) Key() SVCBKey
(*SVCBIPv6Hint) String() string
*SVCBIPv6Hint : SVCBKeyValue
*SVCBIPv6Hint : expvar.Var
*SVCBIPv6Hint : fmt.Stringer
SVCBKey is the type of the keys used in the SVCB RR.
String takes the numerical code of an SVCB key and returns its name.
Returns an empty string for reserved keys.
Accepts unassigned keys as well as experimental/private keys.
SVCBKey : expvar.Var
SVCBKey : fmt.Stringer
func (*SVCBAlpn).Key() SVCBKey
func (*SVCBDoHPath).Key() SVCBKey
func (*SVCBECHConfig).Key() SVCBKey
func (*SVCBIPv4Hint).Key() SVCBKey
func (*SVCBIPv6Hint).Key() SVCBKey
func SVCBKeyValue.Key() SVCBKey
func (*SVCBLocal).Key() SVCBKey
func (*SVCBMandatory).Key() SVCBKey
func (*SVCBNoDefaultAlpn).Key() SVCBKey
func (*SVCBOhttp).Key() SVCBKey
func (*SVCBPort).Key() SVCBKey
const SVCB_ALPN
const SVCB_DOHPATH
const SVCB_ECHCONFIG
const SVCB_IPV4HINT
const SVCB_IPV6HINT
const SVCB_MANDATORY
const SVCB_NO_DEFAULT_ALPN
const SVCB_OHTTP
const SVCB_PORT
SVCBKeyValue defines a key=value pair for the SVCB RR type.
An SVCB RR can have multiple SVCBKeyValues appended to it.
// Key returns the numerical key code.
// String returns the string representation of the value.
*SVCBAlpn
*SVCBDoHPath
*SVCBECHConfig
*SVCBIPv4Hint
*SVCBIPv6Hint
*SVCBLocal
*SVCBMandatory
*SVCBNoDefaultAlpn
*SVCBOhttp
*SVCBPort
SVCBKeyValue : expvar.Var
SVCBKeyValue : fmt.Stringer
SVCBLocal pair is intended for experimental/private use. The key is recommended
to be in the range [SVCB_PRIVATE_LOWER, SVCB_PRIVATE_UPPER].
Basic use pattern for creating a keyNNNNN option:
h := new(dns.HTTPS)
h.Hdr = dns.RR_Header{Name: ".", Rrtype: dns.TypeHTTPS, Class: dns.ClassINET}
e := new(dns.SVCBLocal)
e.KeyCode = 65400
e.Data = []byte("abc")
h.Value = append(h.Value, e)
// All byte sequences are allowed.
// Never 65535 or any assigned keys.
(*SVCBLocal) Key() SVCBKey
(*SVCBLocal) String() string
*SVCBLocal : SVCBKeyValue
*SVCBLocal : expvar.Var
*SVCBLocal : fmt.Stringer
SVCBMandatory pair adds to required keys that must be interpreted for the RR
to be functional. If ignored, the whole RRSet must be ignored.
"port" and "no-default-alpn" are mandatory by default if present,
so they shouldn't be included here.
It is incumbent upon the user of this library to reject the RRSet if
or avoid constructing such an RRSet that:
- "mandatory" is included as one of the keys of mandatory
- no key is listed multiple times in mandatory
- all keys listed in mandatory are present
- escape sequences are not used in mandatory
- mandatory, when present, lists at least one key
Basic use pattern for creating a mandatory option:
s := &dns.SVCB{Hdr: dns.RR_Header{Name: ".", Rrtype: dns.TypeSVCB, Class: dns.ClassINET}}
e := new(dns.SVCBMandatory)
e.Code = []uint16{dns.SVCB_ALPN}
s.Value = append(s.Value, e)
t := new(dns.SVCBAlpn)
t.Alpn = []string{"xmpp-client"}
s.Value = append(s.Value, t)
Code []SVCBKey
(*SVCBMandatory) Key() SVCBKey
(*SVCBMandatory) String() string
*SVCBMandatory : SVCBKeyValue
*SVCBMandatory : expvar.Var
*SVCBMandatory : fmt.Stringer
SVCBNoDefaultAlpn pair signifies no support for default connection protocols.
Should be used in conjunction with alpn.
Basic use pattern for creating a no-default-alpn option:
s := &dns.SVCB{Hdr: dns.RR_Header{Name: ".", Rrtype: dns.TypeSVCB, Class: dns.ClassINET}}
t := new(dns.SVCBAlpn)
t.Alpn = []string{"xmpp-client"}
s.Value = append(s.Value, t)
e := new(dns.SVCBNoDefaultAlpn)
s.Value = append(s.Value, e)
(*SVCBNoDefaultAlpn) Key() SVCBKey
(*SVCBNoDefaultAlpn) String() string
*SVCBNoDefaultAlpn : SVCBKeyValue
*SVCBNoDefaultAlpn : expvar.Var
*SVCBNoDefaultAlpn : fmt.Stringer
The "ohttp" SvcParamKey is used to indicate that a service described in a SVCB RR
can be accessed as a target using an associated gateway.
Both the presentation and wire-format values for the "ohttp" parameter MUST be empty.
See RFC 9460 (https://datatracker.ietf.org/doc/html/rfc9460/)
and RFC 9230 (https://datatracker.ietf.org/doc/html/rfc9230/)
A basic example of using the dohpath option together with the alpn
option to indicate support for DNS over HTTPS on a certain path:
s := new(dns.SVCB)
s.Hdr = dns.RR_Header{Name: ".", Rrtype: dns.TypeSVCB, Class: dns.ClassINET}
e := new(dns.SVCBAlpn)
e.Alpn = []string{"h2", "h3"}
p := new(dns.SVCBOhttp)
s.Value = append(s.Value, e, p)
(*SVCBOhttp) Key() SVCBKey
(*SVCBOhttp) String() string
*SVCBOhttp : SVCBKeyValue
*SVCBOhttp : expvar.Var
*SVCBOhttp : fmt.Stringer
SVCBPort pair defines the port for connection.
Basic use pattern for creating a port option:
s := &dns.SVCB{Hdr: dns.RR_Header{Name: ".", Rrtype: dns.TypeSVCB, Class: dns.ClassINET}}
e := new(dns.SVCBPort)
e.Port = 80
s.Value = append(s.Value, e)
Port uint16
(*SVCBPort) Key() SVCBKey
(*SVCBPort) String() string
*SVCBPort : SVCBKeyValue
*SVCBPort : expvar.Var
*SVCBPort : fmt.Stringer
TA RR. See http://www.watson.org/~weiler/INI1999-19.pdf.
Algorithm uint8
Digest string
DigestType uint8
Hdr RR_Header
KeyTag uint16
(*TA) Header() *RR_Header
(*TA) String() string
*TA : RR
*TA : expvar.Var
*TA : fmt.Stringer
TALINK RR. See https://www.iana.org/assignments/dns-parameters/TALINK/talink-completed-template.
Hdr RR_Header
NextName string
PreviousName string
(*TALINK) Header() *RR_Header
(*TALINK) String() string
*TALINK : RR
*TALINK : expvar.Var
*TALINK : fmt.Stringer
TKEY RR. See RFC 2930.
Algorithm string
Error uint16
Expiration uint32
Hdr RR_Header
Inception uint32
Key string
KeySize uint16
Mode uint16
OtherData string
OtherLen uint16
(*TKEY) Header() *RR_Header
TKEY has no official presentation format, but this will suffice.
*TKEY : RR
*TKEY : expvar.Var
*TKEY : fmt.Stringer
TLSA RR. See RFC 6698.
Certificate string
Hdr RR_Header
MatchingType uint8
Selector uint8
Usage uint8
(*TLSA) Header() *RR_Header
Sign creates a TLSA record from an SSL certificate.
(*TLSA) String() string
Verify verifies a TLSA record against an SSL certificate. If it is OK
a nil error is returned.
*TLSA : RR
*TLSA : expvar.Var
*TLSA : fmt.Stringer
A Transfer defines parameters that are used during a zone transfer.
Conn *Conn
// minimum receive buffer for UDP messages
// net.DialTimeout, defaults to 2 seconds
// net.Conn.SetReadTimeout value for connections, defaults to 2 seconds
// TLS config. If Xfr over TLS will be attempted
// An implementation of the TsigProvider interface. If defined it replaces TsigSecret and is used for all TSIG operations.
// Secret(s) for Tsig map[<zonename>]<base64 secret>, zonename must be in canonical form (lowercase, fqdn, see RFC 4034 Section 6.2)
// net.Conn.SetWriteTimeout value for connections, defaults to 2 seconds
Close closes the connection.
Any blocked Read or Write operations will be unblocked and return errors.
Close may or may not block until any buffered data is sent;
for TCP connections see [*TCPConn.SetLinger].
In performs an incoming transfer with the server in a.
If you would like to set the source IP, or some other attribute
of a Dialer for a Transfer, you can do so by specifying the attributes
in the Transfer.Conn:
d := net.Dialer{LocalAddr: transfer_source}
con, err := d.Dial("tcp", master)
dnscon := &dns.Conn{Conn:con}
transfer = &dns.Transfer{Conn: dnscon}
channel, err := transfer.In(message, master)
LocalAddr returns the local network address, if known.
Out performs an outgoing transfer with the client connecting in w.
Basic use pattern:
ch := make(chan *dns.Envelope)
tr := new(dns.Transfer)
var wg sync.WaitGroup
wg.Add(1)
go func() {
tr.Out(w, r, ch)
wg.Done()
}()
ch <- &dns.Envelope{RR: []dns.RR{soa, rr1, rr2, rr3, soa}}
close(ch)
wg.Wait() // wait until everything is written out
w.Close() // close connection
The server is responsible for sending the correct sequence of RRs through the channel ch.
Read implements the net.Conn read method.
ReadMsg reads a message from the transfer connection t.
ReadMsgHeader reads a DNS message, parses and populates hdr (when hdr is not nil).
Returns message as a byte slice to be parsed with Msg.Unpack later on.
Note that error handling on the message body is not possible as only the header is parsed.
RemoteAddr returns the remote network address, if known.
SetDeadline sets the read and write deadlines associated
with the connection. It is equivalent to calling both
SetReadDeadline and SetWriteDeadline.
A deadline is an absolute time after which I/O operations
fail instead of blocking. The deadline applies to all future
and pending I/O, not just the immediately following call to
Read or Write. After a deadline has been exceeded, the
connection can be refreshed by setting a deadline in the future.
If the deadline is exceeded a call to Read or Write or to other
I/O methods will return an error that wraps os.ErrDeadlineExceeded.
This can be tested using errors.Is(err, os.ErrDeadlineExceeded).
The error's Timeout method will return true, but note that there
are other possible errors for which the Timeout method will
return true even if the deadline has not been exceeded.
An idle timeout can be implemented by repeatedly extending
the deadline after successful Read or Write calls.
A zero value for t means I/O operations will not time out.
SetReadDeadline sets the deadline for future Read calls
and any currently-blocked Read call.
A zero value for t means Read will not time out.
SetWriteDeadline sets the deadline for future Write calls
and any currently-blocked Write call.
Even if write times out, it may return n > 0, indicating that
some of the data was successfully written.
A zero value for t means Write will not time out.
Write implements the net.Conn Write method.
WriteMsg writes a message through the transfer connection t.
Transfer : Writer
Transfer : github.com/pion/datachannel.ReadDeadliner
Transfer : github.com/pion/datachannel.WriteDeadliner
Transfer : github.com/pion/stun.Connection
Transfer : github.com/pion/stun/v3.Connection
Transfer : github.com/prometheus/common/expfmt.Closer
Transfer : internal/bisect.Writer
Transfer : io.Closer
Transfer : io.ReadCloser
Transfer : io.Reader
Transfer : io.ReadWriteCloser
Transfer : io.ReadWriter
Transfer : io.WriteCloser
Transfer : io.Writer
Transfer : net.Conn
TSIG is the RR the holds the transaction signature of a message.
See RFC 2845 and RFC 4635.
Algorithm string
Error uint16
Fudge uint16
Hdr RR_Header
MAC string
MACSize uint16
OrigId uint16
OtherData string
OtherLen uint16
TimeSigned uint64
(*TSIG) Header() *RR_Header
(*TSIG) String() string
*TSIG : RR
*TSIG : expvar.Var
*TSIG : fmt.Stringer
func (*Msg).IsTsig() *TSIG
func TsigProvider.Generate(msg []byte, t *TSIG) ([]byte, error)
func TsigProvider.Verify(msg []byte, t *TSIG) error
TsigProvider provides the API to plug-in a custom TSIG implementation.
Generate is passed the DNS message to be signed and the partial TSIG RR. It returns the signature and nil, otherwise an error.
Verify is passed the DNS message to be verified and the TSIG RR. If the signature is valid it will return nil, otherwise an error.
func TsigGenerateWithProvider(m *Msg, provider TsigProvider, requestMAC string, timersOnly bool) ([]byte, string, error)
func TsigVerifyWithProvider(msg []byte, provider TsigProvider, requestMAC string, timersOnly bool) error
TXT RR. See RFC 1035.
Hdr RR_Header
Txt []string
(*TXT) Header() *RR_Header
(*TXT) String() string
*TXT : RR
*TXT : expvar.Var
*TXT : fmt.Stringer
Type is a DNS type.
String returns the string representation for the type t.
Type : expvar.Var
Type : fmt.Stringer
UID RR. Deprecated, IANA-Reserved.
Hdr RR_Header
Uid uint32
(*UID) Header() *RR_Header
(*UID) String() string
*UID : RR
*UID : expvar.Var
*UID : fmt.Stringer
UINFO RR. Deprecated, IANA-Reserved.
Hdr RR_Header
Uinfo string
(*UINFO) Header() *RR_Header
(*UINFO) String() string
*UINFO : RR
*UINFO : expvar.Var
*UINFO : fmt.Stringer
URI RR. See RFC 7553.
Hdr RR_Header
Priority uint16
Target string
Weight uint16
(*URI) Header() *RR_Header
rr.Target to be parsed as a sequence of character encoded octets according to RFC 3986
*URI : RR
*URI : expvar.Var
*URI : fmt.Stringer
Writer writes raw DNS messages; each call to Write should send an entire message.
( Writer) Write([]byte) (int, error)
*Conn
ResponseWriter (interface)
Transfer
*github.com/andybalholm/brotli.Writer
*github.com/andybalholm/brotli/matchfinder.Writer
github.com/apache/thrift/lib/go/thrift.RichTransport
*github.com/apache/thrift/lib/go/thrift.StreamTransport
*github.com/apache/thrift/lib/go/thrift.TBufferedTransport
*github.com/apache/thrift/lib/go/thrift.TFramedTransport
*github.com/apache/thrift/lib/go/thrift.THeaderTransport
*github.com/apache/thrift/lib/go/thrift.THttpClient
github.com/apache/thrift/lib/go/thrift.TMemoryBuffer
github.com/apache/thrift/lib/go/thrift.TRichTransport (interface)
github.com/apache/thrift/lib/go/thrift.TransformWriter
*github.com/apache/thrift/lib/go/thrift.TSocket
*github.com/apache/thrift/lib/go/thrift.TSSLSocket
github.com/apache/thrift/lib/go/thrift.TTransport (interface)
*github.com/apache/thrift/lib/go/thrift.TZlibTransport
*github.com/cespare/xxhash/v2.Digest
github.com/coder/websocket/internal/util.WriterFunc
github.com/coreos/etcd/pkg/fileutil.LockedFile
github.com/gdamore/tcell/v2.Tty (interface)
github.com/gliderlabs/ssh.Session (interface)
github.com/go-kit/log.StdlibAdapter
github.com/go-kit/log.StdlibWriter
*github.com/gobwas/ws/wsutil.CipherWriter
*github.com/gobwas/ws/wsutil.ControlWriter
*github.com/gobwas/ws/wsutil.Writer
*github.com/golang/snappy.Writer
*github.com/hamba/avro/v2.Writer
*github.com/hamba/avro/v2/ocf.Encoder
*github.com/hibiken/asynq.ResultWriter
*github.com/json-iterator/go.Stream
*github.com/klauspost/compress/flate.Writer
*github.com/klauspost/compress/gzip.Writer
*github.com/klauspost/compress/internal/snapref.Writer
*github.com/klauspost/compress/s2.Writer
*github.com/klauspost/compress/zstd.Encoder
*github.com/klauspost/compress/zstd/internal/xxhash.Digest
*github.com/libp2p/go-buffer-pool.Buffer
*github.com/libp2p/go-buffer-pool.Writer
github.com/libp2p/go-libp2p/core/network.MuxedStream (interface)
github.com/libp2p/go-libp2p/core/network.Stream (interface)
github.com/libp2p/go-libp2p/core/sec.SecureConn (interface)
github.com/libp2p/go-libp2p/core/sec/insecure.Conn
*github.com/libp2p/go-libp2p/p2p/net/swarm.Stream
*github.com/libp2p/go-libp2p/p2p/protocol/circuitv2/client.Conn
github.com/libp2p/go-libp2p/p2p/transport/tcpreuse/internal/sampledconn.ManetTCPConnInterface (interface)
*github.com/libp2p/go-libp2p/p2p/transport/websocket.Conn
*github.com/libp2p/go-msgio.LimitedWriter
github.com/libp2p/go-msgio.ReadWriteCloser (interface)
github.com/libp2p/go-msgio.ReadWriter (interface)
github.com/libp2p/go-msgio.WriteCloser (interface)
github.com/libp2p/go-msgio.Writer (interface)
*github.com/libp2p/go-yamux/v5.Stream
github.com/marten-seemann/tcp.Conn
github.com/multiformats/go-multiaddr/net.Conn (interface)
github.com/multiformats/go-multihash.Writer (interface)
github.com/multiformats/go-multistream.LazyConn (interface)
*github.com/ncruces/go-sqlite3.Blob
github.com/pancsta/asyncmachine-go/pkg/helpers.SlogToMachLog
*github.com/pancsta/cview.TextView
github.com/parquet-go/parquet-go/compress.Writer (interface)
*github.com/pierrec/lz4/v4.Writer
*github.com/pierrec/lz4/v4/internal/xxh32.XXHZero
*github.com/pion/datachannel.DataChannel
github.com/pion/datachannel.ReadWriteCloser (interface)
github.com/pion/datachannel.ReadWriteCloserDeadliner (interface)
*github.com/pion/dtls/v2.Conn
*github.com/pion/dtls/v3.Conn
*github.com/pion/ice/v4.CandidatePair
*github.com/pion/ice/v4.Conn
github.com/pion/ice/v4/internal/fakenet.PacketConn
*github.com/pion/sctp.Stream
*github.com/pion/srtp/v3.WriteStreamSRTCP
*github.com/pion/srtp/v3.WriteStreamSRTP
github.com/pion/stun.Connection (interface)
*github.com/pion/stun.Message
github.com/pion/stun/v3.Connection (interface)
*github.com/pion/stun/v3.Message
github.com/pion/transport/v2.TCPConn (interface)
github.com/pion/transport/v2.UDPConn (interface)
*github.com/pion/transport/v2/packetio.Buffer
*github.com/pion/transport/v2/udp.Conn
github.com/pion/transport/v3.TCPConn (interface)
github.com/pion/transport/v3.UDPConn (interface)
*github.com/pion/transport/v3/packetio.Buffer
*github.com/pion/transport/v3/vnet.UDPConn
github.com/pion/turn/v4/internal/client.TCPConn
*github.com/pion/webrtc/v4.TrackLocalStaticRTP
github.com/pion/webrtc/v4.TrackLocalWriter (interface)
*github.com/pion/webrtc/v4/internal/mux.Endpoint
*github.com/polarsignals/wal/fs.File
*github.com/quic-go/qpack.Decoder
github.com/quic-go/quic-go.SendStream (interface)
github.com/quic-go/quic-go.Stream (interface)
github.com/quic-go/quic-go/http3.RequestStream (interface)
github.com/quic-go/quic-go/http3.Stream (interface)
github.com/quic-go/quic-go/quicvarint.Writer (interface)
github.com/quic-go/webtransport-go.SendStream (interface)
github.com/quic-go/webtransport-go.Stream (interface)
*github.com/redis/go-redis/v9/internal/pool.Conn
github.com/redis/go-redis/v9/internal/proto.Writer
github.com/soheilhy/cmux.MuxConn
github.com/spaolacci/murmur3.Hash128 (interface)
github.com/yuin/goldmark/util.BufWriter (interface)
*github.com/zeebo/xxh3.Hasher
bufio.ReadWriter
*bufio.Writer
*bytes.Buffer
*compress/flate.Writer
*compress/gzip.Writer
*compress/zlib.Writer
crypto/cipher.StreamWriter
*crypto/internal/fips140/hmac.HMAC
*crypto/internal/fips140/sha256.Digest
*crypto/internal/fips140/sha3.Digest
*crypto/internal/fips140/sha3.SHAKE
*crypto/internal/fips140/sha512.Digest
*crypto/sha3.SHA3
*crypto/sha3.SHAKE
*crypto/tls.Conn
fmt.State (interface)
go.uber.org/zap.Sink (interface)
*go.uber.org/zap/buffer.Buffer
*go.uber.org/zap/zapcore.BufferedWriteSyncer
go.uber.org/zap/zapcore.WriteSyncer (interface)
golang.org/x/crypto/blake2b.XOF (interface)
golang.org/x/crypto/blake2s.XOF (interface)
*golang.org/x/crypto/internal/poly1305.MAC
golang.org/x/crypto/sha3.ShakeHash (interface)
golang.org/x/crypto/ssh.Channel (interface)
*golang.org/x/net/http2/hpack.Decoder
golang.org/x/net/internal/socks.Conn
golang.org/x/net/ipv4.RawConn
*golang.org/x/term.Terminal
golang.org/x/text/internal/format.State (interface)
*golang.org/x/text/transform.Writer
hash.Cloner (interface)
hash.Hash (interface)
hash.Hash32 (interface)
hash.Hash64 (interface)
hash.XOF (interface)
*hash/maphash.Hash
internal/bisect.Writer (interface)
*internal/poll.FD
*io.OffsetWriter
*io.PipeWriter
io.ReadWriteCloser (interface)
io.ReadWriter (interface)
io.ReadWriteSeeker (interface)
io.WriteCloser (interface)
io.Writer (interface)
io.WriteSeeker (interface)
*log/slog/internal/buffer.Buffer
*log/syslog.Writer
*lukechampine.com/blake3.Hasher
*mime/quotedprintable.Writer
mvdan.cc/sh/v3/syntax.Printer
net.Conn (interface)
*net.IPConn
*net.TCPConn
*net.UDPConn
*net.UnixConn
net/http.ResponseWriter (interface)
*net/http/httptest.ResponseRecorder
net/http/internal.FlushAfterChunkWriter
*os.File
*strings.Builder
*text/tabwriter.Writer
*vendor/golang.org/x/crypto/internal/poly1305.MAC
*vendor/golang.org/x/net/http2/hpack.Decoder
*vendor/golang.org/x/text/transform.Writer
Writer : internal/bisect.Writer
Writer : io.Writer
X25 RR. See RFC 1183, Section 3.1.
Hdr RR_Header
PSDNAddress string
(*X25) Header() *RR_Header
(*X25) String() string
*X25 : RR
*X25 : expvar.Var
*X25 : fmt.Stringer
ZONEMD RR, from draft-ietf-dnsop-dns-zone-digest
Digest string
Hash uint8
Hdr RR_Header
Scheme uint8
Serial uint32
(*ZONEMD) Header() *RR_Header
(*ZONEMD) String() string
*ZONEMD : RR
*ZONEMD : expvar.Var
*ZONEMD : fmt.Stringer
ZoneParser is a parser for an RFC 1035 style zonefile.
Each parsed RR in the zone is returned sequentially from Next. An
optional comment can be retrieved with Comment.
The directives $INCLUDE, $ORIGIN, $TTL and $GENERATE are all
supported. Although $INCLUDE is disabled by default.
Note that $GENERATE's range support up to a maximum of 65535 steps.
Basic usage pattern when reading from a string (z) containing the
zone data:
zp := NewZoneParser(strings.NewReader(z), "", "")
for rr, ok := zp.Next(); ok; rr, ok = zp.Next() {
// Do something with rr
}
if err := zp.Err(); err != nil {
// log.Println(err)
}
Comments specified after an RR (and on the same line!) are
returned too:
foo. IN A 10.0.0.1 ; this is a comment
The text "; this is comment" is returned from Comment. Comments inside
the RR are returned concatenated along with the RR. Comments on a line
by themselves are discarded.
Callers should not assume all returned data in an Resource Record is
syntactically correct, e.g. illegal base64 in RRSIGs will be returned as-is.
Comment returns an optional text comment that occurred alongside
the RR.
Err returns the first non-EOF error that was encountered by the
ZoneParser.
Next advances the parser to the next RR in the zonefile and
returns the (RR, true). It will return (nil, false) when the
parsing stops, either by reaching the end of the input or an
error. After Next returns (nil, false), the Err method will return
any error that occurred during parsing.
SetDefaultTTL sets the parsers default TTL to ttl.
SetIncludeAllowed controls whether $INCLUDE directives are
allowed. $INCLUDE directives are not supported by default.
The $INCLUDE directive will open and read from a user controlled
file on the system. Even if the file is not a valid zonefile, the
contents of the file may be revealed in error messages, such as:
/etc/passwd: dns: not a TTL: "root:x:0:0:root:/root:/bin/bash" at line: 1:31
/etc/shadow: dns: not a TTL: "root:$6$<redacted>::0:99999:7:::" at line: 1:125
SetIncludeFS provides an [fs.FS] to use when looking for the target of
$INCLUDE directives. ($INCLUDE must still be enabled separately by calling
[ZoneParser.SetIncludeAllowed].) If fsys is nil, [os.Open] will be used.
When fsys is an on-disk FS, the ability of $INCLUDE to reach files from
outside its root directory depends upon the FS implementation. For
instance, [os.DirFS] will refuse to open paths like "../../etc/passwd",
however it will still follow links which may point anywhere on the system.
FS paths are slash-separated on all systems, even Windows. $INCLUDE paths
containing other characters such as backslash and colon may be accepted as
valid, but those characters will never be interpreted by an FS
implementation as path element separators. See [fs.ValidPath] for more
details.
func NewZoneParser(r io.Reader, origin, file string) *ZoneParser
Package-Level Functions (total 60)
ActivateAndServe activates a server with a listener from systemd,
l and p should not both be non-nil.
If both l and p are not nil only p will be used.
Invoke handler for incoming queries.
CanonicalName returns the domain name in canonical form. A name in canonical
form is lowercase and fully qualified. Only US-ASCII letters are affected. See
Section 6.2 in RFC 4034.
CertificateToDANE converts a certificate to a hex string as used in the TLSA or SMIMEA records.
ClientConfigFromFile parses a resolv.conf(5) like file and returns
a *ClientConfig.
ClientConfigFromReader works like ClientConfigFromFile but takes an io.Reader as argument
CompareDomainName compares the names s1 and s2 and
returns how many labels they have in common starting from the *right*.
The comparison stops at the first inequality. The names are downcased
before the comparison.
www.miek.nl. and miek.nl. have two labels in common: miek and nl
www.miek.nl. and www.bla.nl. have one label in common: nl
s1 and s2 must be syntactically valid domain names.
Copy returns a new RR which is a deep-copy of r.
CountLabel counts the number of labels in the string s.
s must be a syntactically valid domain name.
Dedup removes identical RRs from rrs. It preserves the original ordering.
The lowest TTL of any duplicates is used in the remaining one. Dedup modifies
rrs.
m is used to store the RRs temporary. If it is nil a new map will be allocated.
func DefaultMsgInvalidFunc(m []byte, err error)
Dial connects to the address on the named network.
DialTimeout acts like Dial but takes a timeout.
DialTimeoutWithTLS acts like DialWithTLS but takes a timeout.
DialWithTLS connects to the address on the named network with TLS.
Exchange performs a synchronous UDP query. It sends the message m to the address
contained in a and waits for a reply. Exchange does not retry a failed query, nor
will it fall back to TCP in case of truncation.
See client.Exchange for more information on setting larger buffer sizes.
ExchangeConn performs a synchronous query. It sends the message m via the connection
c and waits for a reply. The connection c is not closed by ExchangeConn.
Deprecated: This function is going away, but can easily be mimicked:
co := &dns.Conn{Conn: c} // c is your net.Conn
co.WriteMsg(m)
in, _ := co.ReadMsg()
co.Close()
ExchangeContext performs a synchronous UDP query, like Exchange. It
additionally obeys deadlines from the passed Context.
Field returns the rdata field i as a string. Fields are indexed starting from 1.
RR types that holds slice data, for instance the NSEC type bitmap will return a single
string where the types are concatenated using a space.
Accessing non existing fields will cause a panic.
Fqdn return the fully qualified domain name from s.
If s is already fully qualified, it behaves as the identity function.
Handle registers the handler with the given pattern
in the DefaultServeMux. The documentation for
ServeMux explains how patterns are matched.
HandleFailed returns a HandlerFunc that returns SERVFAIL for every request it gets.
Deprecated: This function is going away.
HandleFunc registers the handler function with the given pattern
in the DefaultServeMux.
HandleRemove deregisters the handle with the given pattern
in the DefaultServeMux.
HashName hashes a string (label) according to RFC 5155. It returns the hashed string in uppercase.
IsDomainName checks if s is a valid domain name, it returns the number of
labels and true, when a domain name is valid. Note that non fully qualified
domain name is considered valid, in this case the last label is counted in
the number of labels. When false is returned the number of labels is not
defined. Also note that this function is extremely liberal; almost any
string is a valid domain name as the DNS is 8 bit protocol. It checks if each
label fits in 63 characters and that the entire name will fit into the 255
octet wire format limit.
IsDuplicate checks of r1 and r2 are duplicates of each other, excluding the TTL.
So this means the header data is equal *and* the RDATA is the same. Returns true
if so, otherwise false. It's a protocol violation to have identical RRs in a message.
IsFqdn checks if a domain name is fully qualified.
IsMsg sanity checks buf and returns an error if it isn't a valid DNS packet.
The checking is performed on the binary payload.
IsRRset reports whether a set of RRs is a valid RRset as defined by RFC 2181.
This means the RRs need to have the same type, name, and class.
IsSubDomain checks if child is indeed a child of the parent. If child and parent
are the same domain true is returned as well.
Len returns the length (in octets) of the uncompressed RR in wire format.
ListenAndServe Starts a server on address and network specified Invoke handler
for incoming queries.
ListenAndServeTLS acts like http.ListenAndServeTLS, more information in
http://golang.org/pkg/net/http/#ListenAndServeTLS
NewRR reads a string s and returns the first RR.
If s contains no records, NewRR will return nil with no error.
The class defaults to IN, TTL defaults to 3600, and
origin for resolving relative domain names defaults to the DNS root (.).
Full zone file syntax is supported, including directives like $TTL and $ORIGIN.
All fields of the returned RR are set from the read data, except RR.Header().Rdlength which is set to 0.
Is you need a partial resource record with no rdata - for instance - for dynamic updates, see the [ANY]
documentation.
NewServeMux allocates and returns a new ServeMux.
NewZoneParser returns an RFC 1035 style zonefile parser that reads
from r.
The string file is used in error reporting and to resolve relative
$INCLUDE directives. The string origin is used as the initial
origin, as if the file would start with an $ORIGIN directive.
NextLabel returns the index of the start of the next label in the
string s starting at offset. A negative offset will cause a panic.
The bool end is true when the end of the string has been reached.
Also see PrevLabel.
NumField returns the number of rdata fields r has.
PackDomainName packs a domain name s into msg[off:].
If compression is wanted compress must be true and the compression
map needs to hold a mapping between domain names and offsets
pointing into msg.
PackRR packs a resource record rr into msg[off:].
See PackDomainName for documentation about the compression.
PrevLabel returns the index of the label when starting from the right and
jumping n labels to the left.
The bool start is true when the start of the string has been overshot.
Also see NextLabel.
PrivateHandle registers a private resource record type. It requires
string and numeric representation of private RR type and generator function as argument.
PrivateHandleRemove removes definitions required to support private RR type.
ReadFromSessionUDP acts just like net.UDPConn.ReadFrom(), but returns a session object instead of a
net.UDPAddr.
ReadRR reads the RR contained in r.
The string file is used in error reporting and to resolve relative
$INCLUDE directives.
See NewRR for more documentation.
ReverseAddr returns the in-addr.arpa. or ip6.arpa. hostname of the IP
address suitable for reverse DNS (PTR) record lookups or an error if it fails
to parse the IP address.
SMIMEAName returns the ownername of a SMIMEA resource record as per the
format specified in RFC 'draft-ietf-dane-smime-12' Section 2 and 3
Split splits a name s into its label indexes.
www.miek.nl. returns []int{0, 4, 9}, www.miek.nl also returns []int{0, 4, 9}.
The root name (.) returns nil. Also see SplitDomainName.
s must be a syntactically valid domain name.
SplitDomainName splits a name string into it's labels.
www.miek.nl. returns []string{"www", "miek", "nl"}
.www.miek.nl. returns []string{"", "www", "miek", "nl"},
The root label (.) returns nil. Note that using
strings.Split(s) will work in most cases, but does not handle
escaped dots (\.) for instance.
s must be a syntactically valid domain name, see IsDomainName.
StringToTime translates the RRSIG's incep. and expir. times from
string values like "20110403154150" to an 32 bit integer.
It takes serial arithmetic (RFC 1982) into account.
TimeToString translates the RRSIG's incep. and expir. times to the
string representation used when printing the record.
It takes serial arithmetic (RFC 1982) into account.
TLSAName returns the ownername of a TLSA resource record as per the
rules specified in RFC 6698, Section 3.
TsigGenerate fills out the TSIG record attached to the message.
The message should contain a "stub" TSIG RR with the algorithm, key name
(owner name of the RR), time fudge (defaults to 300 seconds) and the current
time The TSIG MAC is saved in that Tsig RR. When TsigGenerate is called for
the first time requestMAC should be set to the empty string and timersOnly to
false.
TsigGenerateWithProvider is similar to TsigGenerate, but allows for a custom TsigProvider.
TsigVerify verifies the TSIG on a message. If the signature does not
validate the returned error contains the cause. If the signature is OK, the
error is nil.
TsigVerifyWithProvider is similar to TsigVerify, but allows for a custom TsigProvider.
UnpackDomainName unpacks a domain name into a string. It returns
the name, the new offset into msg and any error that occurred.
When an error is encountered, the unpacked name will be discarded
and len(msg) will be returned as the offset.
UnpackRR unpacks msg[off:] into an RR.
UnpackRRWithHeader unpacks the record type specific payload given an existing
RR_Header.
WriteToSessionUDP acts just like net.UDPConn.WriteTo(), but uses a *SessionUDP instead of a net.Addr.
Package-Level Variables (total 45)
AlgorithmToHash is a map of algorithm crypto hash IDs to crypto.Hash's.
For newer algorithm that do their own hashing (i.e. ED25519) the returned value
is 0, implying no (external) hashing should occur. The non-exported identityHash is then
used.
AlgorithmToString is a map of algorithm IDs to algorithm names.
CertTypeToString converts the Cert Type to its string representation.
See RFC 4398 and RFC 6944.
ClassToString is a maps Classes to strings for each CLASS wire type.
DefaultMsgAcceptFunc checks the request and will reject if:
* isn't a request (don't respond in that case)
* opcode isn't OpcodeQuery or OpcodeNotify
* does not have exactly 1 question in the question section
* has more than 1 RR in the Answer section
* has more than 0 RRs in the Authority section
* has more than 2 RRs in the Additional section
DefaultServeMux is the default ServeMux used by Serve.
Errors defined in this package.
Errors defined in this package.
Errors defined in this package.
Errors defined in this package.
Errors defined in this package.
Errors defined in this package.
Errors defined in this package.
Errors defined in this package.
Errors defined in this package.
Errors defined in this package.
Errors defined in this package.
Errors defined in this package.
Errors defined in this package.
Errors defined in this package.
Errors defined in this package.
Errors defined in this package.
Errors defined in this package.
Errors defined in this package.
Errors defined in this package.
Errors defined in this package.
Errors defined in this package.
ExtendedErrorCodeToString maps extended error info codes to a human readable
description.
HashToString is a map of hash IDs to names.
Id by default returns a 16-bit random number to be used as a message id. The
number is drawn from a cryptographically secure random number generator.
This being a variable the function can be reassigned to a custom function.
For instance, to make it return a static value for testing:
dns.Id = func() uint16 { return 3 }
OpcodeToString maps Opcodes to strings.
RcodeToString maps Rcodes to strings.
var StatefulTypeToString map[uint16]string
StringToAlgorithm is the reverse of AlgorithmToString.
StringToCertType is the reverse of CertTypeToString.
StringToClass is the reverse of ClassToString, needed for string parsing.
StringToExtendedErrorCode is a map from human readable descriptions to
extended error info codes.
StringToHash is a map of names to hash IDs.
StringToOpcode is a map of opcodes to strings.
StringToRcode is a map of rcodes to strings.
StringToStatefulType is the reverse of StatefulTypeToString.
StringToType is the reverse of TypeToString, needed for string parsing.
TypeToRR is a map of constructors for each RR type.
TypeToString is a map of strings for each RR type.
Version is current version of this library.
Package-Level Constants (total 242)
Used in AMTRELAY https://datatracker.ietf.org/doc/html/rfc8777#section-4.2.3
Used in AMTRELAY https://datatracker.ietf.org/doc/html/rfc8777#section-4.2.3
Used in AMTRELAY https://datatracker.ietf.org/doc/html/rfc8777#section-4.2.3
Used in AMTRELAY https://datatracker.ietf.org/doc/html/rfc8777#section-4.2.3
Different Certificate Types, see RFC 4398, Section 2.1
Different Certificate Types, see RFC 4398, Section 2.1
Different Certificate Types, see RFC 4398, Section 2.1
Different Certificate Types, see RFC 4398, Section 2.1
Different Certificate Types, see RFC 4398, Section 2.1
Different Certificate Types, see RFC 4398, Section 2.1
Different Certificate Types, see RFC 4398, Section 2.1
Different Certificate Types, see RFC 4398, Section 2.1
Different Certificate Types, see RFC 4398, Section 2.1
Different Certificate Types, see RFC 4398, Section 2.1
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
valid Question.Qclass
Wire constants and supported types.
DefaultMsgSize is the standard default for messages larger than 512 bytes.
DNSSEC encryption algorithm codes.
DNSSEC encryption algorithm codes.
DNSSEC encryption algorithm codes.
DNSSEC encryption algorithm codes.
DNSSEC encryption algorithm codes.
DNSSEC encryption algorithm codes.
DNSSEC encryption algorithm codes.
DNSSEC encryption algorithm codes.
EDNS0 Option codes.
EDNS0 Option codes.
EDNS0 Option codes.
EDNS0 Option codes.
EDNS0 Option codes.
EDNS0 Option codes.
EDNS0 Option codes.
EDNS0 Option codes.
EDNS0 Option codes.
EDNS0 Option codes.
EDNS0 Option codes.
EDNS0 Option codes.
EDNS0 Option codes.
EDNS0 Option codes.
EDNS0 Option codes.
Extended DNS Error Codes (RFC 8914).
Extended DNS Error Codes (RFC 8914).
Extended DNS Error Codes (RFC 8914).
Extended DNS Error Codes (RFC 8914).
Extended DNS Error Codes (RFC 8914).
Extended DNS Error Codes (RFC 8914).
Extended DNS Error Codes (RFC 8914).
Extended DNS Error Codes (RFC 8914).
Extended DNS Error Codes (RFC 8914).
Extended DNS Error Codes (RFC 8914).
Extended DNS Error Codes (RFC 8914).
Extended DNS Error Codes (RFC 8914).
Extended DNS Error Codes (RFC 8914).
Extended DNS Error Codes (RFC 8914).
Extended DNS Error Codes (RFC 8914).
Extended DNS Error Codes (RFC 8914).
Extended DNS Error Codes (RFC 8914).
Extended DNS Error Codes (RFC 8914).
Extended DNS Error Codes (RFC 8914).
Extended DNS Error Codes (RFC 8914).
Extended DNS Error Codes (RFC 8914).
Extended DNS Error Codes (RFC 8914).
Extended DNS Error Codes (RFC 8914).
Extended DNS Error Codes (RFC 8914).
Extended DNS Error Codes (RFC 8914).
Extended DNS Error Codes (RFC 8914).
Extended DNS Error Codes (RFC 8914).
Extended DNS Error Codes (RFC 8914).
Extended DNS Error Codes (RFC 8914).
Extended DNS Error Codes (RFC 8914).
Extended DNS Error Codes (RFC 8914).
DNSSEC hashing algorithm codes.
HMAC hashing codes. These are transmitted as domain names.
HMAC hashing codes. These are transmitted as domain names.
HMAC hashing codes. These are transmitted as domain names.
HMAC hashing codes. These are transmitted as domain names.
HMAC hashing codes. These are transmitted as domain names.
HMAC hashing codes. These are transmitted as domain names.
DNSSEC encryption algorithm codes.
Various constants used in the LOC RR. See RFC 1876.
Various constants used in the LOC RR. See RFC 1876.
Various constants used in the LOC RR. See RFC 1876.
Various constants used in the LOC RR. See RFC 1876.
Various constants used in the LOC RR. See RFC 1876.
MaxMsgSize is the largest possible DNS packet.
MinMsgSize is the minimal size of a DNS packet.
Allowed returned values from a MsgAcceptFunc.
Allowed returned values from a MsgAcceptFunc.
Allowed returned values from a MsgAcceptFunc.
Allowed returned values from a MsgAcceptFunc.
Wire constants and supported types.
Wire constants and supported types.
Message Opcodes. There is no 3.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
DNSSEC encryption algorithm codes.
DNSSEC encryption algorithm codes.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Message Response Codes, see https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml
Wire constants and supported types.
Wire constants and supported types.
DNSKEY flag values.
DNSSEC encryption algorithm codes.
DNSSEC encryption algorithm codes.
DNSSEC encryption algorithm codes.
DNSSEC encryption algorithm codes.
DNSSEC encryption algorithm codes.
DNSKEY flag values.
DNSSEC hashing algorithm codes.
DNSSEC hashing algorithm codes.
DNSSEC hashing algorithm codes.
DNSSEC hashing algorithm codes.
Stateful types as defined in RFC 8490.
Stateful types as defined in RFC 8490.
Stateful types as defined in RFC 8490.
Keys defined in rfc9460
Keys defined in rfc9460
Keys defined in rfc9460
Keys defined in rfc9460
Keys defined in rfc9460
Keys defined in rfc9460
Keys defined in rfc9460
Keys defined in rfc9460
Keys defined in rfc9460
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
valid Question.Qtype only
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
Wire constants and supported types.
DNSKEY flag values.
Used in ZONEMD https://tools.ietf.org/html/rfc8976
Used in ZONEMD https://tools.ietf.org/html/rfc8976
Used in ZONEMD https://tools.ietf.org/html/rfc8976
 |
The pages are generated with Golds v0.8.2. (GOOS=linux GOARCH=amd64) Golds is a Go 101 project developed by Tapir Liu. PR and bug reports are welcome and can be submitted to the issue list. Please follow @zigo_101 (reachable from the left QR code) to get the latest news of Golds. |