1 /* 2 * Copyright 2015 The Netty Project 3 * 4 * The Netty Project licenses this file to you under the Apache License, 5 * version 2.0 (the "License"); you may not use this file except in compliance 6 * with the License. You may obtain a copy of the License at: 7 * 8 * https://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 12 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 13 * License for the specific language governing permissions and limitations 14 * under the License. 15 */ 16 package io.netty.handler.codec.dns; 17 18 import io.netty.util.collection.IntObjectHashMap; 19 import io.netty.util.internal.UnstableApi; 20 21 import java.util.HashMap; 22 import java.util.Map; 23 24 /** 25 * Represents a DNS record type. 26 */ 27 @UnstableApi 28 public class DnsRecordType implements Comparable<DnsRecordType> { 29 30 /** 31 * Address record RFC 1035 Returns a 32-bit IPv4 address, most commonly used 32 * to map hostnames to an IP address of the host, but also used for DNSBLs, 33 * storing subnet masks in RFC 1101, etc. 34 */ 35 public static final DnsRecordType A = new DnsRecordType(0x0001, "A"); 36 37 /** 38 * Name server record RFC 1035 Delegates a DNS zone to use the given 39 * authoritative name servers 40 */ 41 public static final DnsRecordType NS = new DnsRecordType(0x0002, "NS"); 42 43 /** 44 * Canonical name record RFC 1035 Alias of one name to another: the DNS 45 * lookup will continue by retrying the lookup with the new name. 46 */ 47 public static final DnsRecordType CNAME = new DnsRecordType(0x0005, "CNAME"); 48 49 /** 50 * Start of [a zone of] authority record RFC 1035 and RFC 2308 Specifies 51 * authoritative information about a DNS zone, including the primary name 52 * server, the email of the domain administrator, the domain serial number, 53 * and several timers relating to refreshing the zone. 54 */ 55 public static final DnsRecordType SOA = new DnsRecordType(0x0006, "SOA"); 56 57 /** 58 * Pointer record RFC 1035 Pointer to a canonical name. Unlike a CNAME, DNS 59 * processing does NOT proceed, just the name is returned. The most common 60 * use is for implementing reverse DNS lookups, but other uses include such 61 * things as DNS-SD. 62 */ 63 public static final DnsRecordType PTR = new DnsRecordType(0x000c, "PTR"); 64 65 /** 66 * Mail exchange record RFC 1035 Maps a domain name to a list of message 67 * transfer agents for that domain. 68 */ 69 public static final DnsRecordType MX = new DnsRecordType(0x000f, "MX"); 70 71 /** 72 * Text record RFC 1035 Originally for arbitrary human-readable text in a 73 * DNS record. Since the early 1990s, however, this record more often 74 * carries machine-readable data, such as specified by RFC 1464, 75 * opportunistic encryption, Sender Policy Framework, DKIM, DMARC DNS-SD, 76 * etc. 77 */ 78 public static final DnsRecordType TXT = new DnsRecordType(0x0010, "TXT"); 79 80 /** 81 * Responsible person record RFC 1183 Information about the responsible 82 * person(s) for the domain. Usually an email address with the @ replaced by 83 * a . 84 */ 85 public static final DnsRecordType RP = new DnsRecordType(0x0011, "RP"); 86 87 /** 88 * AFS database record RFC 1183 Location of database servers of an AFS cell. 89 * This record is commonly used by AFS clients to contact AFS cells outside 90 * their local domain. A subtype of this record is used by the obsolete 91 * DCE/DFS file system. 92 */ 93 public static final DnsRecordType AFSDB = new DnsRecordType(0x0012, "AFSDB"); 94 95 /** 96 * Signature record RFC 2535 Signature record used in SIG(0) (RFC 2931) and 97 * TKEY (RFC 2930). RFC 3755 designated RRSIG as the replacement for SIG for 98 * use within DNSSEC. 99 */ 100 public static final DnsRecordType SIG = new DnsRecordType(0x0018, "SIG"); 101 102 /** 103 * key record RFC 2535 and RFC 2930 Used only for SIG(0) (RFC 2931) and TKEY 104 * (RFC 2930). RFC 3445 eliminated their use for application keys and 105 * limited their use to DNSSEC. RFC 3755 designates DNSKEY as the 106 * replacement within DNSSEC. RFC 4025 designates IPSECKEY as the 107 * replacement for use with IPsec. 108 */ 109 public static final DnsRecordType KEY = new DnsRecordType(0x0019, "KEY"); 110 111 /** 112 * IPv6 address record RFC 3596 Returns a 128-bit IPv6 address, most 113 * commonly used to map hostnames to an IP address of the host. 114 */ 115 public static final DnsRecordType AAAA = new DnsRecordType(0x001c, "AAAA"); 116 117 /** 118 * Location record RFC 1876 Specifies a geographical location associated 119 * with a domain name. 120 */ 121 public static final DnsRecordType LOC = new DnsRecordType(0x001d, "LOC"); 122 123 /** 124 * Service locator RFC 2782 Generalized service location record, used for 125 * newer protocols instead of creating protocol-specific records such as MX. 126 */ 127 public static final DnsRecordType SRV = new DnsRecordType(0x0021, "SRV"); 128 129 /** 130 * Naming Authority Pointer record RFC 3403 Allows regular expression based 131 * rewriting of domain names which can then be used as URIs, further domain 132 * names to lookups, etc. 133 */ 134 public static final DnsRecordType NAPTR = new DnsRecordType(0x0023, "NAPTR"); 135 136 /** 137 * Key eXchanger record RFC 2230 Used with some cryptographic systems (not 138 * including DNSSEC) to identify a key management agent for the associated 139 * domain-name. Note that this has nothing to do with DNS Security. It is 140 * Informational status, rather than being on the IETF standards-track. It 141 * has always had limited deployment, but is still in use. 142 */ 143 public static final DnsRecordType KX = new DnsRecordType(0x0024, "KX"); 144 145 /** 146 * Certificate record RFC 4398 Stores PKIX, SPKI, PGP, etc. 147 */ 148 public static final DnsRecordType CERT = new DnsRecordType(0x0025, "CERT"); 149 150 /** 151 * Delegation name record RFC 2672 DNAME creates an alias for a name and all 152 * its subnames, unlike CNAME, which aliases only the exact name in its 153 * label. Like the CNAME record, the DNS lookup will continue by retrying 154 * the lookup with the new name. 155 */ 156 public static final DnsRecordType DNAME = new DnsRecordType(0x0027, "DNAME"); 157 158 /** 159 * Option record RFC 2671 This is a pseudo DNS record type needed to support 160 * EDNS. 161 */ 162 public static final DnsRecordType OPT = new DnsRecordType(0x0029, "OPT"); 163 164 /** 165 * Address Prefix List record RFC 3123 Specify lists of address ranges, e.g. 166 * in CIDR format, for various address families. Experimental. 167 */ 168 public static final DnsRecordType APL = new DnsRecordType(0x002a, "APL"); 169 170 /** 171 * Delegation signer record RFC 4034 The record used to identify the DNSSEC 172 * signing key of a delegated zone. 173 */ 174 public static final DnsRecordType DS = new DnsRecordType(0x002b, "DS"); 175 176 /** 177 * SSH Public Key Fingerprint record RFC 4255 Resource record for publishing 178 * SSH public host key fingerprints in the DNS System, in order to aid in 179 * verifying the authenticity of the host. RFC 6594 defines ECC SSH keys and 180 * SHA-256 hashes. See the IANA SSHFP RR parameters registry for details. 181 */ 182 public static final DnsRecordType SSHFP = new DnsRecordType(0x002c, "SSHFP"); 183 184 /** 185 * IPsec Key record RFC 4025 Key record that can be used with IPsec. 186 */ 187 public static final DnsRecordType IPSECKEY = new DnsRecordType(0x002d, "IPSECKEY"); 188 189 /** 190 * DNSSEC signature record RFC 4034 Signature for a DNSSEC-secured record 191 * set. Uses the same format as the SIG record. 192 */ 193 public static final DnsRecordType RRSIG = new DnsRecordType(0x002e, "RRSIG"); 194 195 /** 196 * Next-Secure record RFC 4034 Part of DNSSEC, used to prove a name does not 197 * exist. Uses the same format as the (obsolete) NXT record. 198 */ 199 public static final DnsRecordType NSEC = new DnsRecordType(0x002f, "NSEC"); 200 201 /** 202 * DNS Key record RFC 4034 The key record used in DNSSEC. Uses the same 203 * format as the KEY record. 204 */ 205 public static final DnsRecordType DNSKEY = new DnsRecordType(0x0030, "DNSKEY"); 206 207 /** 208 * DHCP identifier record RFC 4701 Used in conjunction with the FQDN option 209 * to DHCP. 210 */ 211 public static final DnsRecordType DHCID = new DnsRecordType(0x0031, "DHCID"); 212 213 /** 214 * NSEC record version 3 RFC 5155 An extension to DNSSEC that allows proof 215 * of nonexistence for a name without permitting zonewalking. 216 */ 217 public static final DnsRecordType NSEC3 = new DnsRecordType(0x0032, "NSEC3"); 218 219 /** 220 * NSEC3 parameters record RFC 5155 Parameter record for use with NSEC3. 221 */ 222 public static final DnsRecordType NSEC3PARAM = new DnsRecordType(0x0033, "NSEC3PARAM"); 223 224 /** 225 * TLSA certificate association record RFC 6698 A record for DNS-based 226 * Authentication of Named Entities (DANE). RFC 6698 defines The TLSA DNS 227 * resource record is used to associate a TLS server certificate or public 228 * key with the domain name where the record is found, thus forming a 'TLSA 229 * certificate association'. 230 */ 231 public static final DnsRecordType TLSA = new DnsRecordType(0x0034, "TLSA"); 232 233 /** 234 * Host Identity Protocol record RFC 5205 Method of separating the end-point 235 * identifier and locator roles of IP addresses. 236 */ 237 public static final DnsRecordType HIP = new DnsRecordType(0x0037, "HIP"); 238 239 /** 240 * Sender Policy Framework record RFC 4408 Specified as part of the SPF 241 * protocol as an alternative to of storing SPF data in TXT records. Uses 242 * the same format as the earlier TXT record. 243 */ 244 public static final DnsRecordType SPF = new DnsRecordType(0x0063, "SPF"); 245 246 /** 247 * Secret key record RFC 2930 A method of providing keying material to be 248 * used with TSIG that is encrypted under the public key in an accompanying 249 * KEY RR.. 250 */ 251 public static final DnsRecordType TKEY = new DnsRecordType(0x00f9, "TKEY"); 252 253 /** 254 * Transaction Signature record RFC 2845 Can be used to authenticate dynamic 255 * updates as coming from an approved client, or to authenticate responses 256 * as coming from an approved recursive name server similar to DNSSEC. 257 */ 258 public static final DnsRecordType TSIG = new DnsRecordType(0x00fa, "TSIG"); 259 260 /** 261 * Incremental Zone Transfer record RFC 1996 Requests a zone transfer of the 262 * given zone but only differences from a previous serial number. This 263 * request may be ignored and a full (AXFR) sent in response if the 264 * authoritative server is unable to fulfill the request due to 265 * configuration or lack of required deltas. 266 */ 267 public static final DnsRecordType IXFR = new DnsRecordType(0x00fb, "IXFR"); 268 269 /** 270 * Authoritative Zone Transfer record RFC 1035 Transfer entire zone file 271 * from the master name server to secondary name servers. 272 */ 273 public static final DnsRecordType AXFR = new DnsRecordType(0x00fc, "AXFR"); 274 275 /** 276 * All cached records RFC 1035 Returns all records of all types known to the 277 * name server. If the name server does not have any information on the 278 * name, the request will be forwarded on. The records returned may not be 279 * complete. For example, if there is both an A and an MX for a name, but 280 * the name server has only the A record cached, only the A record will be 281 * returned. Sometimes referred to as ANY, for example in Windows nslookup 282 * and Wireshark. 283 */ 284 public static final DnsRecordType ANY = new DnsRecordType(0x00ff, "ANY"); 285 286 /** 287 * Certification Authority Authorization record RFC 6844 CA pinning, 288 * constraining acceptable CAs for a host/domain. 289 */ 290 public static final DnsRecordType CAA = new DnsRecordType(0x0101, "CAA"); 291 292 /** 293 * DNSSEC Trust Authorities record N/A Part of a deployment proposal for 294 * DNSSEC without a signed DNS root. See the IANA database and Weiler Spec 295 * for details. Uses the same format as the DS record. 296 */ 297 public static final DnsRecordType TA = new DnsRecordType(0x8000, "TA"); 298 299 /** 300 * DNSSEC Lookaside Validation record RFC 4431 For publishing DNSSEC trust 301 * anchors outside of the DNS delegation chain. Uses the same format as the 302 * DS record. RFC 5074 describes a way of using these records. 303 */ 304 public static final DnsRecordType DLV = new DnsRecordType(0x8001, "DLV"); 305 306 private static final Map<String, DnsRecordType> BY_NAME = new HashMap<String, DnsRecordType>(); 307 private static final IntObjectHashMap<DnsRecordType> BY_TYPE = new IntObjectHashMap<DnsRecordType>(); 308 private static final String EXPECTED; 309 310 static { 311 DnsRecordType[] all = { 312 A, NS, CNAME, SOA, PTR, MX, TXT, RP, AFSDB, SIG, KEY, AAAA, LOC, SRV, NAPTR, KX, CERT, DNAME, OPT, APL, 313 DS, SSHFP, IPSECKEY, RRSIG, NSEC, DNSKEY, DHCID, NSEC3, NSEC3PARAM, TLSA, HIP, SPF, TKEY, TSIG, IXFR, 314 AXFR, ANY, CAA, TA, DLV 315 }; 316 317 final StringBuilder expected = new StringBuilder(512); 318 319 expected.append(" (expected: "); 320 for (DnsRecordType type: all) { 321 BY_NAME.put(type.name(), type); 322 BY_TYPE.put(type.intValue(), type); 323 324 expected.append(type.name()) 325 .append('(') 326 .append(type.intValue()) 327 .append("), "); 328 } 329 330 expected.setLength(expected.length() - 2); 331 expected.append(')'); 332 EXPECTED = expected.toString(); 333 } 334 335 public static DnsRecordType valueOf(int intValue) { 336 DnsRecordType result = BY_TYPE.get(intValue); 337 if (result == null) { 338 return new DnsRecordType(intValue); 339 } 340 return result; 341 } 342 343 public static DnsRecordType valueOf(String name) { 344 DnsRecordType result = BY_NAME.get(name); 345 if (result == null) { 346 throw new IllegalArgumentException("name: " + name + EXPECTED); 347 } 348 return result; 349 } 350 351 private final int intValue; 352 private final String name; 353 private String text; 354 355 private DnsRecordType(int intValue) { 356 this(intValue, "UNKNOWN"); 357 } 358 359 public DnsRecordType(int intValue, String name) { 360 if ((intValue & 0xffff) != intValue) { 361 throw new IllegalArgumentException("intValue: " + intValue + " (expected: 0 ~ 65535)"); 362 } 363 this.intValue = intValue; 364 this.name = name; 365 } 366 367 /** 368 * Returns the name of this type, as seen in bind config files 369 */ 370 public String name() { 371 return name; 372 } 373 374 /** 375 * Returns the value of this DnsType as it appears in DNS protocol 376 */ 377 public int intValue() { 378 return intValue; 379 } 380 381 @Override 382 public int hashCode() { 383 return intValue; 384 } 385 386 @Override 387 public boolean equals(Object o) { 388 return o instanceof DnsRecordType && ((DnsRecordType) o).intValue == intValue; 389 } 390 391 @Override 392 public int compareTo(DnsRecordType o) { 393 return intValue() - o.intValue(); 394 } 395 396 @Override 397 public String toString() { 398 String text = this.text; 399 if (text == null) { 400 this.text = text = name + '(' + intValue() + ')'; 401 } 402 return text; 403 } 404 }