1 /* 2 * Copyright 2015 The Netty Project 3 * 4 * The Netty Project licenses this file to you under the Apache License, 5 * version 2.0 (the "License"); you may not use this file except in compliance 6 * with the License. You may obtain a copy of the License at: 7 * 8 * https://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 12 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 13 * License for the specific language governing permissions and limitations 14 * under the License. 15 */ 16 package io.netty.handler.codec.dns; 17 18 import io.netty.util.collection.IntObjectHashMap; 19 20 import java.util.HashMap; 21 import java.util.Map; 22 23 /** 24 * Represents a DNS record type. 25 */ 26 public class DnsRecordType implements Comparable<DnsRecordType> { 27 28 /** 29 * Address record RFC 1035 Returns a 32-bit IPv4 address, most commonly used 30 * to map hostnames to an IP address of the host, but also used for DNSBLs, 31 * storing subnet masks in RFC 1101, etc. 32 */ 33 public static final DnsRecordType A = new DnsRecordType(0x0001, "A"); 34 35 /** 36 * Name server record RFC 1035 Delegates a DNS zone to use the given 37 * authoritative name servers 38 */ 39 public static final DnsRecordType NS = new DnsRecordType(0x0002, "NS"); 40 41 /** 42 * Canonical name record RFC 1035 Alias of one name to another: the DNS 43 * lookup will continue by retrying the lookup with the new name. 44 */ 45 public static final DnsRecordType CNAME = new DnsRecordType(0x0005, "CNAME"); 46 47 /** 48 * Start of [a zone of] authority record RFC 1035 and RFC 2308 Specifies 49 * authoritative information about a DNS zone, including the primary name 50 * server, the email of the domain administrator, the domain serial number, 51 * and several timers relating to refreshing the zone. 52 */ 53 public static final DnsRecordType SOA = new DnsRecordType(0x0006, "SOA"); 54 55 /** 56 * Pointer record RFC 1035 Pointer to a canonical name. Unlike a CNAME, DNS 57 * processing does NOT proceed, just the name is returned. The most common 58 * use is for implementing reverse DNS lookups, but other uses include such 59 * things as DNS-SD. 60 */ 61 public static final DnsRecordType PTR = new DnsRecordType(0x000c, "PTR"); 62 63 /** 64 * Mail exchange record RFC 1035 Maps a domain name to a list of message 65 * transfer agents for that domain. 66 */ 67 public static final DnsRecordType MX = new DnsRecordType(0x000f, "MX"); 68 69 /** 70 * Text record RFC 1035 Originally for arbitrary human-readable text in a 71 * DNS record. Since the early 1990s, however, this record more often 72 * carries machine-readable data, such as specified by RFC 1464, 73 * opportunistic encryption, Sender Policy Framework, DKIM, DMARC DNS-SD, 74 * etc. 75 */ 76 public static final DnsRecordType TXT = new DnsRecordType(0x0010, "TXT"); 77 78 /** 79 * Responsible person record RFC 1183 Information about the responsible 80 * person(s) for the domain. Usually an email address with the @ replaced by 81 * a . 82 */ 83 public static final DnsRecordType RP = new DnsRecordType(0x0011, "RP"); 84 85 /** 86 * AFS database record RFC 1183 Location of database servers of an AFS cell. 87 * This record is commonly used by AFS clients to contact AFS cells outside 88 * their local domain. A subtype of this record is used by the obsolete 89 * DCE/DFS file system. 90 */ 91 public static final DnsRecordType AFSDB = new DnsRecordType(0x0012, "AFSDB"); 92 93 /** 94 * Signature record RFC 2535 Signature record used in SIG(0) (RFC 2931) and 95 * TKEY (RFC 2930). RFC 3755 designated RRSIG as the replacement for SIG for 96 * use within DNSSEC. 97 */ 98 public static final DnsRecordType SIG = new DnsRecordType(0x0018, "SIG"); 99 100 /** 101 * key record RFC 2535 and RFC 2930 Used only for SIG(0) (RFC 2931) and TKEY 102 * (RFC 2930). RFC 3445 eliminated their use for application keys and 103 * limited their use to DNSSEC. RFC 3755 designates DNSKEY as the 104 * replacement within DNSSEC. RFC 4025 designates IPSECKEY as the 105 * replacement for use with IPsec. 106 */ 107 public static final DnsRecordType KEY = new DnsRecordType(0x0019, "KEY"); 108 109 /** 110 * IPv6 address record RFC 3596 Returns a 128-bit IPv6 address, most 111 * commonly used to map hostnames to an IP address of the host. 112 */ 113 public static final DnsRecordType AAAA = new DnsRecordType(0x001c, "AAAA"); 114 115 /** 116 * Location record RFC 1876 Specifies a geographical location associated 117 * with a domain name. 118 */ 119 public static final DnsRecordType LOC = new DnsRecordType(0x001d, "LOC"); 120 121 /** 122 * Service locator RFC 2782 Generalized service location record, used for 123 * newer protocols instead of creating protocol-specific records such as MX. 124 */ 125 public static final DnsRecordType SRV = new DnsRecordType(0x0021, "SRV"); 126 127 /** 128 * Naming Authority Pointer record RFC 3403 Allows regular expression based 129 * rewriting of domain names which can then be used as URIs, further domain 130 * names to lookups, etc. 131 */ 132 public static final DnsRecordType NAPTR = new DnsRecordType(0x0023, "NAPTR"); 133 134 /** 135 * Key eXchanger record RFC 2230 Used with some cryptographic systems (not 136 * including DNSSEC) to identify a key management agent for the associated 137 * domain-name. Note that this has nothing to do with DNS Security. It is 138 * Informational status, rather than being on the IETF standards-track. It 139 * has always had limited deployment, but is still in use. 140 */ 141 public static final DnsRecordType KX = new DnsRecordType(0x0024, "KX"); 142 143 /** 144 * Certificate record RFC 4398 Stores PKIX, SPKI, PGP, etc. 145 */ 146 public static final DnsRecordType CERT = new DnsRecordType(0x0025, "CERT"); 147 148 /** 149 * Delegation name record RFC 2672 DNAME creates an alias for a name and all 150 * its subnames, unlike CNAME, which aliases only the exact name in its 151 * label. Like the CNAME record, the DNS lookup will continue by retrying 152 * the lookup with the new name. 153 */ 154 public static final DnsRecordType DNAME = new DnsRecordType(0x0027, "DNAME"); 155 156 /** 157 * Option record RFC 2671 This is a pseudo DNS record type needed to support 158 * EDNS. 159 */ 160 public static final DnsRecordType OPT = new DnsRecordType(0x0029, "OPT"); 161 162 /** 163 * Address Prefix List record RFC 3123 Specify lists of address ranges, e.g. 164 * in CIDR format, for various address families. Experimental. 165 */ 166 public static final DnsRecordType APL = new DnsRecordType(0x002a, "APL"); 167 168 /** 169 * Delegation signer record RFC 4034 The record used to identify the DNSSEC 170 * signing key of a delegated zone. 171 */ 172 public static final DnsRecordType DS = new DnsRecordType(0x002b, "DS"); 173 174 /** 175 * SSH Public Key Fingerprint record RFC 4255 Resource record for publishing 176 * SSH public host key fingerprints in the DNS System, in order to aid in 177 * verifying the authenticity of the host. RFC 6594 defines ECC SSH keys and 178 * SHA-256 hashes. See the IANA SSHFP RR parameters registry for details. 179 */ 180 public static final DnsRecordType SSHFP = new DnsRecordType(0x002c, "SSHFP"); 181 182 /** 183 * IPsec Key record RFC 4025 Key record that can be used with IPsec. 184 */ 185 public static final DnsRecordType IPSECKEY = new DnsRecordType(0x002d, "IPSECKEY"); 186 187 /** 188 * DNSSEC signature record RFC 4034 Signature for a DNSSEC-secured record 189 * set. Uses the same format as the SIG record. 190 */ 191 public static final DnsRecordType RRSIG = new DnsRecordType(0x002e, "RRSIG"); 192 193 /** 194 * Next-Secure record RFC 4034 Part of DNSSEC, used to prove a name does not 195 * exist. Uses the same format as the (obsolete) NXT record. 196 */ 197 public static final DnsRecordType NSEC = new DnsRecordType(0x002f, "NSEC"); 198 199 /** 200 * DNS Key record RFC 4034 The key record used in DNSSEC. Uses the same 201 * format as the KEY record. 202 */ 203 public static final DnsRecordType DNSKEY = new DnsRecordType(0x0030, "DNSKEY"); 204 205 /** 206 * DHCP identifier record RFC 4701 Used in conjunction with the FQDN option 207 * to DHCP. 208 */ 209 public static final DnsRecordType DHCID = new DnsRecordType(0x0031, "DHCID"); 210 211 /** 212 * NSEC record version 3 RFC 5155 An extension to DNSSEC that allows proof 213 * of nonexistence for a name without permitting zonewalking. 214 */ 215 public static final DnsRecordType NSEC3 = new DnsRecordType(0x0032, "NSEC3"); 216 217 /** 218 * NSEC3 parameters record RFC 5155 Parameter record for use with NSEC3. 219 */ 220 public static final DnsRecordType NSEC3PARAM = new DnsRecordType(0x0033, "NSEC3PARAM"); 221 222 /** 223 * TLSA certificate association record RFC 6698 A record for DNS-based 224 * Authentication of Named Entities (DANE). RFC 6698 defines The TLSA DNS 225 * resource record is used to associate a TLS server certificate or public 226 * key with the domain name where the record is found, thus forming a 'TLSA 227 * certificate association'. 228 */ 229 public static final DnsRecordType TLSA = new DnsRecordType(0x0034, "TLSA"); 230 231 /** 232 * Host Identity Protocol record RFC 5205 Method of separating the end-point 233 * identifier and locator roles of IP addresses. 234 */ 235 public static final DnsRecordType HIP = new DnsRecordType(0x0037, "HIP"); 236 237 /** 238 * Sender Policy Framework record RFC 4408 Specified as part of the SPF 239 * protocol as an alternative to of storing SPF data in TXT records. Uses 240 * the same format as the earlier TXT record. 241 */ 242 public static final DnsRecordType SPF = new DnsRecordType(0x0063, "SPF"); 243 244 /** 245 * Secret key record RFC 2930 A method of providing keying material to be 246 * used with TSIG that is encrypted under the public key in an accompanying 247 * KEY RR.. 248 */ 249 public static final DnsRecordType TKEY = new DnsRecordType(0x00f9, "TKEY"); 250 251 /** 252 * Transaction Signature record RFC 2845 Can be used to authenticate dynamic 253 * updates as coming from an approved client, or to authenticate responses 254 * as coming from an approved recursive name server similar to DNSSEC. 255 */ 256 public static final DnsRecordType TSIG = new DnsRecordType(0x00fa, "TSIG"); 257 258 /** 259 * Incremental Zone Transfer record RFC 1996 Requests a zone transfer of the 260 * given zone but only differences from a previous serial number. This 261 * request may be ignored and a full (AXFR) sent in response if the 262 * authoritative server is unable to fulfill the request due to 263 * configuration or lack of required deltas. 264 */ 265 public static final DnsRecordType IXFR = new DnsRecordType(0x00fb, "IXFR"); 266 267 /** 268 * Authoritative Zone Transfer record RFC 1035 Transfer entire zone file 269 * from the master name server to secondary name servers. 270 */ 271 public static final DnsRecordType AXFR = new DnsRecordType(0x00fc, "AXFR"); 272 273 /** 274 * All cached records RFC 1035 Returns all records of all types known to the 275 * name server. If the name server does not have any information on the 276 * name, the request will be forwarded on. The records returned may not be 277 * complete. For example, if there is both an A and an MX for a name, but 278 * the name server has only the A record cached, only the A record will be 279 * returned. Sometimes referred to as ANY, for example in Windows nslookup 280 * and Wireshark. 281 */ 282 public static final DnsRecordType ANY = new DnsRecordType(0x00ff, "ANY"); 283 284 /** 285 * Certification Authority Authorization record RFC 6844 CA pinning, 286 * constraining acceptable CAs for a host/domain. 287 */ 288 public static final DnsRecordType CAA = new DnsRecordType(0x0101, "CAA"); 289 290 /** 291 * DNSSEC Trust Authorities record N/A Part of a deployment proposal for 292 * DNSSEC without a signed DNS root. See the IANA database and Weiler Spec 293 * for details. Uses the same format as the DS record. 294 */ 295 public static final DnsRecordType TA = new DnsRecordType(0x8000, "TA"); 296 297 /** 298 * DNSSEC Lookaside Validation record RFC 4431 For publishing DNSSEC trust 299 * anchors outside of the DNS delegation chain. Uses the same format as the 300 * DS record. RFC 5074 describes a way of using these records. 301 */ 302 public static final DnsRecordType DLV = new DnsRecordType(0x8001, "DLV"); 303 304 /** 305 * Service Binding and Parameter Specification via the DNS (SVCB and HTTPS Resource Records). 306 * See <a href="https://www.rfc-editor.org/rfc/rfc9460.html#section-14.1">RFC9460 SVCB RR Type</a>. 307 */ 308 public static final DnsRecordType SVCB = new DnsRecordType(0x0040, "SVCB"); 309 310 /** 311 * Service Binding and Parameter Specification via the DNS (SVCB and HTTPS Resource Records). 312 * See <a href="https://www.rfc-editor.org/rfc/rfc9460.html#section-14.2">RFC9460 HTTPS RR Type</a>. 313 */ 314 public static final DnsRecordType HTTPS = new DnsRecordType(0x0041, "HTTPS"); 315 316 private static final Map<String, DnsRecordType> BY_NAME = new HashMap<String, DnsRecordType>(); 317 private static final IntObjectHashMap<DnsRecordType> BY_TYPE = new IntObjectHashMap<DnsRecordType>(); 318 private static final String EXPECTED; 319 320 static { 321 DnsRecordType[] all = { 322 A, NS, CNAME, SOA, PTR, MX, TXT, RP, AFSDB, SIG, KEY, AAAA, LOC, SRV, NAPTR, KX, CERT, DNAME, OPT, APL, 323 DS, SSHFP, IPSECKEY, RRSIG, NSEC, DNSKEY, DHCID, NSEC3, NSEC3PARAM, TLSA, HIP, SPF, TKEY, TSIG, IXFR, 324 AXFR, ANY, CAA, TA, DLV, SVCB, HTTPS 325 }; 326 327 final StringBuilder expected = new StringBuilder(512); 328 329 expected.append(" (expected: "); 330 for (DnsRecordType type: all) { 331 BY_NAME.put(type.name(), type); 332 BY_TYPE.put(type.intValue(), type); 333 334 expected.append(type.name()) 335 .append('(') 336 .append(type.intValue()) 337 .append("), "); 338 } 339 340 expected.setLength(expected.length() - 2); 341 expected.append(')'); 342 EXPECTED = expected.toString(); 343 } 344 345 public static DnsRecordType valueOf(int intValue) { 346 DnsRecordType result = BY_TYPE.get(intValue); 347 if (result == null) { 348 return new DnsRecordType(intValue); 349 } 350 return result; 351 } 352 353 public static DnsRecordType valueOf(String name) { 354 DnsRecordType result = BY_NAME.get(name); 355 if (result == null) { 356 throw new IllegalArgumentException("name: " + name + EXPECTED); 357 } 358 return result; 359 } 360 361 private final int intValue; 362 private final String name; 363 private String text; 364 365 private DnsRecordType(int intValue) { 366 this(intValue, "UNKNOWN"); 367 } 368 369 public DnsRecordType(int intValue, String name) { 370 if ((intValue & 0xffff) != intValue) { 371 throw new IllegalArgumentException("intValue: " + intValue + " (expected: 0 ~ 65535)"); 372 } 373 this.intValue = intValue; 374 this.name = name; 375 } 376 377 /** 378 * Returns the name of this type, as seen in bind config files 379 */ 380 public String name() { 381 return name; 382 } 383 384 /** 385 * Returns the value of this DnsType as it appears in DNS protocol 386 */ 387 public int intValue() { 388 return intValue; 389 } 390 391 @Override 392 public int hashCode() { 393 return intValue; 394 } 395 396 @Override 397 public boolean equals(Object o) { 398 return o instanceof DnsRecordType && ((DnsRecordType) o).intValue == intValue; 399 } 400 401 @Override 402 public int compareTo(DnsRecordType o) { 403 return intValue() - o.intValue(); 404 } 405 406 @Override 407 public String toString() { 408 String text = this.text; 409 if (text == null) { 410 this.text = text = name + '(' + intValue() + ')'; 411 } 412 return text; 413 } 414 }