dnsjava is an implementation of DNS in Java. It supports almost all defined record types (including the DNSSEC types), and unknown types. It can be used for queries, zone transfers, and dynamic updates. It includes a cache which can be used by clients, and an authoritative only server. It supports TSIG authenticated messages, partial DNSSEC verification, and EDNS0. It is fully thread safe.
dnsjava was started as an excuse to learn Java. It was useful for testing new features in BIND without rewriting the C resolver. It was then cleaned up and extended in order to be used as a testing framework for DNS interoperability testing. The high level API and caching resolver were added to make it useful to a wider audience. The authoritative only server was added as proof of concept.
This repository has been a mirror of the dnsjava project at Sourceforge since 2014 to maintain the Maven build for publishing to Maven Central. As of 2019-05-15, Github is officially the new home of dnsjava.
Please use the Github issue tracker and send - well tested - pull requests. The [email protected] mailing list still exists.
Some settings of dnsjava can be configured via system properties:
Property | Type | Default | Example |
---|---|---|---|
Explanation | |||
dns[.fallback].server | String | - | 8.8.8.8,[2001:4860:4860::8888]:853,dns.google |
DNS server(s) to use for resolving. Comma separated list. Can be IPv4/IPv6 addresses or hostnames (which are resolved using Java's built in DNS support). | |||
dns[.fallback].search | String | - | ds.example.com,example.com |
Comma separated list of DNS search paths. | |||
dns[.fallback].ndots | Integer | 1 | 2 |
Sets a threshold for the number of dots which must appear in a name given to resolve before an initial absolute query will be made. | |||
dnsjava.options | option list | - | BINDTTL,tsigfudge=1 |
Comma separated key-value pairs, see below. | |||
dnsjava.configprovider.skipinit | Boolean | false | true |
Set to true to disable static ResolverConfig initialization. | |||
dnsjava.configprovider.sunjvm.enabled | Boolean | false | true |
Set to true to enable the reflection based DNS server lookup, see limitations below. | |||
dnsjava.udp.ephemeral.start | Integer | 49152 (Linux: 32768) | 50000 |
First ephemeral port for UDP-based DNS queries. | |||
dnsjava.udp.ephemeral.end | Integer | 65535 (Linux: 60999) | 60000 |
Last ephemeral port for UDP-based DNS queries. | |||
dnsjava.udp.ephemeral.use_ephemeral_port | Boolean | false | true |
Use an OS-assigned ephemeral port for UDP queries. Enabling this option is insecure! Do NOT use it. |
The dnsjava.options configuration options can also be set programmatically
through the Options
class. Please refer to the Javadoc for details.
Key | Type | Default | Explanation |
---|---|---|---|
BINDTTL | Boolean | false | Print TTLs in BIND format |
multiline | Boolean | false | Print records in multiline format |
noPrintIN | Boolean | false | Don't print the class of a record if it's IN |
tsigfudge | Integer | 300 | Sets the default TSIG fudge value (in seconds) |
sig0validity | Integer | 300 | Sets the default SIG(0) validity period (in seconds) |
dnsjava comes with several built-in resolvers:
SimpleResolver
: a basic resolver that uses UDP by default and falls back
to TCP if required.ExtendedResolver
: a resolver that uses multiple SimpleResolver
s to send
the queries. Can be configured to query the servers in a round-robin order.
Blacklists a server if it times out.DohResolver
: a very basic DNS over HTTP resolver, e.g. to use
https://dns.google/query
.The project dnssecjava has a resolver that validates responses with DNSSEC.
dnsjava 3 has significant API changes compared to version 2.1.x and is neither source nor binary compatible. The most important changes are:
slf4j-api
on the classpathorg.xbill.DNS.tools
packageResolver
API for custom resolvers has changed to use
CompletionStage<Message>
for asynchronous resolving. The built-in
resolvers are now fully non-blocking and do not start a thread per
query anymore.List<T>
instead of an array. Ideally, use a
for-each loop. If this isn't possible, call size()
instead of
using length
:
Iterator
. Ideally, modify your
code to use a for-each loop. If this is not possible, create an iterator
on the returned list:
java.util.Date
are deprecated. Use the new versions with
java.time.Instant
or java.time.Duration
insteadSMIMEARecord
changed, it now inherits from
TLSARecord
and constants are sharedRecord
s are no longer marked as Serializable
. Use the RFC defined
serialization formats:
toString()
, rrToString()
<-> fromString()
toWire()
<-> fromWire()
, newRecord()
Message
and Header
properly supported clone()
Java versions from 1.4 to 8 can load DNS service providers at runtime. The functionality was removed in JDK 9, a replacement is requested, but so far has not been implemented.
To load the dnsjava service provider, build dnsjava on JDK 8 and set the system property:
sun.net.spi.nameservice.provider.1=dns,dnsjava
This instructs the JVM to use the dnsjava service provide for DNS at the highest priority.
Run mvn package
from the toplevel directory to build dnsjava. JDK 8
or higher is required.
Matt Rutherford contributed a number of unit
tests, which are in the tests subdirectory. The hierarchy under tests
mirrors the org.xbill.DNS classes. To run the unit tests, execute
mvn test
.
There's no standard way to determine what the local nameserver or DNS search path is at runtime from within the JVM. dnsjava attempts several methods until one succeeds.
dns.server
and dns.search
(comma delimited lists) are
checked. The servers can either be IP addresses or hostnames (which are
resolved using Java's built in DNS support)./etc/resolv.conf
is parsed.GetAdaptersAddresses
API is used.net.dns[1234]
or the ConnectivityManager
is used (requires initialization).sun.net.dns.ResolverConfiguration
class is queried if enabled.localhost
is used as the nameserver, and the search
path is empty.Javadoc documentation can be built with mvn javadoc:javadoc
or viewed online
at javadoc.io. See the
examples for some basic usage information.
dnsjava is placed under the BSD license. Several files are also under additional licenses; see the individual files for details.