{"id":13630880,"url":"https://github.com/dnsjava/dnsjava","last_synced_at":"2026-01-18T19:00:40.942Z","repository":{"id":14374543,"uuid":"17084567","full_name":"dnsjava/dnsjava","owner":"dnsjava","description":"dnsjava - an implementation of the DNS protocol in Java","archived":false,"fork":false,"pushed_at":"2025-08-02T11:40:26.000Z","size":7863,"stargazers_count":1018,"open_issues_count":15,"forks_count":253,"subscribers_count":45,"default_branch":"master","last_synced_at":"2025-08-02T13:24:57.900Z","etag":null,"topics":["dns","dnsjava","dnssec","dnssec-support","java","java-library","library"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dnsjava.png","metadata":{"files":{"readme":"README.adoc","changelog":"Changelog","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2014-02-22T12:43:49.000Z","updated_at":"2025-08-02T11:40:30.000Z","dependencies_parsed_at":"2023-11-11T11:24:10.528Z","dependency_job_id":"a74aaf0a-cc5e-4b81-aeb7-90b010f97191","html_url":"https://github.com/dnsjava/dnsjava","commit_stats":null,"previous_names":[],"tags_count":92,"template":false,"template_full_name":null,"purl":"pkg:github/dnsjava/dnsjava","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dnsjava%2Fdnsjava","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dnsjava%2Fdnsjava/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dnsjava%2Fdnsjava/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dnsjava%2Fdnsjava/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dnsjava","download_url":"https://codeload.github.com/dnsjava/dnsjava/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dnsjava%2Fdnsjava/sbom","scorecard":{"id":348831,"data":{"date":"2025-08-11","repo":{"name":"github.com/dnsjava/dnsjava","commit":"865240c11a63ff77c4c98a3595d0ac3a8346d4f9"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4.1,"checks":[{"name":"Maintained","score":10,"reason":"15 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":0,"reason":"Found 1/29 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":0,"reason":"dangerous workflow patterns detected","details":["Warn: untrusted code checkout '${{ github.event.workflow_run.head_sha }}': .github/workflows/analyze.yml:50"],"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql-analysis.yml:22","Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql-analysis.yml:23","Info: topLevel 'pull-requests' permission set to 'read': .github/workflows/analyze.yml:11","Info: topLevel 'contents' permission set to 'read': .github/workflows/analyze.yml:12","Warn: topLevel 'checks' permission set to 'write': .github/workflows/analyze.yml:13","Warn: no topLevel permission defined: .github/workflows/build.yml:1","Warn: no topLevel permission defined: .github/workflows/codeql-analysis.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: third-party GitHubAction not pinned by hash: .github/workflows/analyze.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/dnsjava/dnsjava/analyze.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/analyze.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/dnsjava/dnsjava/analyze.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/analyze.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/dnsjava/dnsjava/analyze.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/analyze.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/dnsjava/dnsjava/analyze.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/dnsjava/dnsjava/build.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/dnsjava/dnsjava/build.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:105: update your workflow using https://app.stepsecurity.io/secureworkflow/dnsjava/dnsjava/build.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:110: update your workflow using https://app.stepsecurity.io/secureworkflow/dnsjava/dnsjava/build.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:143: update your workflow using https://app.stepsecurity.io/secureworkflow/dnsjava/dnsjava/build.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:155: update your workflow using https://app.stepsecurity.io/secureworkflow/dnsjava/dnsjava/build.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:167: update your workflow using https://app.stepsecurity.io/secureworkflow/dnsjava/dnsjava/build.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:184: update your workflow using https://app.stepsecurity.io/secureworkflow/dnsjava/dnsjava/build.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:189: update your workflow using https://app.stepsecurity.io/secureworkflow/dnsjava/dnsjava/build.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/dnsjava/dnsjava/codeql-analysis.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/dnsjava/dnsjava/codeql-analysis.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/dnsjava/dnsjava/codeql-analysis.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/dnsjava/dnsjava/codeql-analysis.yml/master?enable=pin","Info:   0 out of  14 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   3 third-party GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: BSD 3-Clause \"New\" or \"Revised\" License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/build.yml:178"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"SAST","score":10,"reason":"SAST tool is run on all commits","details":["Info: SAST configuration detected: CodeQL","Info: all commits (9) are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-18T07:48:30.007Z","repository_id":14374543,"created_at":"2025-08-18T07:48:30.007Z","updated_at":"2025-08-18T07:48:30.007Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28548938,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-18T14:59:57.589Z","status":"ssl_error","status_checked_at":"2026-01-18T14:59:46.540Z","response_time":98,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dns","dnsjava","dnssec","dnssec-support","java","java-library","library"],"created_at":"2024-08-01T22:02:01.932Z","updated_at":"2026-01-18T19:00:40.914Z","avatar_url":"https://github.com/dnsjava.png","language":"Java","readme":"= dnsjava\n\nimage:https://github.com/dnsjava/dnsjava/actions/workflows/build.yml/badge.svg[\"GitHub CI Build Status\",link=\"https://github.com/dnsjava/dnsjava/actions/workflows/build.yml\"]\nimage:https://codecov.io/gh/dnsjava/dnsjava/branch/master/graph/badge.svg?token=FKmcwl1Oys[\"codecov\",link=\"https://codecov.io/gh/dnsjava/dnsjava\"]\nimage:https://img.shields.io/maven-central/v/dnsjava/dnsjava[\"Maven Central\",link=\"https://central.sonatype.com/artifact/dnsjava/dnsjava\"]\nimage:https://javadoc.io/badge/dnsjava/dnsjava.svg[\"Javadocs\",link=\"https://javadoc.io/doc/dnsjava/dnsjava\"]\n\n== Overview\n\ndnsjava is an implementation of DNS in Java.\nIt\n\n* supports almost all defined record types (including the DNSSEC types), and unknown types.\n* can be used for queries, zone transfers, and dynamic updates.\n* includes a cache which can be used by clients, and an authoritative only server.\n* supports TSIG authenticated messages, DNSSEC verification, and EDNS0.\n* is fully thread safe.\n\n== Getting started\n\nHave a look at the basic link:EXAMPLES.md[examples].\n\n=== Config options\n\nSome settings of dnsjava can be configured via Java\nhttps://docs.oracle.com/javase/tutorial/essential/environment/sysprop.html[system properties]:\n\n[cols=4*]\n|===\n.2+h|Property\n3+h|Explanation\nh|Type\nh|Default\nh|Example\n\n.2+|dns[.fallback].server\n3+|DNS server(s) to use for resolving.\nComma separated list.\nCan be IPv4/IPv6 addresses or hostnames (which are resolved using Java's built in DNS support).\n|String\n|-\n|8.8.8.8,[2001:4860:4860::8888]:853,dns.google\n\n.2+|dns[.fallback].search\n3+|Comma separated list of DNS search paths.\n|String\n|-\n|ds.example.com,example.com\n\n.2+|dns[.fallback].ndots\n3+|Sets a threshold for the number of dots which must appear in a name given to resolve before an initial absolute query will be made.\n|Integer\n|1\n|2\n\n.2+|dnsjava.options\n3+|Comma separated key-value pairs, see \u003c\u003c_optionpairs\u003e\u003e.\n|option list\n|-\n|BINDTTL,tsigfudge=1\n\n.2+|dnsjava.configprovider.skipinit\n3+|Set to true to disable static ResolverConfig initialization.\n|Boolean\n|false\n|true\n\n.2+|dnsjava.configprovider.sunjvm.enabled\n3+|Set to true to enable the reflection based DNS server lookup, see \u003c\u003c_limitations\u003e\u003e.\n|Boolean\n|false\n|true\n\n.2+|dnsjava.udp.ephemeral.start\n3+|First ephemeral port for UDP-based DNS queries.\n|Integer\n|49152 (Linux: 32768)\n|50000\n\n.2+|dnsjava.udp.ephemeral.end\n3+|Last ephemeral port for UDP-based DNS queries.\n|Integer\n|65535 (Linux: 60999)\n|60000\n\n.2+|dnsjava.udp.ephemeral.use_ephemeral_port\n3+|Use an OS-assigned ephemeral port for UDP queries.\nEnabling this option is *insecure*!\nDo NOT use it.\n|Boolean\n|false\n|true\n\n.2+|dnsjava.lookup.max_iterations\n3+|Maximum number of CNAMEs to follow in a chain.\n|Integer\n|16\n|20\n\n.2+|dnsjava.lookup.use_hosts_file\n3+|Use the system's hosts file for lookups before resorting to a resolver.\n|Boolean\n|true\n|false\n\n.2+|dnsjava.hostsfile.max_size_bytes\n3+|Set the size of the hosts file to be loaded at a time, in bytes.\n|Integer\n|16384\n|1000000\n\n.2+|dnsjava.nio.selector_timeout\n3+|Set selector timeout in milliseconds. Default/Max 1000, Min 1.\n|Integer\n|1000\n|700\n\n.2+|dnsjava.nio.register_shutdown_hook\n3+|Register Shutdown Hook for automatic termination of NIO.\nIf disabled, the nio selector thread will not automatically clean up on JVM termination.\n|Boolean\n|True\n|False\n\n.2+|dnsjava.harden_unknown_additional\n3+|Harden against unknown records in the authority section and additional section.\nIf disabled, such records are copied from the upstream and presented to the client together with the answer.\n|Boolean\n|True\n|False\n\n4+h|DNSSEC Options\n.2+|dnsjava.dnssec.keycache.max_ttl\n3+|Maximum time-to-live (TTL) of entries in the key cache in seconds.\n|Integer\n|900\n|1800\n\n.2+|dnsjava.dnssec.keycache.max_size\n3+|Maximum number of entries in the key cache.\n|Integer\n|1000\n|5000\n\n.2+|org.jitsi.dnssec.nsec3.iterations.N\n3+a|Maximum iteration count for the NSEC3 hashing function depending on the key size N. The defaults are from https://datatracker.ietf.org/doc/html/rfc5155#section-10.3[RFC5155].\n|Integer\n2+a|- 1024 bit keys: 150 iterations\n- 2048 bit keys: 500 iterations\n- 4096 bit keys: 2500 iterations\n\ne.g. dnsjava.dnssec.nsec3.iterations.1024=200\n\n.2+|dnsjava.dnssec.trust_anchor_file\n3+|The file from which the trust anchor should be loaded.\nThe file must be formatted like a DNS zone master file.\nIt can only contain DS or DNSKEY records.\n|String\n|-\n|/etc/dnssec-root-anchors\n\n.2+|dnsjava.dnssec.digest_preference\n3+|Defines the preferred DS record digest algorithm if a zone has registered multiple DS records.\nThe list is comma-separated, the highest preference first.\n\nIf this property is not specified, the DS record with the highest\nhttps://www.iana.org/assignments/ds-rr-types/ds-rr-types.xhtml[digest ID] is chosen.\nTo stay compliant with the RFCs, the mandatory digest IDs must be listed in this property.\n\nThe GOST digest requires https://www.bouncycastle.org/java.html[BouncyCastle] on the classpath.\n|String\n|-\n|2,1,4\n\n.2+|dnsjava.dnssec.harden_algo_downgrade\n3+|Prevent algorithm downgrade when multiple algorithms are advertised in a zone's DS records.\nIf `false`, allows any algorithm to validate the zone.\n|Boolean\n|true\n|false\n\n.2+|dnsjava.dnssec.max_validate_rrsigs\n3+|Maximum number of RRSig records to validate until the response is considered bogus.\nThis is limited to avoid the 'KeyTrap' vulnerability (CVE-2023-50387).\n|Integer\n|8\n|4\n\n.2+|dnsjava.dnssec.max_ds_match_failures\n3+|Maximum number of DS records to validate until the response is considered bogus.\nThis is limited to avoid the 'KeyTrap' vulnerability (CVE-2023-50387).\n|Integer\n|4\n|2\n\n.2+|dnsjava.dnssec.algorithm_enabled.ID\n3+|Enable or disable a DS/DNSKEY algorithm.\nSee\nhttps://datatracker.ietf.org/doc/html/rfc8624#section-3.1[RFC8624] for recommended values.\nNote that algorithm number 1, `RSAMD5`, is disabled and cannot be enabled with this property.\n|Boolean\n2+|Disable ED448:\n`dnsjava.dnssec.algorithm_enabled.16=false`\n\n.2+|dnsjava.dnssec.algorithm_rsa_min_key_size\n3+|Set the minimum size, in bits, for RSA keys.\n|Integer\n|1024\n|512\n\n.2+|dnsjava.dnssec.digest_enabled.ID\n3+|Enable or disable a DS record digest algorithm.\nSee\nhttps://datatracker.ietf.org/doc/html/rfc8624#section-3.3[RFC8624] for recommended values.\n|Boolean\n2+|Disable SHA.1:\n`dnsjava.dnssec.digest_enabled.1=false`\n\n|===\n\n[#_optionpairs]\n==== dnsjava.options pairs\n\nThe `dnsjava.options` configuration options can also be set programmatically through the `Options` class.\nPlease refer to the Javadoc for details.\n\n[cols=\"1,1,1,4\",options=header]\n|===\n| Key | Type | Default | Explanation\n| `BINDTTL` | Boolean | false | Print TTLs in BIND format\n| `multiline` | Boolean | false | Print records in multiline format\n| `noPrintIN` | Boolean | false | Do not print the class of a record if it is `IN`\n| `tsigfudge` | Integer | 300 | Sets the default TSIG fudge value (in seconds)\n| `sig0validity` | Integer | 300 | Sets the default SIG(0) validity period (in seconds)\n|===\n\n=== Resolvers\n\n==== SimpleResolver\n\nBasic resolver that uses UDP by default and falls back to TCP if required.\n\n==== ExtendedResolver\n\nA `Resolver` that uses multiple ``Resolver``s to send the queries, defaulting to ``SimpleResolver``s.\nCan be configured to query the servers in a round-robin order.\nBlacklists a server if it times out.\n\n==== DohResolver\n\nProof-of-concept DNS over HTTP resolver, e.g. to use https://dns.google/query.\n\n==== ValidatingResolver\n\nDNSSEC validating stub resolver.\nOriginally based on the work of the Unbound Java prototype from 2005/2006.\nThe Unbound prototype was stripped from all unnecessary parts, heavily modified, complemented with more than 300 unit test and found bugs were fixed.\nBefore the import into dnsjava, the resolver was developed as an independent library at https://github.com/ibauersachs/dnssecjava.\nTo migrate from dnssecjava, replace `org.jitsi` with `org.xbill.DNS` in Java packages and `org.jitsi` with `dnsjava` in property prefixes.\n\nValidated, secure responses contain the DNS `AD`-flag, while responses that failed validation return the `SERVFAIL`-RCode.\nInsecure responses return the actual return code without the `AD`-flag set.\nThe reason why the validation failed or is insecure is provided as a localized string in the additional section under the record ./65280/TXT (a TXT record for the owner name of the root zone in the private query class `ValidatingResolver.VALIDATION_REASON_QCLASS`).\nThe Extended DNS Errors (EDE, https://datatracker.ietf.org/doc/html/rfc8914[RFC8914]) also provides the failure reason, although in less detail.\n\nThe link:EXAMPLES.md[examples] contain a small demo.\n\n[IMPORTANT]\n.Do not use the `ValidatingResolver` standalone.\nA response will need CNAME/DNAME post-processing, and DNS messages can still be manipulated with DNSSEC alone.\nSubsequent processing and validation of messages is intricate and best done using the built-in `LookupSession` (or the legacy `Lookup`) class.\n\n=== Migrating from version 2.1.x to v3\n\ndnsjava v3 has significant API changes compared to version 2.1.x and is neither source nor binary compatible.\nThe most important changes are:\n\n* Requires at least Java 8\n\n* Uses https://www.slf4j.org/[slf4j] for logging and thus needs `slf4j-api`\non the classpath\n\n* The link:USAGE.md[command line tools] were moved to the `org.xbill.DNS.tools`\npackage\n\n* On Windows, https://github.com/java-native-access/jna[JNA] should be on the classpath for the search path and proper DNS server finding.\nAs of Java 24, note that additional JVM config is required, see https://javadoc.io/doc/net.java.dev.jna/jna/latest/index.html#special-considerations-for-jdk24--heading[Special considerations for JDK24+].\n\n* The `Resolver` API for custom resolvers has changed to use\n`CompletionStage\u003cMessage\u003e` for asynchronous resolving.\nThe built-in resolvers are now fully non-blocking and do not start a thread per query anymore.\n\n* Many methods return a `List\u003cT\u003e` instead of an array.\nIdeally, use a for-each loop.\nIf this is not possible, call `size()` instead of using `length`:\n** Cache#findAnyRecords\n** Cache#findRecords\n** Lookup#getDefaultSearchPath\n** Message#getSectionRRsets\n** SetResponse#answers\n** ResolverConfig\n\n* RRset returns a List\u003cT\u003e instead of an `Iterator`.\nIdeally, modify your code to use a for-each loop.\nIf this is not possible, create an iterator on the returned list:\n** RRset#rrs\n** RRset#sigs\n\n* Methods using `java.util.Date` are deprecated.\nUse the new versions with\n`java.time.Instant` or `java.time.Duration` instead\n\n* The type hierarchy of `SMIMEARecord` changed, it now inherits from\n`TLSARecord` and constants are shared\n\n* ``Record``s are no longer marked as `Serializable` after 3.0.\nWhile 3.5 reintroduced `Serializable`, it is preferred to use the RFC defined serialization formats directly:\n** `toString()`, `rrToString()` ↔ `fromString()`\n** `toWire()` ↔ `fromWire()`, `newRecord()`\n\n* `Message` and `Header` properly support `clone()`\n\n=== Replacing the standard Java DNS functionality\n\n==== Java 1.4 to 8\n\nJava versions from 1.4 to 8 can load DNS service providers at runtime.\nTo load the dnsjava service provider, build dnsjava on JDK 8 and set the system property:\n\n\tsun.net.spi.nameservice.provider.1=dns,dnsjava\n\nThis instructs the JVM to use the dnsjava service provide for DNS at the highest priority.\n\n==== Java 9 to 17\n\nThe functionality to load a DNS SPI was https://bugs.openjdk.java.net/browse/JDK-8134577[removed in JDK 9] and a replacement API was https://bugs.openjdk.java.net/browse/JDK-8192780[requested].\n\n==== Java 18+\n\nhttps://bugs.openjdk.java.net/browse/JDK-8263693[JEP 418: Internet-Address Resolution SPI] reintroduces a DNS SPI.\nSee https://github.com/dnsjava/dnsjava/issues/245[#245] for the support status in dnsjava.\n\n=== Build\n\ndnsjava uses https://maven.apache.org/[Maven] as the build system.\nRun `mvn package` from the toplevel directory to build dnsjava.\nJDK 8 or higher is required.\n\n=== Testing dnsjava\n\nmailto:rutherfo@cs.colorado.edu[Matt Rutherford] contributed a number of unit tests, which are in the tests subdirectory.\n\nThe hierarchy under tests mirrors the `org.xbill.DNS` classes.\nTo run the unit tests, execute `mvn test`.\n\n[#_limitations]\n== Limitations\n\nThere is no standard way to determine what the local nameserver or DNS search path is at runtime from within the JVM.\ndnsjava attempts several methods until one succeeds.\n\n- The properties `dns.server` and `dns.search` (comma delimited lists) are checked.\nThe servers can either be IP addresses or hostnames (which are resolved using Java's built in DNS support).\n- On Unix/Solaris, `/etc/resolv.conf` is parsed.\n- On Windows, if https://github.com/java-native-access/jna[JNA] is available on the classpath, the `GetAdaptersAddresses` API is used.\n- On Android the `ConnectivityManager` is used (requires initialization using `org.xbill.DNS.config.AndroidResolverConfigProvider.setContext`).\n- The `sun.net.dns.ResolverConfiguration` class is queried if enabled.\nAs of Java 16 the JVM flag `--add-opens java.base/sun.net.dns=ALL-UNNAMED` (classpath) or `--add-opens java.base/sun.net.dns=org.dnsjava` (modules) is also required.\n- If available and no servers have been found yet, https://docs.oracle.com/javase/8/docs/technotes/guides/jndi/jndi-dns.html[JNDI-DNS] is used.\n- If still no servers have been found yet, use the fallback properties.\nThis can be used to query e.g. a well-known public DNS server instead of localhost.\n- As a last resort, `localhost` is used as the nameserver, and the search path is empty.\n\n== Additional documentation\n\nJavadoc documentation can be built with `mvn javadoc:javadoc` or viewed online at https://javadoc.io/doc/dnsjava/dnsjava[javadoc.io].\nSee the link:EXAMPLES.md[examples] for some basic usage information.\n\n== License\n\ndnsjava is placed under the link:LICENSE[BSD-3-Clause license].\n\n== History\n\ndnsjava was started as an excuse to learn Java.\nIt was useful for testing new features in BIND without rewriting the C resolver.\nIt was then cleaned up and extended in order to be used as a testing framework for DNS interoperability testing.\nThe high level API and caching resolver were added to make it useful to a wider audience.\nThe authoritative only server was added as proof of concept.\n\n=== dnsjava on GitHub\n\nThis repository has been a mirror of the dnsjava project at Sourceforge since 2014 to maintain the Maven build for publishing to https://search.maven.org/artifact/dnsjava/dnsjava[Maven Central].\nAs of 2019-05-15, GitHub is https://sourceforge.net/p/dnsjava/mailman/message/36666800/[officially] the new home of dnsjava.\nThe mailto:dnsjava-users@lists.sourceforge.net[dnsjava-users] mailing list (https://sourceforge.net/p/dnsjava/mailman/dnsjava-users/[archive]) still exists but is mostly inactive.\n\nPlease use the GitHub https://github.com/dnsjava/dnsjava/issues[issue tracker] and send - well tested - pull requests.\n\n== Authors\n\n- Brian Wellington (@bwelling), March 12, 2004\n- Various contributors, see the link:Changelog[Changelog]\n- Ingo Bauersachs (@ibauersachs), current maintainer\n\n== Final notes\n\n- Thanks to Network Associates, Inc. for sponsoring some of the original dnsjava work in 1999-2000.\n- Thanks to Nominum, Inc. for sponsoring some work on dnsjava from 2000 through 2017.\n","funding_links":[],"categories":["Java","网络编程"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdnsjava%2Fdnsjava","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdnsjava%2Fdnsjava","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdnsjava%2Fdnsjava/lists"}