Author: erodriguez Date: Fri Jan 21 14:24:46 2005 New Revision: 125973 URL: http://svn.apache.org/viewcvs?view=rev&rev=125973 Log: Skeleton implementations of DNS Resource Record types used by the DNS LDAP schema. Added: incubator/directory/dns/trunk/core/src/java/org/apache/dns/records/zone/A6Record.java (contents, props changed) incubator/directory/dns/trunk/core/src/java/org/apache/dns/records/zone/CertificateRecord.java (contents, props changed) incubator/directory/dns/trunk/core/src/java/org/apache/dns/records/zone/DnameRecord.java (contents, props changed) incubator/directory/dns/trunk/core/src/java/org/apache/dns/records/zone/Inet6AddressRecord.java (contents, props changed) incubator/directory/dns/trunk/core/src/java/org/apache/dns/records/zone/KeyExchangeRecord.java (contents, props changed) incubator/directory/dns/trunk/core/src/java/org/apache/dns/records/zone/KeyRecord.java (contents, props changed) incubator/directory/dns/trunk/core/src/java/org/apache/dns/records/zone/LocationRecord.java (contents, props changed) incubator/directory/dns/trunk/core/src/java/org/apache/dns/records/zone/NameAuthorityPointer.java (contents, props changed) incubator/directory/dns/trunk/core/src/java/org/apache/dns/records/zone/NextNameRecord.java (contents, props changed) incubator/directory/dns/trunk/core/src/java/org/apache/dns/records/zone/ServerSelectionRecord.java (contents, props changed) incubator/directory/dns/trunk/core/src/java/org/apache/dns/records/zone/SignatureRecord.java (contents, props changed)
Added: incubator/directory/dns/trunk/core/src/java/org/apache/dns/records/zone/A6Record.java Url: http://svn.apache.org/viewcvs/incubator/directory/dns/trunk/core/src/java/org/apache/dns/records/zone/A6Record.java?view=auto&rev=125973 ============================================================================== --- (empty file) +++ incubator/directory/dns/trunk/core/src/java/org/apache/dns/records/zone/A6Record.java Fri Jan 21 14:24:46 2005 @@ -0,0 +1,62 @@ +/* + * Copyright 2005 The Apache Software Foundation + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package org.apache.dns.records.zone; + +import org.apache.dns.records.InternetResource; +import org.apache.dns.records.RecordType; + +/** + * 3.1.1. Format + * + * The RDATA portion of the A6 record contains two or three fields. + * + * +-----------+------------------+-------------------+ + * |Prefix len.| Address suffix | Prefix name | + * | (1 octet) | (0..16 octets) | (0..255 octets) | + * +-----------+------------------+-------------------+ + * + * o A prefix length, encoded as an eight-bit unsigned integer with + * value between 0 and 128 inclusive. + * + * o An IPv6 address suffix, encoded in network order (high-order octet + * first). There MUST be exactly enough octets in this field to + * contain a number of bits equal to 128 minus prefix length, with 0 + * to 7 leading pad bits to make this field an integral number of + * octets. Pad bits, if present, MUST be set to zero when loading a + * zone file and ignored (other than for SIG [DNSSEC] verification) + * on reception. + * + * o The name of the prefix, encoded as a domain name. By the rules of + * [DNSIS], this name MUST NOT be compressed. + * + * The domain name component SHALL NOT be present if the prefix length + * is zero. The address suffix component SHALL NOT be present if the + * prefix length is 128. + * + * It is SUGGESTED that an A6 record intended for use as a prefix for + * other A6 records have all the insignificant trailing bits in its + * address suffix field set to zero. + */ +public class A6Record extends InternetResource +{ + public A6Record( String domainName, int timeToLive, byte[] resourceData ) + { + super( domainName, RecordType.A6, timeToLive, resourceData ); + } +} + Added: incubator/directory/dns/trunk/core/src/java/org/apache/dns/records/zone/CertificateRecord.java Url: http://svn.apache.org/viewcvs/incubator/directory/dns/trunk/core/src/java/org/apache/dns/records/zone/CertificateRecord.java?view=auto&rev=125973 ============================================================================== --- (empty file) +++ incubator/directory/dns/trunk/core/src/java/org/apache/dns/records/zone/CertificateRecord.java Fri Jan 21 14:24:46 2005 @@ -0,0 +1,67 @@ +/* + * Copyright 2005 The Apache Software Foundation + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package org.apache.dns.records.zone; + +import org.apache.dns.records.InternetResource; +import org.apache.dns.records.RecordType; + +/** + * 2. The CERT Resource Record + * + * The CERT resource record (RR) has the structure given below. Its RR + * type code is 37. + * + * 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3 + * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | type | key tag | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | algorithm | / + * +---------------+ certificate or CRL / + * / / + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-| + * + * The type field is the certificate type as define in section 2.1 + * below. + * + * The algorithm field has the same meaning as the algorithm field in + * KEY and SIG RRs [RFC 2535] except that a zero algorithm field + * indicates the algorithm is unknown to a secure DNS, which may simply + * be the result of the algorithm not having been standardized for + * secure DNS. + * + * The key tag field is the 16 bit value computed for the key embedded + * in the certificate as specified in the DNSSEC Standard [RFC 2535]. + * This field is used as an efficiency measure to pick which CERT RRs + * may be applicable to a particular key. The key tag can be calculated + * for the key in question and then only CERT RRs with the same key tag + * need be examined. However, the key must always be transformed to the + * format it would have as the public key portion of a KEY RR before the + * key tag is computed. This is only possible if the key is applicable + * to an algorithm (and limits such as key size limits) defined for DNS + * security. If it is not, the algorithm field MUST BE zero and the tag + * field is meaningless and SHOULD BE zero. + */ +public class CertificateRecord extends InternetResource +{ + public CertificateRecord( String domainName, int timeToLive, byte[] resourceData ) + { + super( domainName, RecordType.CERT, timeToLive, resourceData ); + } +} + Added: incubator/directory/dns/trunk/core/src/java/org/apache/dns/records/zone/DnameRecord.java Url: http://svn.apache.org/viewcvs/incubator/directory/dns/trunk/core/src/java/org/apache/dns/records/zone/DnameRecord.java?view=auto&rev=125973 ============================================================================== --- (empty file) +++ incubator/directory/dns/trunk/core/src/java/org/apache/dns/records/zone/DnameRecord.java Fri Jan 21 14:24:46 2005 @@ -0,0 +1,72 @@ +/* + * Copyright 2005 The Apache Software Foundation + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package org.apache.dns.records.zone; + +import org.apache.dns.records.InternetResource; +import org.apache.dns.records.RecordType; + +/** + * 3. The DNAME Resource Record + * + * The DNAME RR has mnemonic DNAME and type code 39 (decimal). + * + * DNAME has the following format: + * + * <owner> <ttl> <class> DNAME <target> + * + * The format is not class-sensitive. All fields are required. The + * RDATA field <target> is a <domain-name> [DNSIS]. + * + * The DNAME RR causes type NS additional section processing. + * + * The effect of the DNAME record is the substitution of the record's + * <target> for its <owner> as a suffix of a domain name. A "no- + * descendants" limitation governs the use of DNAMEs in a zone file: + * + * If a DNAME RR is present at a node N, there may be other data at N + * (except a CNAME or another DNAME), but there MUST be no data at + * any descendant of N. This restriction applies only to records of + * the same class as the DNAME record. + * + * This rule assures predictable results when a DNAME record is cached + * by a server which is not authoritative for the record's zone. It + * MUST be enforced when authoritative zone data is loaded. Together + * with the rules for DNS zone authority [DNSCLR] it implies that DNAME + * and NS records can only coexist at the top of a zone which has only + * one node. + * + * The compression scheme of [DNSIS] MUST NOT be applied to the RDATA + * portion of a DNAME record unless the sending server has some way of + * knowing that the receiver understands the DNAME record format. + * Signalling such understanding is expected to be the subject of future + * DNS Extensions. + * + * Naming loops can be created with DNAME records or a combination of + * DNAME and CNAME records, just as they can with CNAME records alone. + * Resolvers, including resolvers embedded in DNS servers, MUST limit + * the resources they devote to any query. Implementors should note, + * however, that fairly lengthy chains of DNAME records may be valid. + */ +public class DnameRecord extends InternetResource +{ + public DnameRecord( String domainName, int timeToLive, byte[] resourceData ) + { + super( domainName, RecordType.DNAME, timeToLive, resourceData ); + } +} + Added: incubator/directory/dns/trunk/core/src/java/org/apache/dns/records/zone/Inet6AddressRecord.java Url: http://svn.apache.org/viewcvs/incubator/directory/dns/trunk/core/src/java/org/apache/dns/records/zone/Inet6AddressRecord.java?view=auto&rev=125973 ============================================================================== --- (empty file) +++ incubator/directory/dns/trunk/core/src/java/org/apache/dns/records/zone/Inet6AddressRecord.java Fri Jan 21 14:24:46 2005 @@ -0,0 +1,84 @@ +/* + * Copyright 2005 The Apache Software Foundation + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package org.apache.dns.records.zone; + +import org.apache.dns.records.InternetResource; +import org.apache.dns.records.RecordType; + +/** + * 2. New resource record definition and domain + * + * A record type is defined to store a host's IPv6 address. A host that + * has more than one IPv6 address must have more than one such record. + * + * 2.1 AAAA record type + * + * The AAAA resource record type is a record specific to the Internet + * class that stores a single IPv6 address. + * + * The IANA assigned value of the type is 28 (decimal). + * + * 2.2 AAAA data format + * + * A 128 bit IPv6 address is encoded in the data portion of an AAAA + * resource record in network byte order (high-order byte first). + * + * 2.3 AAAA query + * + * An AAAA query for a specified domain name in the Internet class + * returns all associated AAAA resource records in the answer section of + * a response. + * + * A type AAAA query does not trigger additional section processing. + * + * 2.4 Textual format of AAAA records + * + * The textual representation of the data portion of the AAAA resource + * record used in a master database file is the textual representation + * of an IPv6 address as defined in [3]. + * + * 2.5 IP6.ARPA Domain + * + * A special domain is defined to look up a record given an IPv6 + * address. The intent of this domain is to provide a way of mapping an + * IPv6 address to a host name, although it may be used for other + * purposes as well. The domain is rooted at IP6.ARPA. + * + * An IPv6 address is represented as a name in the IP6.ARPA domain by a + * sequence of nibbles separated by dots with the suffix ".IP6.ARPA". + * The sequence of nibbles is encoded in reverse order, i.e., the + * low-order nibble is encoded first, followed by the next low-order + * nibble and so on. Each nibble is represented by a hexadecimal digit. + * For example, the reverse lookup domain name corresponding to the + * address + * + * 4321:0:1:2:3:4:567:89ab + * + * would be + * + * b.a.9.8.7.6.5.0.4.0.0.0.3.0.0.0.2.0.0.0.1.0.0.0.0.0.0.0.1.2.3.4.IP6. + * ARPA. + */ +public class Inet6AddressRecord extends InternetResource +{ + public Inet6AddressRecord( String domainName, int timeToLive, byte[] resourceData ) + { + super( domainName, RecordType.AAAA, timeToLive, resourceData ); + } +} + Added: incubator/directory/dns/trunk/core/src/java/org/apache/dns/records/zone/KeyExchangeRecord.java Url: http://svn.apache.org/viewcvs/incubator/directory/dns/trunk/core/src/java/org/apache/dns/records/zone/KeyExchangeRecord.java?view=auto&rev=125973 ============================================================================== --- (empty file) +++ incubator/directory/dns/trunk/core/src/java/org/apache/dns/records/zone/KeyExchangeRecord.java Fri Jan 21 14:24:46 2005 @@ -0,0 +1,58 @@ +/* + * Copyright 2005 The Apache Software Foundation + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package org.apache.dns.records.zone; + +import org.apache.dns.records.InternetResource; +import org.apache.dns.records.RecordType; + +/** + * 3.1 KX RDATA format + * + * The KX DNS record has the following RDATA format: + * + * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + * | PREFERENCE | + * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + * / EXCHANGER / + * / / + * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + * + * where: + * + * PREFERENCE A 16 bit non-negative integer which specifies the + * preference given to this RR among other KX records + * at the same owner. Lower values are preferred. + * + * EXCHANGER A <domain-name> which specifies a host willing to + * act as a mail exchange for the owner name. + * + * KX records MUST cause type A additional section processing for the + * host specified by EXCHANGER. In the event that the host processing + * the DNS transaction supports IPv6, KX records MUST also cause type + * AAAA additional section processing. + * + * The KX RDATA field MUST NOT be compressed. + */ +public class KeyExchangeRecord extends InternetResource +{ + public KeyExchangeRecord( String domainName, int timeToLive, byte[] resourceData ) + { + super( domainName, RecordType.KX, timeToLive, resourceData ); + } +} + Added: incubator/directory/dns/trunk/core/src/java/org/apache/dns/records/zone/KeyRecord.java Url: http://svn.apache.org/viewcvs/incubator/directory/dns/trunk/core/src/java/org/apache/dns/records/zone/KeyRecord.java?view=auto&rev=125973 ============================================================================== --- (empty file) +++ incubator/directory/dns/trunk/core/src/java/org/apache/dns/records/zone/KeyRecord.java Fri Jan 21 14:24:46 2005 @@ -0,0 +1,65 @@ +/* + * Copyright 2005 The Apache Software Foundation + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package org.apache.dns.records.zone; + +import org.apache.dns.records.InternetResource; +import org.apache.dns.records.RecordType; + +/** + * 3. The KEY Resource Record + * + * The KEY resource record (RR) is used to store a public key that is + * associated with a Domain Name System (DNS) name. This can be the + * public key of a zone, a user, or a host or other end entity. Security + * aware DNS implementations MUST be designed to handle at least two + * simultaneously valid keys of the same type associated with the same + * name. + * + * The type number for the KEY RR is 25. + * + * A KEY RR is, like any other RR, authenticated by a SIG RR. KEY RRs + * must be signed by a zone level key. + * + * 3.1 KEY RDATA format + * + * The RDATA for a KEY RR consists of flags, a protocol octet, the + * algorithm number octet, and the public key itself. The format is as + * follows: + * + * 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3 + * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | flags | protocol | algorithm | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | / + * / public key / + * / / + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-| + * + * The KEY RR is not intended for storage of certificates and a separate + * certificate RR has been developed for that purpose, defined in [RFC + * 2538]. + */ +public class KeyRecord extends InternetResource +{ + public KeyRecord( String domainName, int timeToLive, byte[] resourceData ) + { + super( domainName, RecordType.KEY, timeToLive, resourceData ); + } +} + Added: incubator/directory/dns/trunk/core/src/java/org/apache/dns/records/zone/LocationRecord.java Url: http://svn.apache.org/viewcvs/incubator/directory/dns/trunk/core/src/java/org/apache/dns/records/zone/LocationRecord.java?view=auto&rev=125973 ============================================================================== --- (empty file) +++ incubator/directory/dns/trunk/core/src/java/org/apache/dns/records/zone/LocationRecord.java Fri Jan 21 14:24:46 2005 @@ -0,0 +1,122 @@ +/* + * Copyright 2005 The Apache Software Foundation + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package org.apache.dns.records.zone; + +import org.apache.dns.records.InternetResource; +import org.apache.dns.records.RecordType; + +/** + * 2. RDATA Format + * + * MSB LSB + * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + * 0| VERSION | SIZE | + * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + * 2| HORIZ PRE | VERT PRE | + * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + * 4| LATITUDE | + * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + * 6| LATITUDE | + * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + * 8| LONGITUDE | + * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + * 10| LONGITUDE | + * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + * 12| ALTITUDE | + * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + * 14| ALTITUDE | + * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + * (octet) + * + * where: + * + * VERSION Version number of the representation. This must be zero. + * Implementations are required to check this field and make + * no assumptions about the format of unrecognized versions. + * + * SIZE The diameter of a sphere enclosing the described entity, in + * centimeters, expressed as a pair of four-bit unsigned + * integers, each ranging from zero to nine, with the most + * significant four bits representing the base and the second + * number representing the power of ten by which to multiply + * the base. This allows sizes from 0e0 (<1cm) to 9e9 + * (90,000km) to be expressed. This representation was chosen + * such that the hexadecimal representation can be read by + * eye; 0x15 = 1e5. Four-bit values greater than 9 are + * undefined, as are values with a base of zero and a non-zero + * exponent. + * + * Since 20000000m (represented by the value 0x29) is greater + * than the equatorial diameter of the WGS 84 ellipsoid + * (12756274m), it is therefore suitable for use as a + * "worldwide" size. + * + * HORIZ PRE The horizontal precision of the data, in centimeters, + * expressed using the same representation as SIZE. This is + * the diameter of the horizontal "circle of error", rather + * than a "plus or minus" value. (This was chosen to match + * the interpretation of SIZE; to get a "plus or minus" value, + * divide by 2.) + * + * VERT PRE The vertical precision of the data, in centimeters, + * expressed using the sane representation as for SIZE. This + * is the total potential vertical error, rather than a "plus + * or minus" value. (This was chosen to match the + * interpretation of SIZE; to get a "plus or minus" value, + * divide by 2.) Note that if altitude above or below sea + * level is used as an approximation for altitude relative to + * the [WGS 84] ellipsoid, the precision value should be + * adjusted. + * + * LATITUDE The latitude of the center of the sphere described by the + * SIZE field, expressed as a 32-bit integer, most significant + * octet first (network standard byte order), in thousandths + * of a second of arc. 2^31 represents the equator; numbers + * above that are north latitude. + * + * LONGITUDE The longitude of the center of the sphere described by the + * SIZE field, expressed as a 32-bit integer, most significant + * octet first (network standard byte order), in thousandths + * of a second of arc, rounded away from the prime meridian. + * 2^31 represents the prime meridian; numbers above that are + * east longitude. + * + * ALTITUDE The altitude of the center of the sphere described by the + * SIZE field, expressed as a 32-bit integer, most significant + * octet first (network standard byte order), in centimeters, + * from a base of 100,000m below the [WGS 84] reference + * spheroid used by GPS (semimajor axis a=6378137.0, + * reciprocal flattening rf=298.257223563). Altitude above + * (or below) sea level may be used as an approximation of + * altitude relative to the the [WGS 84] spheroid, though due + * to the Earth's surface not being a perfect spheroid, there + * will be differences. (For example, the geoid (which sea + * level approximates) for the continental US ranges from 10 + * meters to 50 meters below the [WGS 84] spheroid. + * Adjustments to ALTITUDE and/or VERT PRE will be necessary + * in most cases. The Defense Mapping Agency publishes geoid + * height values relative to the [WGS 84] ellipsoid. + */ +public class LocationRecord extends InternetResource +{ + public LocationRecord( String domainName, int timeToLive, byte[] resourceData ) + { + super( domainName, RecordType.LOC, timeToLive, resourceData ); + } +} + Added: incubator/directory/dns/trunk/core/src/java/org/apache/dns/records/zone/NameAuthorityPointer.java Url: http://svn.apache.org/viewcvs/incubator/directory/dns/trunk/core/src/java/org/apache/dns/records/zone/NameAuthorityPointer.java?view=auto&rev=125973 ============================================================================== --- (empty file) +++ incubator/directory/dns/trunk/core/src/java/org/apache/dns/records/zone/NameAuthorityPointer.java Fri Jan 21 14:24:46 2005 @@ -0,0 +1,139 @@ +/* + * Copyright 2005 The Apache Software Foundation + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package org.apache.dns.records.zone; + +import org.apache.dns.records.InternetResource; +import org.apache.dns.records.RecordType; + +/** + * 4. NAPTR RR Format + * + * 4.1 Packet Format + * + * The packet format of the NAPTR RR is given below. The DNS type code + * for NAPTR is 35. + * + * The packet format for the NAPTR record is as follows + * 1 1 1 1 1 1 + * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 + * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + * | ORDER | + * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + * | PREFERENCE | + * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + * / FLAGS / + * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + * / SERVICES / + * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + * / REGEXP / + * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + * / REPLACEMENT / + * / / + * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + * + * <character-string> and <domain-name> as used here are defined in RFC + * 1035 [7]. + * + * ORDER + * A 16-bit unsigned integer specifying the order in which the NAPTR + * records MUST be processed in order to accurately represent the + * ordered list of Rules. The ordering is from lowest to highest. + * If two records have the same order value then they are considered + * to be the same rule and should be selected based on the + * combination of the Preference values and Services offered. + * + * PREFERENCE + * Although it is called "preference" in deference to DNS + * terminology, this field is equivalent to the Priority value in the + * DDDS Algorithm. It is a 16-bit unsigned integer that specifies + * the order in which NAPTR records with equal Order values SHOULD be + * processed, low numbers being processed before high numbers. This + * is similar to the preference field in an MX record, and is used so + * domain administrators can direct clients towards more capable + * hosts or lighter weight protocols. A client MAY look at records + * with higher preference values if it has a good reason to do so + * such as not supporting some protocol or service very well. + * + * The important difference between Order and Preference is that once + * a match is found the client MUST NOT consider records with a + * different Order but they MAY process records with the same Order + * but different Preferences. The only exception to this is noted in + * the second important Note in the DDDS algorithm specification + * concerning allowing clients to use more complex Service + * determination between steps 3 and 4 in the algorithm. Preference + * is used to give communicate a higher quality of service to rules + * that are considered the same from an authority standpoint but not + * from a simple load balancing standpoint. + * + * It is important to note that DNS contains several load balancing + * mechanisms and if load balancing among otherwise equal services + * should be needed then methods such as SRV records or multiple A + * records should be utilized to accomplish load balancing. + * + * FLAGS + * A <character-string> containing flags to control aspects of the + * rewriting and interpretation of the fields in the record. Flags + * are single characters from the set A-Z and 0-9. The case of the + * alphabetic characters is not significant. The field can be empty. + * + * It is up to the Application specifying how it is using this + * Database to define the Flags in this field. It must define which + * ones are terminal and which ones are not. + * + * SERVICES + * A <character-string> that specifies the Service Parameters + * applicable to this this delegation path. It is up to the + * Application Specification to specify the values found in this + * field. + * + * REGEXP + * A <character-string> containing a substitution expression that is + * applied to the original string held by the client in order to + * construct the next domain name to lookup. See the DDDS Algorithm + * specification for the syntax of this field. + * + * As stated in the DDDS algorithm, The regular expressions MUST NOT + * be used in a cumulative fashion, that is, they should only be + * applied to the original string held by the client, never to the + * domain name produced by a previous NAPTR rewrite. The latter is + * tempting in some applications but experience has shown such use to + * be extremely fault sensitive, very error prone, and extremely + * difficult to debug. + * + * REPLACEMENT + * A <domain-name> which is the next domain-name to query for + * depending on the potential values found in the flags field. This + * field is used when the regular expression is a simple replacement + * operation. Any value in this field MUST be a fully qualified + * domain-name. Name compression is not to be used for this field. + * + * This field and the REGEXP field together make up the Substitution + * Expression in the DDDS Algorithm. It is simply a historical + * optimization specifically for DNS compression that this field + * exists. The fields are also mutually exclusive. If a record is + * returned that has values for both fields then it is considered to + * be in error and SHOULD be either ignored or an error returned. + */ +public class NameAuthorityPointer extends InternetResource +{ + public NameAuthorityPointer( String domainName, int timeToLive, byte[] resourceData ) + { + super( domainName, RecordType.NAPTR, timeToLive, resourceData ); + } +} + Added: incubator/directory/dns/trunk/core/src/java/org/apache/dns/records/zone/NextNameRecord.java Url: http://svn.apache.org/viewcvs/incubator/directory/dns/trunk/core/src/java/org/apache/dns/records/zone/NextNameRecord.java?view=auto&rev=125973 ============================================================================== --- (empty file) +++ incubator/directory/dns/trunk/core/src/java/org/apache/dns/records/zone/NextNameRecord.java Fri Jan 21 14:24:46 2005 @@ -0,0 +1,61 @@ +/* + * Copyright 2005 The Apache Software Foundation + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package org.apache.dns.records.zone; + +import org.apache.dns.records.InternetResource; +import org.apache.dns.records.RecordType; + +/** + * 5.2 NXT RDATA Format + * + * The RDATA for an NXT RR consists simply of a domain name followed by + * a bit map. + * + * The type number for the NXT RR is 30. + * + * 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3 + * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | next domain name / + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | type bit map / + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * + * The NXT RR type bit map is one bit per RR type present for the owner + * name similar to the WKS socket bit map. The first bit represents RR + * type zero (an illegal type which should not be present.) A one bit + * indicates that at least one RR of that type is present for the owner + * name. A zero indicates that no such RR is present. All bits not + * specified because they are beyond the end of the bit map are assumed + * to be zero. Note that bit 30, for NXT, will always be on so the + * minimum bit map length is actually four octets. The NXT bit map + * should be printed as a list of RR type mnemonics or decimal numbers + * similar to the WKS RR. + * + * The domain name may be compressed with standard DNS name compression + * when being transmitted over the network. The size of the bit map can + * be inferred from the RDLENGTH and the length of the next domain name. + */ +public class NextNameRecord extends InternetResource +{ + public NextNameRecord( String domainName, int timeToLive, byte[] resourceData ) + { + super( domainName, RecordType.NXT, timeToLive, resourceData ); + } +} + Added: incubator/directory/dns/trunk/core/src/java/org/apache/dns/records/zone/ServerSelectionRecord.java Url: http://svn.apache.org/viewcvs/incubator/directory/dns/trunk/core/src/java/org/apache/dns/records/zone/ServerSelectionRecord.java?view=auto&rev=125973 ============================================================================== --- (empty file) +++ incubator/directory/dns/trunk/core/src/java/org/apache/dns/records/zone/ServerSelectionRecord.java Fri Jan 21 14:24:46 2005 @@ -0,0 +1,129 @@ +/* + * Copyright 2005 The Apache Software Foundation + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package org.apache.dns.records.zone; + +import org.apache.dns.records.InternetResource; +import org.apache.dns.records.RecordType; + +/** + * The format of the SRV RR + * + * Here is the format of the SRV RR, whose DNS type code is 33: + * + * _Service._Proto.Name TTL Class SRV Priority Weight Port Target + * + * (There is an example near the end of this document.) + * + * Service + * The symbolic name of the desired service, as defined in Assigned + * Numbers [STD 2] or locally. An underscore (_) is prepended to + * the service identifier to avoid collisions with DNS labels that + * occur in nature. + * + * Some widely used services, notably POP, don't have a single + * universal name. If Assigned Numbers names the service + * indicated, that name is the only name which is legal for SRV + * lookups. The Service is case insensitive. + * + * Proto + * The symbolic name of the desired protocol, with an underscore + * (_) prepended to prevent collisions with DNS labels that occur + * in nature. _TCP and _UDP are at present the most useful values + * for this field, though any name defined by Assigned Numbers or + * locally may be used (as for Service). The Proto is case + * insensitive. + * + * Name + * The domain this RR refers to. The SRV RR is unique in that the + * name one searches for is not this name; the example near the end + * shows this clearly. + * + * TTL + * Standard DNS meaning [RFC 1035]. + * + * Class + * Standard DNS meaning [RFC 1035]. SRV records occur in the IN + * Class. + * + * Priority + * The priority of this target host. A client MUST attempt to + * contact the target host with the lowest-numbered priority it can + * reach; target hosts with the same priority SHOULD be tried in an + * order defined by the weight field. The range is 0-65535. This + * is a 16 bit unsigned integer in network byte order. + * + * Weight + * A server selection mechanism. The weight field specifies a + * relative weight for entries with the same priority. Larger + * weights SHOULD be given a proportionately higher probability of + * being selected. The range of this number is 0-65535. This is a + * 16 bit unsigned integer in network byte order. Domain + * administrators SHOULD use Weight 0 when there isn't any server + * selection to do, to make the RR easier to read for humans (less + * noisy). In the presence of records containing weights greater + * than 0, records with weight 0 should have a very small chance of + * being selected. + * + * In the absence of a protocol whose specification calls for the + * use of other weighting information, a client arranges the SRV + * RRs of the same Priority in the order in which target hosts, + * specified by the SRV RRs, will be contacted. The following + * algorithm SHOULD be used to order the SRV RRs of the same + * priority: + * + * To select a target to be contacted next, arrange all SRV RRs + * (that have not been ordered yet) in any order, except that all + * those with weight 0 are placed at the beginning of the list. + * + * Compute the sum of the weights of those RRs, and with each RR + * associate the running sum in the selected order. Then choose a + * uniform random number between 0 and the sum computed + * (inclusive), and select the RR whose running sum value is the + * first in the selected order which is greater than or equal to + * the random number selected. The target host specified in the + * selected SRV RR is the next one to be contacted by the client. + * Remove this SRV RR from the set of the unordered SRV RRs and + * apply the described algorithm to the unordered SRV RRs to select + * the next target host. Continue the ordering process until there + * are no unordered SRV RRs. This process is repeated for each + * Priority. + * + * Port + * The port on this target host of this service. The range is 0- + * 65535. This is a 16 bit unsigned integer in network byte order. + * This is often as specified in Assigned Numbers but need not be. + * + * Target + * The domain name of the target host. There MUST be one or more + * address records for this name, the name MUST NOT be an alias (in + * the sense of RFC 1034 or RFC 2181). Implementors are urged, but + * not required, to return the address record(s) in the Additional + * Data section. Unless and until permitted by future standards + * action, name compression is not to be used for this field. + * + * A Target of "." means that the service is decidedly not + * available at this domain. + */ +public class ServerSelectionRecord extends InternetResource +{ + public ServerSelectionRecord( String domainName, int timeToLive, byte[] resourceData ) + { + super( domainName, RecordType.SRV, timeToLive, resourceData ); + } +} + Added: incubator/directory/dns/trunk/core/src/java/org/apache/dns/records/zone/SignatureRecord.java Url: http://svn.apache.org/viewcvs/incubator/directory/dns/trunk/core/src/java/org/apache/dns/records/zone/SignatureRecord.java?view=auto&rev=125973 ============================================================================== --- (empty file) +++ incubator/directory/dns/trunk/core/src/java/org/apache/dns/records/zone/SignatureRecord.java Fri Jan 21 14:24:46 2005 @@ -0,0 +1,183 @@ +/* + * Copyright 2005 The Apache Software Foundation + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package org.apache.dns.records.zone; + +import org.apache.dns.records.InternetResource; +import org.apache.dns.records.RecordType; + +/** + * 4.1 SIG RDATA Format + * + * The RDATA portion of a SIG RR is as shown below. The integrity of + * the RDATA information is protected by the signature field. + * + * 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3 + * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | type covered | algorithm | labels | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | original TTL | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | signature expiration | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | signature inception | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | key tag | | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ signer's name + + * | / + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-/ + * / / + * / signature / + * / / + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * + * 4.1.1 Type Covered Field + * + * The "type covered" is the type of the other RRs covered by this SIG. + * + * 4.1.2 Algorithm Number Field + * + * This octet is as described in section 3.2. + * + * 4.1.3 Labels Field + * + * The "labels" octet is an unsigned count of how many labels there are + * in the original SIG RR owner name not counting the null label for + * root and not counting any initial "*" for a wildcard. If a secured + * retrieval is the result of wild card substitution, it is necessary + * for the resolver to use the original form of the name in verifying + * the digital signature. This field makes it easy to determine the + * original form. + * + * If, on retrieval, the RR appears to have a longer name than indicated + * by "labels", the resolver can tell it is the result of wildcard + * substitution. If the RR owner name appears to be shorter than the + * labels count, the SIG RR must be considered corrupt and ignored. The + * maximum number of labels allowed in the current DNS is 127 but the + * entire octet is reserved and would be required should DNS names ever + * be expanded to 255 labels. The following table gives some examples. + * The value of "labels" is at the top, the retrieved owner name on the + * left, and the table entry is the name to use in signature + * verification except that "bad" means the RR is corrupt. + * + * labels= | 0 | 1 | 2 | 3 | 4 | + * --------+-----+------+--------+----------+----------+ + * .| . | bad | bad | bad | bad | + * d.| *. | d. | bad | bad | bad | + * c.d.| *. | *.d. | c.d. | bad | bad | + * b.c.d.| *. | *.d. | *.c.d. | b.c.d. | bad | + * a.b.c.d.| *. | *.d. | *.c.d. | *.b.c.d. | a.b.c.d. | + * + * 4.1.4 Original TTL Field + * + * The "original TTL" field is included in the RDATA portion to avoid + * (1) authentication problems that caching servers would otherwise + * cause by decrementing the real TTL field and (2) security problems + * that unscrupulous servers could otherwise cause by manipulating the + * real TTL field. This original TTL is protected by the signature + * while the current TTL field is not. + * + * NOTE: The "original TTL" must be restored into the covered RRs when + * the signature is verified (see Section 8). This generaly implies + * that all RRs for a particular type, name, and class, that is, all the + * RRs in any particular RRset, must have the same TTL to start with. + * + * 4.1.5 Signature Expiration and Inception Fields + * + * The SIG is valid from the "signature inception" time until the + * "signature expiration" time. Both are unsigned numbers of seconds + * since the start of 1 January 1970, GMT, ignoring leap seconds. (See + * also Section 4.4.) Ring arithmetic is used as for DNS SOA serial + * numbers [RFC 1982] which means that these times can never be more + * than about 68 years in the past or the future. This means that these + * times are ambiguous modulo ~136.09 years. However there is no + * security flaw because keys are required to be changed to new random + * keys by [RFC 2541] at least every five years. This means that the + * probability that the same key is in use N*136.09 years later should + * be the same as the probability that a random guess will work. + * + * A SIG RR may have an expiration time numerically less than the + * inception time if the expiration time is near the 32 bit wrap around + * point and/or the signature is long lived. + * + * (To prevent misordering of network requests to update a zone + * dynamically, monotonically increasing "signature inception" times may + * be necessary.) + * + * A secure zone must be considered changed for SOA serial number + * purposes not only when its data is updated but also when new SIG RRs + * are inserted (ie, the zone or any part of it is re-signed). + * + * 4.1.6 Key Tag Field + * + * The "key Tag" is a two octet quantity that is used to efficiently + * select between multiple keys which may be applicable and thus check + * that a public key about to be used for the computationally expensive + * effort to check the signature is possibly valid. For algorithm 1 + * (MD5/RSA) as defined in [RFC 2537], it is the next to the bottom two + * octets of the public key modulus needed to decode the signature + * field. That is to say, the most significant 16 of the least + * significant 24 bits of the modulus in network (big endian) order. For + * all other algorithms, including private algorithms, it is calculated + * as a simple checksum of the KEY RR as described in Appendix C. + * + * 4.1.7 Signer's Name Field + * + * The "signer's name" field is the domain name of the signer generating + * the SIG RR. This is the owner name of the public KEY RR that can be + * used to verify the signature. It is frequently the zone which + * contained the RRset being authenticated. Which signers should be + * authorized to sign what is a significant resolver policy question as + * discussed in Section 6. The signer's name may be compressed with + * standard DNS name compression when being transmitted over the + * network. + * + * 4.1.8 Signature Field + * + * The actual signature portion of the SIG RR binds the other RDATA + * fields to the RRset of the "type covered" RRs with that owner name + * and class. This covered RRset is thereby authenticated. To + * accomplish this, a data sequence is constructed as follows: + * + * data = RDATA | RR(s)... + * + * where "|" is concatenation, + * + * RDATA is the wire format of all the RDATA fields in the SIG RR itself + * (including the canonical form of the signer's name) before but not + * including the signature, and + * + * RR(s) is the RRset of the RR(s) of the type covered with the same + * owner name and class as the SIG RR in canonical form and order as + * defined in Section 8. + * + * How this data sequence is processed into the signature is algorithm + * dependent. These algorithm dependent formats and procedures are + * described in separate documents (Section 3.2). + * + * SIGs SHOULD NOT be included in a zone for any "meta-type" such as + * ANY, AXFR, etc. (but see section 5.6.2 with regard to IXFR). + */ +public class SignatureRecord extends InternetResource +{ + public SignatureRecord( String domainName, int timeToLive, byte[] resourceData ) + { + super( domainName, RecordType.SIG, timeToLive, resourceData ); + } +} +
