Struct trust_dns_proto::xfer::dns_response::DnsResponse
source · pub struct DnsResponse { /* private fields */ }
Expand description
A DNS response object
For Most DNS requests, only one response is expected, the exception is a multicast request.
Implementations§
source§impl DnsResponse
impl DnsResponse
sourcepub fn from_message(message: Message) -> Result<Self, ProtoError>
pub fn from_message(message: Message) -> Result<Self, ProtoError>
Constructs a new DnsResponse with a buffer synthesized from the message
sourcepub fn soa(&self) -> Option<RecordRef<'_, SOA>>
pub fn soa(&self) -> Option<RecordRef<'_, SOA>>
Retrieves the SOA from the response. This will only exist if it was an authoritative response.
sourcepub fn negative_ttl(&self) -> Option<u32>
pub fn negative_ttl(&self) -> Option<u32>
Looks in the authority section for an SOA record from the response, and returns the negative_ttl, None if not available.
[RFC 2308](https://tools.ietf.org/html/rfc2308#section-5) DNS NCACHE March 1998
5 - Caching Negative Answers
Like normal answers negative answers have a time to live (TTL). As
there is no record in the answer section to which this TTL can be
applied, the TTL must be carried by another method. This is done by
including the SOA record from the zone in the authority section of
the reply. When the authoritative server creates this record its TTL
is taken from the minimum of the SOA.MINIMUM field and SOA's TTL.
This TTL decrements in a similar manner to a normal cached answer and
upon reaching zero (0) indicates the cached negative answer MUST NOT
be used again.
A negative answer that resulted from a name error (NXDOMAIN) should
be cached such that it can be retrieved and returned in response to
another query for the same <QNAME, QCLASS> that resulted in the
cached negative response.
A negative answer that resulted from a no data error (NODATA) should
be cached such that it can be retrieved and returned in response to
another query for the same <QNAME, QTYPE, QCLASS> that resulted in
the cached negative response.
The NXT record, if it exists in the authority section of a negative
answer received, MUST be stored such that it can be be located and
returned with SOA record in the authority section, as should any SIG
records in the authority section. For NXDOMAIN answers there is no
"necessary" obvious relationship between the NXT records and the
QNAME. The NXT record MUST have the same owner name as the query
name for NODATA responses.
Negative responses without SOA records SHOULD NOT be cached as there
is no way to prevent the negative responses looping forever between a
pair of servers even with a short TTL.
Despite the DNS forming a tree of servers, with various mis-
configurations it is possible to form a loop in the query graph, e.g.
two servers listing each other as forwarders, various lame server
configurations. Without a TTL count down a cache negative response
when received by the next server would have its TTL reset. This
negative indication could then live forever circulating between the
servers involved.
As with caching positive responses it is sensible for a resolver to
limit for how long it will cache a negative response as the protocol
supports caching for up to 68 years. Such a limit should not be
greater than that applied to positive answers and preferably be
tunable. Values of one to three hours have been found to work well
and would make sensible a default. Values exceeding one day have
been found to be problematic.
sourcepub fn contains_answer(&self) -> bool
pub fn contains_answer(&self) -> bool
Does the response contain any records matching the query name and type?
sourcepub fn negative_type(&self) -> Option<NegativeType>
pub fn negative_type(&self) -> Option<NegativeType>
Retrieve the type of the negative response. The Various types should be handled when caching or otherwise differently.
See NegativeType
sourcepub fn into_buffer(self) -> Vec<u8>
pub fn into_buffer(self) -> Vec<u8>
Take the inner buffer from the response
sourcepub fn into_message(self) -> Message
pub fn into_message(self) -> Message
Take the inner Message from the response
sourcepub fn into_parts(self) -> (Message, Vec<u8>)
pub fn into_parts(self) -> (Message, Vec<u8>)
Take the inner Message and buffer from the response
Methods from Deref<Target = Message>§
sourcepub fn truncate(&self) -> Self
pub fn truncate(&self) -> Self
Truncates a Message, this blindly removes all response fields and sets truncated to true
sourcepub fn message_type(&self) -> MessageType
pub fn message_type(&self) -> MessageType
see Header::message_type()
see Header::authoritative()
sourcepub fn recursion_desired(&self) -> bool
pub fn recursion_desired(&self) -> bool
see Header::recursion_desired()
sourcepub fn recursion_available(&self) -> bool
pub fn recursion_available(&self) -> bool
see Header::recursion_available()
sourcepub fn authentic_data(&self) -> bool
pub fn authentic_data(&self) -> bool
see Header::authentic_data()
sourcepub fn checking_disabled(&self) -> bool
pub fn checking_disabled(&self) -> bool
see Header::checking_disabled()
sourcepub fn response_code(&self) -> ResponseCode
pub fn response_code(&self) -> ResponseCode
Return value
The ResponseCode
, if this is an EDNS message then this will join the section from the OPT
record to create the EDNS ResponseCode
sourcepub fn query(&self) -> Option<&Query>
pub fn query(&self) -> Option<&Query>
Returns the query from this Message.
In almost all cases, a Message will only contain one query. This is a convenience function to get the single query.
See the alternative queries*
methods for the raw set of queries in the Message
sourcepub fn name_servers(&self) -> &[Record]
pub fn name_servers(&self) -> &[Record]
Authority Carries RRs which describe other authoritative servers.
May optionally carry the SOA RR for the authoritative
data in the answer section.
sourcepub fn additionals(&self) -> &[Record]
pub fn additionals(&self) -> &[Record]
Additional Carries RRs which may be helpful in using the RRs in the
other sections.
sourcepub fn all_sections(&self) -> impl Iterator<Item = &Record>
pub fn all_sections(&self) -> impl Iterator<Item = &Record>
All sections chained
sourcepub fn edns(&self) -> Option<&Edns>
👎Deprecated: Please use extensions()
pub fn edns(&self) -> Option<&Edns>
extensions()
RFC 6891, EDNS(0) Extensions, April 2013
6.1.1. Basic Elements
An OPT pseudo-RR (sometimes called a meta-RR) MAY be added to the
additional data section of a request.
The OPT RR has RR type 41.
If an OPT record is present in a received request, compliant
responders MUST include an OPT record in their respective responses.
An OPT record does not carry any DNS data. It is used only to
contain control information pertaining to the question-and-answer
sequence of a specific transaction. OPT RRs MUST NOT be cached,
forwarded, or stored in or loaded from Zone Files.
The OPT RR MAY be placed anywhere within the additional data section.
When an OPT RR is included within any DNS message, it MUST be the
only OPT RR in that message. If a query message with more than one
OPT RR is received, a FORMERR (RCODE=1) MUST be returned. The
placement flexibility for the OPT RR does not override the need for
the TSIG or SIG(0) RRs to be the last in the additional section
whenever they are present.
Return value
Optionally returns a reference to EDNS section
sourcepub fn extensions(&self) -> &Option<Edns>
pub fn extensions(&self) -> &Option<Edns>
Returns reference of Edns section
sourcepub fn max_payload(&self) -> u16
pub fn max_payload(&self) -> u16
Return value
the max payload value as it’s defined in the EDNS section.
sourcepub fn version(&self) -> u8
pub fn version(&self) -> u8
Return value
the version as defined in the EDNS record
sourcepub fn sig0(&self) -> &[Record]
pub fn sig0(&self) -> &[Record]
RFC 2535, Domain Name System Security Extensions, March 1999
A DNS request may be optionally signed by including one or more SIGs
at the end of the query. Such SIGs are identified by having a "type
covered" field of zero. They sign the preceding DNS request message
including DNS header but not including the IP header or any request
SIGs at the end and before the request RR counts have been adjusted
for the inclusions of any request SIG(s).
Return value
The sig0 and tsig, i.e. signed record, for verifying the sending and package integrity
sourcepub fn signature(&self) -> &[Record]
pub fn signature(&self) -> &[Record]
RFC 2535, Domain Name System Security Extensions, March 1999
A DNS request may be optionally signed by including one or more SIGs
at the end of the query. Such SIGs are identified by having a "type
covered" field of zero. They sign the preceding DNS request message
including DNS header but not including the IP header or any request
SIGs at the end and before the request RR counts have been adjusted
for the inclusions of any request SIG(s).
Return value
The sig0 and tsig, i.e. signed record, for verifying the sending and package integrity
Methods from Deref<Target = Header>§
sourcepub fn id(&self) -> u16
pub fn id(&self) -> u16
ID A 16 bit identifier assigned by the program that
generates any kind of query. This identifier is copied
the corresponding reply and can be used by the requester
to match up replies to outstanding queries.
sourcepub fn message_type(&self) -> MessageType
pub fn message_type(&self) -> MessageType
QR A one bit field that specifies whether this message is a
query (0), or a response (1).
sourcepub fn op_code(&self) -> OpCode
pub fn op_code(&self) -> OpCode
OPCODE A four bit field that specifies kind of query in this
message. This value is set by the originator of a query
and copied into the response. The values are: <see super::op_code>
AA Authoritative Answer - this bit is valid in responses,
and specifies that the responding name server is an
authority for the domain name in question section.
Note that the contents of the answer section may have
multiple owner names because of aliases. The AA bit
corresponds to the name which matches the query name, or
the first owner name in the answer section.
sourcepub fn truncated(&self) -> bool
pub fn truncated(&self) -> bool
TC TrunCation - specifies that this message was truncated
due to length greater than that permitted on the
transmission channel.
sourcepub fn recursion_desired(&self) -> bool
pub fn recursion_desired(&self) -> bool
RD Recursion Desired - this bit may be set in a query and
is copied into the response. If RD is set, it directs
the name server to pursue the query recursively.
Recursive query support is optional.
sourcepub fn recursion_available(&self) -> bool
pub fn recursion_available(&self) -> bool
RA Recursion Available - this be is set or cleared in a
response, and denotes whether recursive query support is
available in the name server.
sourcepub fn authentic_data(&self) -> bool
pub fn authentic_data(&self) -> bool
RFC 4035, DNSSEC Resource Records, March 2005
3.1.6. The AD and CD Bits in an Authoritative Response
The CD and AD bits are designed for use in communication between
security-aware resolvers and security-aware recursive name servers.
These bits are for the most part not relevant to query processing by
security-aware authoritative name servers.
A security-aware name server does not perform signature validation
for authoritative data during query processing, even when the CD bit
is clear. A security-aware name server SHOULD clear the CD bit when
composing an authoritative response.
A security-aware name server MUST NOT set the AD bit in a response
unless the name server considers all RRsets in the Answer and
Authority sections of the response to be authentic. A security-aware
name server's local policy MAY consider data from an authoritative
zone to be authentic without further validation. However, the name
server MUST NOT do so unless the name server obtained the
authoritative zone via secure means (such as a secure zone transfer
mechanism) and MUST NOT do so unless this behavior has been
configured explicitly.
A security-aware name server that supports recursion MUST follow the
rules for the CD and AD bits given in Section 3.2 when generating a
response that involves data obtained via recursion.
sourcepub fn checking_disabled(&self) -> bool
pub fn checking_disabled(&self) -> bool
see is_authentic_data()
sourcepub fn response_code(&self) -> ResponseCode
pub fn response_code(&self) -> ResponseCode
RCODE Response code - this 4 bit field is set as part of
responses. The values have the following
interpretation: <see super::response_code>
sourcepub fn query_count(&self) -> u16
pub fn query_count(&self) -> u16
QDCOUNT an unsigned 16 bit integer specifying the number of
entries in the question section.
Return value
If this is a query, this will return the number of queries in the query section of the
sourcepub fn answer_count(&self) -> u16
pub fn answer_count(&self) -> u16
ANCOUNT an unsigned 16 bit integer specifying the number of
resource records in the answer section.
Return value
For query responses this is the number of records in the answer section, should be 0 for requests, for updates this is the count of prerequisite records.
sourcepub fn name_server_count(&self) -> u16
pub fn name_server_count(&self) -> u16
for queries this is the nameservers which are authorities for the SOA of the Record for updates this is the update record count
NSCOUNT an unsigned 16 bit integer specifying the number of name
server resource records in the authority records
section.
Return value
For query responses this is the number of authorities, or nameservers, in the name server section, for updates this is the number of update records being sent.
sourcepub fn additional_count(&self) -> u16
pub fn additional_count(&self) -> u16
ARCOUNT an unsigned 16 bit integer specifying the number of
resource records in the additional records section.
Return value
This is the additional record section count, this section may include EDNS options.
Trait Implementations§
source§impl Clone for DnsResponse
impl Clone for DnsResponse
source§fn clone(&self) -> DnsResponse
fn clone(&self) -> DnsResponse
1.0.0 · source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
source
. Read more