Copyright	(c) IIJ Innovation Institute Inc. 2009 (c) Viktor Dukhovni 2020-2026
License	BSD-3-Clause
Maintainer	ietf-dane@dukhovni.org
Stability	unstable
Safe Haskell	None
Language	GHC2024

Net.DNSBase.Lookup

Description

Synopsis

type Lookup a = Resolver -> Domain -> IO (Either DNSError [a])
extractAnswers :: DNSMessage -> IO (Either DNSError [RR])
lookupRawCtl :: Resolver -> QueryControls -> Domain -> RRCLASS -> RRTYPE -> IO (Either DNSError DNSMessage)
lookupRaw :: Resolver -> Domain -> RRCLASS -> RRTYPE -> IO (Either DNSError DNSMessage)
lookupAnswers :: Resolver -> QueryControls -> RRCLASS -> RRTYPE -> Domain -> IO (Either DNSError [RR])
lookupM :: KnownRData a => (a -> IO b) -> Lookup b
lookupM_ :: KnownRData a => (a -> IO b) -> Resolver -> Domain -> IO (Either DNSError ())
lookupX :: KnownRData a => RRTYPE -> (a -> b) -> Lookup b
lookupA :: Lookup IPv4
lookupAAAA :: Lookup IPv6
lookupAFSDB :: Lookup T_afsdb
lookupCAA :: Lookup T_caa
lookupCDNSKEY :: Lookup T_cdnskey
lookupCDS :: Lookup T_cds
lookupCNAME :: Lookup Domain
lookupDNAME :: Lookup Domain
lookupDNSKEY :: Lookup T_dnskey
lookupDS :: Lookup T_ds
lookupHINFO :: Lookup T_hinfo
lookupHTTPS :: Lookup T_https
lookupMX :: Lookup T_mx
lookupNS :: Lookup Domain
lookupNSEC :: Lookup T_nsec
lookupNSEC3PARAM :: Lookup T_nsec3param
lookupNULL :: Lookup ShortByteString
lookupPTR :: Lookup Domain
lookupRP :: Lookup T_rp
lookupSOA :: Lookup T_soa
lookupSRV :: Lookup T_srv
lookupSSHFP :: Lookup T_sshfp
lookupSVCB :: Lookup T_svcb
lookupTLSA :: Lookup T_tlsa
lookupTXT :: Lookup (NonEmpty ShortByteString)
lookupZONEMD :: Lookup T_zonemd

Documentation

type Lookup a = Resolver -> Domain -> IO (Either DNSError [a]) Source #

Shape of a typed lookup: a Resolver and a query Domain produce either a list of answers, or a DNSError. An empty list means that either the name exists and has no records of the queried type (NODATA), or the name does not exist (NXDOMAIN). Both are non-error outcomes.

extractAnswers :: DNSMessage -> IO (Either DNSError [RR]) Source #

Given a DNSMessage return answer RRs that match its question, possibly after chasing CNAME aliases within the answer section of the message.

lookupRawCtl :: Resolver -> QueryControls -> Domain -> RRCLASS -> RRTYPE -> IO (Either DNSError DNSMessage) Source #

Perform a raw lookup with per-call QueryControls overrides, returning the full DNSMessage or a DNSError. The supplied controls are merged into the resolver's ambient query controls: only the flag and EDNS bits specified in the controls affect the outgoing query, the rest are inherited from the resolver configuration. Use lookupAnswers (or the per-RRtype Lookup functions) when you want only the answer RRs for the requested name and type, rather than the entire response DNSMessage.

lookupRaw :: Resolver -> Domain -> RRCLASS -> RRTYPE -> IO (Either DNSError DNSMessage) Source #

Perform a raw lookup returning the full DNSMessage or a DNSError. See lookupRawCtl for the variant that takes per-call query controls.

lookupAnswers :: Resolver -> QueryControls -> RRCLASS -> RRTYPE -> Domain -> IO (Either DNSError [RR]) Source #

Perform the requested query and return the answer RRs from the response, or a DNSError carrying the RCODE for error responses. The QueryControls argument carries per-call tweaks; it is merged onto the resolver's ambient query controls, so callers only need to specify the flag and EDNS bits they want to change, the rest are inherited from the resolver configuration.

Note that NXDOMAIN is not a lookup error. An empty list of RRs is returned for both NODATA and NXDOMAIN.

If the nameserver's response does not include any RRs matching query name and type, but does include a CNAME record for the requested name, the response is (recursively) rescanned for records matching that name and type instead. Note, no additional queries are issued if the final CNAME found does not lead to any record of the desired record type.

The returned RRs may include covering DNSSEC signatures when the DOflag is set as part of the QueryControls, and the response was signed.

The presence of RRSIG records does not however imply that the response was validated by the resolver. For that one would typically use a trusted DNSSEC-validating local (loopback) resolver, to which the network path is immune to potential active attacks, and inspect the ADflag in the response message.

The full response DNSMessage can be obtained via lookupRawCtl.

lookupM :: KnownRData a => (a -> IO b) -> Lookup b Source #

Apply an IO action to each lookup value and collect the results. If the the action's first argument is polymorphic, a type application at the call site may be needed to make it possible to determine the type of its argument.

lookupM_ :: KnownRData a => (a -> IO b) -> Resolver -> Domain -> IO (Either DNSError ()) Source #

Apply an IO action to each lookup value and discard the results. If the the action's first argument is polymorphic, a type application at the call site may be needed to make it possible to determine the type of its argument.

lookupX :: KnownRData a => RRTYPE -> (a -> b) -> Lookup b Source #

Generic answer-RData lookup, applying a function to each result. If the the function's first argument is polymorphic, a type application at the call site may be needed to make it possible to determine the type of its argument.

lookupA :: Lookup IPv4 Source #

IPv4 addresses of query domain.

lookupAAAA :: Lookup IPv6 Source #

IPv6 addresses of query domain.

lookupAFSDB :: Lookup T_afsdb Source #

AFSDB RData of query domain.

lookupCAA :: Lookup T_caa Source #

CAAs RData of query domain

lookupCDNSKEY :: Lookup T_cdnskey Source #

CDNSKEY RData of query domain.

lookupCDS :: Lookup T_cds Source #

CDS RData of query domain.