Net_DNS2 – Native PHP5 DNS Resolver and Updater

  • Increased performance; most requests are 2-10x faster than Net_DNS
  • Near drop-in replacement for Net_DNS
  • Uses PHP5 style classes and exceptions
  • Support for IPv4 and IPv6, TCP and UDP sockets.
  • Includes a separate, more intuitive “Updater” class for handling dynamic update
  • Support zone signing using TSIG and SIG(0) for updates and zone transfers
  • Includes a local cache using shared memory or flat file to improve performance
  • includes many more RR’s, including DNSSEC RR’s.

Installing Net_DNS2

You can install using PEAR:

pear install Net_DNS2

Or require directly using Composer:

composer require pear/net_dns2

Or grab a copy from GitHub: https://github.com/mikepultz/netdns2

Requirements

  • PHP 5.2.1+
  • The PHP INI setting mbstring.func_overload equals 0, 1, 4, or 5.

Using Net_DNS2

Change Log

Version 1.4.2

  • changed the role for the README.md file to doc.
  • parse the resolv.conf options line; right now I just support the timeout and rotate options.
  • the options values only work if you set the new option use_resolv_options to true; this is to keep backwards compatibility.
  • added support for RFC 6594; support for SHA-256 and ECDSA in the SSHFP resource record.
  • added the SMIMEA resource record; this just extends the TLSA record.
  • added the AVC resource records; this just extends the TXT record.
  • added error and EDNS0 defines for DNS Cookies (RFC7873).
  • added EDNS0 defines to the lookup class.
  • dropped the Net_DNS2_Packet::formatIPv6() function; this was deprecated in v1.1.3.
  • re-wrote the Net_DNS2::expandIPv6() function. Based on testing, the new version is about twice as fast.

Version 1.4.1

  • increased the default DNSSEC payload size value to 4000 bytes per RFC 4035 section 4.1; this is still configurable.
  • fixed a bug where I was still using the DNS_MAX_UDP_SIZE default (512 bytes) for all requests, event DNSSEC, where I should have been using the dnssec_payload_size config value.
  • removed the limitation that PTR records had to look like IP addresses; you can add other things to PTR records, like service discovery objects- RFC 6763.
  • dropped support for using the Sockets library on Windows. There have been too many inconsistencies between versions of Windows; we’ll just default to use the Streams library.
  • fixed the Net_DNS2_RR_PTR class so we can pass ptrdname’s with spaces in them so that we can support DNS-Based Service Discovery (RFC 6763).
  • added support for the CSYNC resource record – see RFC 7477.

Version 1.4.0

  • added request signing support using RSA 256 and 512 (requires PHP 5.4.8 or up)
  • changed the Net_DNS2::nameservers value (the list of name server) to public so they can be accessed directly if needed.
  • added support for the CDNSKEY and OPENPGPKEY RR types
  • completely re-wrote the sendPacket() function; the old process would throw an exception when the first error was encountered, which meant it never checked the next DNS server. The new code will cycle to the next name server if the request fails, and at the same time keep track of the exception generated by each name server separately.
  • added a new E_NS_SOCKET_FAILED error code.
  • fixed a bug in the Net_DNS2_Exception class; the ‘previous’ argument was only added in PHP 5.3.0
  • fixed Net_DNS2_Packet_Request::set so we can pass ‘.’ in as name value for querying the root name severs
  • fixed Net_DNS2::setServers() so it overrides any existing values, rather than just adding to them. Also made it remove any duplicate name server entries.
  • added the query response_time to the Net_DNS2_Packet_Response object.

Version 1.3.2

  • added support for the EUI48 and EUI64 resource records (RFC7043)
  • fixed how we handle the return values from socket select() statements; this wasn’t causing a problem, but it wasn’t quite right
  • added some error messaging when the socket times out
  • before we cache the data, unset the rdata value; this was causing some JSON errors to be generated, and we don’t need the data anyway.

Version 1.3.1

  • added the Net_DNS2_Packet_Request? and Net_DNS2_Packet_Response? objects to the Net_DNS2_Exception object
  • added support in the TSIG class for SHA algorithms (requires the hash extension, which is included in PHP >= 5.1.2), patch provided by Manuel Mausz
  • added support for the NID, L32, L64, and LP DNS RR’s (RFC6742)
  • lots of phpcs cleanup

Version 1.3.0

  • re-worked a lot of the code around OPT RR’s, including adding support for the DO flag
  • added the AD and CD flags to the Net_DNS2_Header class for DNSSEC
  • added a new function to keep track of RR’s that should NOT be cached.
  • added a new flag (dnssec) to request DNSSEC lookups; this adds an OPT RR to the additional section
  • added a new flag (dnssec_payload_size) to adjust the EDNS(0) UDP payload size.
  • added a new flag (dnssec_cd_flag) to set the DNSSEC CD bit to disable signature validation.
  • added a new flag (dnssec_ad_flag) to set the DNSSEC AD bit to request authentic data without needing to set the DO flag.
  • fixed an issue in Net_DNS2_Socket_Sockets?; Windows (specifically < 2003) has problems with MSG_WAITALL
  • changed Net_DNS2_RR::construct() to use get_class() instead of get_called_class()
  • added a DNSSEC test to the testing suite.

Version 1.2.5

  • changed the socket_connect() code to start off non-blocking, and call select() after connect() so a timeout on a invalid server works properly
  • added the new TLSA RR – RFC 6698
  • fixed the socket defines again; apparently the values of the SOCK are different under solaris
  • changed the Net_DNS2_Updater::update() so you can pass a reference to a variable that will be populated with the response object
  • moved the lines that add the response server/type to after the is_null() check- it should have been there to begin with.
  • fixed a whole bunch of cases where I wasn’t incrementing the offset values properly
  • added support to set the RD (recursion desired) bit when making a request

Version 1.2.4

  • added the name server that the response came from to the Net_DNS2_Packet_Response? object.
  • added the socket type (TCP or UDP) that was used for the request.
  • changed the internal socket logic to use a local define for SOCK_STREAM and SOCK_DGRAM rather than the one provided with the sockets library; this isn’t available if you’re not using the library.
  • fixed a bug when an AXFR fails; rather than returning right away, it was waiting until there was a timeout condition. Now it returns right away on failure.

Version 1.2.3

  • added a LICENSE file to satisfy fedora packaging guidelines.
  • included the tests folder in the PEAR package.
  • updated the tests to not include a specific include_path, and to use the Google public DNS servers for the resolution tests, rather than the /etc/resolv.conf file (which won’t exist on a Windows system)
  • fixed a endless loop bug in the Streams.php file; this was related to the code changes I made + UDP packets.

Version 1.2.2

  • added some trimming of whitespace to Net_DNS2_RR::buildString(); we’d get some uninitialized string offset errors if there was some blank space at the end.
  • fixed a few cases where Net_DNS2_Lookup where it should Net_DNS2_Lookups.
  • added support for a strict query mode, that lets you handle the weird way DNS handles failed lookups + CNAME records; see RFC 1034 section 3.6.2 for more information.
  • fixed some warning messages that were coming from the cache classes when a json_decode() would fail.
  • fixed a bug in Net_DNS2_Cache_File? and Net_DNS2_Cache_Shm?; it would try to write the file even if caching was turned off
  • made sure we don’t cache records when we do a zone transfer.
  • added some blocking in both the Sockets.php and Streams.php file around the read function.
  • I wasn’t handling multi-message zone transfers properly; now we loop through and read all the messages and pack them together as one big result

Version 1.2.1

  • changed the Net_DNS2_Sockets::sock property from private to protected; this was causing some problems when the request was failing.
  • PHP doesn’t support unsigned integers, but many of the RR’s return unsigned values (like SOA), so there is the possibility that the value will overrun on 32bit systems, and you’ll end up with a negative value. So a new function was added to convert the negative value to a string with the correct unsigned value.

Version 1.2.0

This version changes the way some exceptions are thrown, and may break your code!

  • added numeric error codes to the Lookups class, and had each method that throws an exception throw a numeric error code along with the message.
  • dropped all references to InvalidArgumentException?– we only use the Net_DNS2_Exception from now on.
  • added the CAA, URI, TALINK, CDS and TA resource records. Some of these are experimental, but are pretty straight forward.
  • fixed a bug in formatString(); my version was only putting double quotes around strings that have spaces, but apparently ALL strings should have double quotes around them. This is how BIND does it.
  • re-organized the Net_DNS2_Lookups initialization code; it no longer creates a global object of itself.
  • fixed a bug in the caching code; in some cases it wouldn’t cache the same content more then once.
  • added an option to use JSON to serialize the cache data rather than using the PHP serialize function. JSON is much faster, but loses the class definition, and becomes a stdClass object.
  • fixed a handful of cases where I was using double quotes (“) where a single quote (‘) would be fine.

Version 1.1.4

  • fixed a math issue with the name compress logic; this would somtimes screw up Updates with multiple RR’s
  • added a new test in the test suite, that validates that the domain name compression and expansion works properly

Version 1.1.3

  • added support for IPv6 DNS servers; from resolv.conf files, and from name server arrays
  • added new IPv4 and IPv6 validation functions, and a IPv6 expand function
  • changed the A, AAAA and IPSECKEY RR&apos;s to use the new validation methods
  • added support for IPv6 PTR records
  • dropped the old IPv4 regex from the lookups class

Version 1.1.2

  • fixed a bug in the Net_DNS2_Updater class; I wasn’t resetting the internal packet request values, so in some cases making more than one request on the same instance would fail.
  • Fixed a bug in Net_DNS2; I wasn’t handling comments properly when parsing the resolv.conf file.
  • check for duplicate entries when adding/deleting entries in the Updater() class; BIND will throw and error if you try to delete the same RR twice in the same request, not sure if this is expected behaviour
  • modified several RR’s to clean up the trailing period when it’s displayed on hosts.

Version 1.1.1

  • fixed a bug in the autoload function; if you had another autoload function defined, and tried to load a class with an underscore in the name, it would fail.

Version 1.1.0

  • added support for signing requests using SIG(0); uses the PHP openssl extension, and only currently supports RSA- DSA support in PHP is limited.
  • moved the signing code for SIG(0) and TSIG to the base class so it can be used for both updates and queries (for AXFR)
  • added a simple local cache feature using shared memory (shmop extension) or using a flat fille. This feature is disabled by default.
  • added support for the ATMA resource record (supported in Windows)