### BIND TSIG Configuration Example Source: https://github.com/mikepultz/netdns2/blob/master/README.md Example BIND configuration for a zone allowing updates using a TSIG key. This setup is required on the DNS server to enable TSIG authentication. ```BIND Configuration key "mykey" { algorithm hmac-sha256; secret "9dnf93asdf39fs"; }; zone "example.com" { type master; file "dynamic/example.com"; allow-transfer { key "mykey"; } allow-update { key "mykey"; }; }; ``` -------------------------------- ### Install NetDNS2 using Composer Source: https://github.com/mikepultz/netdns2/blob/master/README.md Use Composer to add the NetDNS2 library to your PHP project. This is the recommended installation method. ```bash composer require mikepultz/netdns2 ``` -------------------------------- ### NetDNS2 Resolver Configuration Example Source: https://github.com/mikepultz/netdns2/blob/master/README.md Demonstrates how to configure the NetDNS2 Resolver with various options such as name servers, timeouts, TCP/TLS usage, and caching. These options can be passed to the constructor. ```php $r = new \NetDNS2\Resolver([ // an array of IP addresses to use as name servers. If this is unset it will // default to using the /etc/resolv.conf file. // array, defaults to unset. 'nameservers' => [ '1.1.1.1', '8.8.8.8' ], // tells NetDNS2 to randomize the name servers list each time it’s used. // boolean, defaults to false 'ns_random' => true, // timeout value to use for socket connections, provided as float, with microsecond // precision. e.g. a value of 1.0 will timeout in 1 second. A value of 0.05 will // timeout in 50 milliseconds. // float, defaults to 5 seconds 'timeout' => 0.05, // tells NetDNS2 to use TCP instead of UDP for queries. UDP is faster, but is limited // in size. NetDNS2 will automatically use TCP for zone transfers (AFXR) and when // a response was truncated. // in the event of a truncated response, NetDNS2 will switch to TCP, and resend the // request. // boolean, defaults to false. 'use_tcp' => true, // use DNS over TLS (DoT) this requires OpenSSL support enabled in PHP // enabling this option will also enable use_tcp, and sets the default port to 853 // boolean, defaults to false. 'use_tls' => true, // if set, these values are passed to stream_context_create() as the 'ssl' transport // section, which lets you customize TLS connection settings. // only applies when use_tls = true // array, defaults to empty 'tls_context' => [ 'verify_peer' => false, 'verify_peer_name' => false ], // DNS Port to use; -1 means default of 53 (or 853 when using DoT) // int, defaults to -1 'dns_port' => 53, // the local IP address to bind to when making outbound requests. // string, defaults to unset. 'local_host' => '', // the local port number to bind to when making outbound requests. local_host can be // set without this setting, and the system will auto-allocate the port from the // ephemeral ports. // int, defaults to 0 (unset) 'local_port' => 0, // The default domain to use for unqualified host names. // string, defaults to unset 'domain' => 'netdns2.com', // defines the type of cache to use, using a pre-defined ENUM option. valid options // are: // \NetDNS2\Cache::CACHE_TYPE_NONE - disables the local cache // \NetDNS2\Cache::CACHE_TYPE_FILE - flat file cache // \NetDNS2\Cache::CACHE_TYPE_SHM - shared memory (requires Shmop extension) // \NetDNS2\Cache::CACHE_TYPE_MEMCACHED - memcache (requires Memcached extension) // \NetDNS2\Cache::CACHE_TYPE_REDIS - redis (requires Redis extension) // int, defaults to \NetDNS2\Cache::CACHE_TYPE_NONE 'cache_type' => \NetDNS2\Cache::CACHE_TYPE_MEMCACHED, // options to pass to the underlying caching objects // array, defaults to empty 'cache_options' => [ 'server' => [ [ '127.0.0.1', 11211 ] ], 'options' => [ \Memcached::OPT_COMPRESSION => true ] ], // strict_query_mode means that if the hostname that was looked up isn’t actually in // the answer section of the response, NetDNS2 will return an empty answer section, // instead of an answer section that could contain CNAME records. // boolean, defaults to false 'strict_query_mode' => true, // if we should set the recursion desired bit to 1 or 0. // by default this is set to true, we want the DNS server to perform a recursive // request. If set to false, the RD bit will be set to 0, and the server will not // perform recursion on the request. // boolean, defaults to true 'recurse' => true, // request DNSSEC values, by setting the DO flag to 1 // this instructs the upstream resolvers that we want to include DNSSEC details ] ``` -------------------------------- ### Setting Resolver Properties Source: https://github.com/mikepultz/netdns2/blob/master/README.md Configuration options can be set as properties on the Resolver object after initialization. This example shows how to set the timeout and DNSSEC option. ```php $r = new $r->timeout = 1.5; $r->dnssec = true; $res = $r->query('google.com', 'A'); ``` -------------------------------- ### Perform Zone Transfer (AXFR) Source: https://github.com/mikepultz/netdns2/blob/master/README.md This example demonstrates how to perform a zone transfer (AXFR) for a domain. It includes setting up a resolver with a specific nameserver and signing the request with TSIG. ```php try { // // create new resolver object, passing in an array of name servers to use for lookups // $r = new \NetDNS2\Resolver([ 'nameservers' => [ '192.168.0.1' ]]); // // add a TSIG to authenticate the request // $r->signTSIG('mykey', '9dnf93asdf39fs'); // // execute the zone transfer request for example.com // $res = $r->query('example.com', 'AXFR'); // // loop through the answer, printing out each resource record. // foreach($res->answer as $rr) { print_r($rr); } } catch(\\NetDNS2\\Exception $e) { echo "::query() failed: ", $e->getMessage(), "\n"; } ``` -------------------------------- ### Enable Multiple EDNS Options Source: https://github.com/mikepultz/netdns2/blob/master/README.md This example shows how to enable multiple EDNS options, including client subnet, TCP keepalive, and NSID, in a single DNS query. Ensure that 'use_tcp' is set to true when using tcp_keepalive. ```php // // create a new Resolver object // $r = new \NetDNS2\Resolver([ 'nameservers' => [ '192.168.0.1' ]]); // // enable the client subnet option, and pass in my IP range // $r->edns->client_subnet(true, '10.10.10.0/24'); // // set a TCP keepalive value // $r->edns->tcp_keepalive(true, 300); // // request name server identifier information // $r->edns->nsid(true); // // request the A record // $res = $r->query('example.com', 'A'); ``` -------------------------------- ### Configure TLS Context for DoT Source: https://github.com/mikepultz/netdns2/blob/master/README.md This example demonstrates how to configure TLS-specific options for DoT, such as disabling peer verification, by setting the 'tls_context' array. These options are passed to stream_context_create(). ```php $r->use_tls = true; $r->tls_context = [ 'verify_peer' => false, 'verify_peer_name' => false ]; ``` -------------------------------- ### Get MX Records Source: https://github.com/mikepultz/netdns2/blob/master/README.md This snippet retrieves Mail Exchanger (MX) records for a domain. It iterates through the results to display preference and host information. ```php try { // // create new resolver object, passing in an array of name servers to use for lookups // $r = new \NetDNS2\Resolver(['nameservers' => [ '1.1.1.1' ]]); // // execute the query request for the google.com MX servers // $res = $r->query('google.com', 'MX'); // // loop through the answer, printing out the MX servers returned. // foreach($res->answer as $mxrr) { printf("preference=%d, host=%s\n", $mxrr->preference, $mxrr->exchange); } } catch(\\NetDNS2\\Exception $e) { echo "::query() failed: " . $e->getMessage() . "\n"; } ``` -------------------------------- ### Create DNS Notifier Object Source: https://github.com/mikepultz/netdns2/blob/master/README.md Initialize a NetDNS2 Notifier object for a domain and its authoritative nameservers. ```php $n = new \NetDNS2\Notifier('netdns2.com', ['nameservers' => [ '192.168.0.1' ]]); ``` -------------------------------- ### Enable DNS over HTTP (DoH) Source: https://github.com/mikepultz/netdns2/blob/master/README.md Configure the NetDNS2 Resolver to use DoH servers by passing their URLs in the 'nameservers' array. Requires the cURL extension. ```php try { // // create new resolver object, passing in an array of DoH servers // $r = new \NetDNS2\Resolver(['nameservers' => [ 'https://cloudflare-dns.com/dns-query' ]]); // // execute the query request for the facebook A record // $res = $r->query('facebook.com', 'A'); // // if facebook points to more than one IP, then you can loop through the answer array to // see each IP address. // echo "facebook resolves to: " . $res->answer[0]->address; } catch(\ ``` ```php \NetDNS2\Exception $e { echo "::query() failed: " . $e->getMessage() . "\n"; } ``` -------------------------------- ### Perform A Record Lookup Source: https://github.com/mikepultz/netdns2/blob/master/README.md Use this snippet to perform a simple A record lookup for a given domain. It requires creating a Resolver instance and specifying the nameservers. ```php try { // // create new resolver object, passing in an array of name servers to use for lookups // $r = new \NetDNS2\Resolver(['nameservers' => [ '1.1.1.1' ]]); // // execute the query // $res = $r->query('facebook.com', 'A'); // // if facebook points to more than one IP, then you can loop through the answer array to // see each IP address. // echo "facebook resolves to: " . $res->answer[0]->address; } catch(\\NetDNS2\\Exception $e) { echo "::query() failed: " . $e->getMessage() . "\n"; } ``` -------------------------------- ### Upgrade from NetDNS2 v1.x to v2.x Source: https://github.com/mikepultz/netdns2/blob/master/README.md Illustrates the namespace changes required when upgrading from NetDNS2 version 1.x to 2.x. The underlying class and function names remain largely the same. ```php v1.x try { $r = new Net_DNS2_Resolver([ 'nameservers' => [ '192.168.0.1' ]]); $res = $r->query('google.com', 'MX'); } catch(Net_DNS2_Exception $e) { print_r($e); } v2.x try { $r = new \NetDNS2\Resolver([ 'nameservers' => [ '192.168.0.1' ]]); $res = $r->query('google.com', 'MX'); } catch(\NetDNS2\Exception $e) { print_r($e); } ``` -------------------------------- ### Create DNS Updater Object Source: https://github.com/mikepultz/netdns2/blob/master/README.md Initialize a NetDNS2 Updater object for a specific domain and its authoritative nameservers. ```php $u = new \NetDNS2\Updater('example.com', [ 'nameservers' => [ '192.168.0.1' ]]); ``` -------------------------------- ### NetDNS2 TSIG Authentication for Updates Source: https://github.com/mikepultz/netdns2/blob/master/README.md Demonstrates how to create a NetDNS2 Updater object and sign outgoing dynamic DNS update requests using TSIG authentication. Ensure the key name and secret match the BIND configuration. ```PHP $u = new \NetDNS2\Updater('example.com', [ 'nameservers' => [ '192.168.0.1' ]]); // // add a TSIG to authenticate the request // $u->signTSIG('mykey', '9dnf93asdf39fs'); // // send the update request. // $u->update(); ``` -------------------------------- ### Configure Redis Cache Source: https://github.com/mikepultz/netdns2/blob/master/README.md Instantiate a NetDNS2 Resolver with Redis caching enabled. Specify host and port for the Redis server. ```php $r = new \NetDNS2\Resolver([ 'nameservers' => [ '192.168.0.1' ] 'cache_type' => \NetDNS2\Cache::CACHE_TYPE_REDIS, 'cache_options' => [ 'host' => '127.0.0.1', 'port' => 6379 ] ]); ``` -------------------------------- ### Configure Memcached Cache Source: https://github.com/mikepultz/netdns2/blob/master/README.md Instantiate a NetDNS2 Resolver with Memcached caching enabled. Specify server details and Memcached options. ```php $r = new \NetDNS2\Resolver([ 'nameservers' => [ '192.168.0.1' ] 'cache_type' => \NetDNS2\Cache::CACHE_TYPE_MEMCACHED, 'cache_options' => [ 'server' => [ [ '127.0.0.1', 11211 ] ], 'options' => [ \Memcached::OPT_COMPRESSION => true ] ] ]); ``` -------------------------------- ### Configuring Flat File Cache Source: https://github.com/mikepultz/netdns2/blob/master/README.md Creates a NetDNS2 Resolver with a flat file cache enabled. Specifies the cache file path, maximum size, and an optional TTL override. ```php $r = new \\NetDNS2\\Resolver( [ 'nameservers' => [ '192.168.0.1' ] 'cache_type' => \\NetDNS2\\Cache::CACHE_TYPE_FILE, 'cache_options' => [ 'file' => '/tmp/cache.txt', // the file to serialize cache content to 'size' => 50000, // the max file size for this cache file 'ttl_override' => 300 // int, in seconds, to cache data for ] ] ); ``` -------------------------------- ### Configuring Shared Memory (Shm) Cache Source: https://github.com/mikepultz/netdns2/blob/master/README.md Initializes a NetDNS2 Resolver using the Shmop extension for shared memory caching. Configures the cache file (used for IPC key), segment size, and an optional project ID for the ftok() function. ```php $r = new \\NetDNS2\\Resolver( [ 'nameservers' => [ '192.168.0.1' ] 'cache_type' => \\NetDNS2\\Cache::CACHE_TYPE_SHM, 'cache_options' => [ 'file' => '/tmp/cache.txt', // the file to use as the System V IPC key (via ftok()) 'size' => 50000, // the max shared memory segment size in bytes 'id' => 't' // ftok() project ID; change to use multiple independent segments ] ] ); ``` -------------------------------- ### Configuring IPv6 DNS Server Source: https://github.com/mikepultz/netdns2/blob/master/README.md Initializes a NetDNS2 Resolver to use IPv6 DNS servers. This can be set directly in the nameservers array. ```php $r = new \\NetDNS2\\Resolver([ 'nameservers' => [ '::1' ]]); ``` -------------------------------- ### NetDNS2 SIG(0) Authentication for Updates Source: https://github.com/mikepultz/netdns2/blob/master/README.md Shows how to sign dynamic DNS update requests using SIG(0) authentication with NetDNS2. This requires the path to a private key file generated by dnssec-keygen and the OpenSSL extension to be enabled in PHP. ```PHP $u = new \NetDNS2\Updater('example.com', [ 'nameservers' => [ '192.168.0.1' ]]); // // add a SIG(0) to authenticate the request; this is the path to the private key file // $u->signSIG0('/etc/named/Kexample.com.+001+15765.private'); // // send the update request. // $u->update(); ``` -------------------------------- ### Enable DNS over TLS (DoT) Source: https://github.com/mikepultz/netdns2/blob/master/README.md This snippet shows how to enable DNS over TLS (DoT) by setting the 'use_tls' option to true. This requires the OpenSSL extension and changes the default port to 853, using TCP. ```php try { // // create new resolver object, passing in an array of name servers to use for lookups // $r = new \NetDNS2\Resolver(['nameservers' => [ '1.1.1.1' ]]); // // enable DoT // $r->use_tls = true; // // execute the query request for the google.com MX servers // $res = $r->query('facebook.com', 'A'); // // if facebook points to more than one IP, then you can loop through the answer array to // see each IP address. // echo "facebook resolves to: " . $res->answer[0]->address; } catch(\\NetDNS2\\Exception $e) { echo "::query() failed: " . $e->getMessage() . "\n"; } ``` -------------------------------- ### Enable Update Lease EDNS Option Source: https://github.com/mikepultz/netdns2/blob/master/README.md Use this snippet to enable the 'update_lease' EDNS option, specifying a desired lease time. This option is related to DNSSEC and lease management. ```php // // update_lease(boolean enable, int desired_lease_time, int desired_key_lease_time = 0) // $u->edns->update_lease(true, time()); ``` -------------------------------- ### Sign DNS Notify Request with TSIG Source: https://github.com/mikepultz/netdns2/blob/master/README.md Add a TSIG key and secret to authenticate the DNS notify request. ```php $n->signTSIG('mykey', '9dnf93asdf39fs'); ``` -------------------------------- ### Enable Key Tag EDNS Option Source: https://github.com/mikepultz/netdns2/blob/master/README.md This snippet shows how to enable the Key Tag EDNS option, providing a list of key tags as defined in RFC 8145. ```php // // key_tag(boolean enable, array list_of_key_tags) // $r->edns->key_tag(true, [ 12345, 67890 ]); ``` -------------------------------- ### Specify NetDNS2 v1.x in Composer Source: https://github.com/mikepultz/netdns2/blob/master/README.md Configure your composer.json file to pin the NetDNS2 dependency to version 1.x if you need to maintain compatibility with older projects. ```json { "require": { "mikepultz/netdns2": "^1.5" } } ``` -------------------------------- ### Send DNS Update Request Source: https://github.com/mikepultz/netdns2/blob/master/README.md Execute all pending DNS update commands queued in the Updater object. ```php $u->update(); ``` -------------------------------- ### Performing IPv6 Forward DNS Lookup (AAAA Record) Source: https://github.com/mikepultz/netdns2/blob/master/README.md Performs a forward DNS lookup for an IPv6 address, retrieving the AAAA record. ```php $res = $r->query('a2.test.com', 'AAAA'); a2.test.com. 86400 IN AAAA ff01:0:0:0:0:0:0:43 ``` -------------------------------- ### Enable Client Subnet EDNS Option with IPv6 Address Source: https://github.com/mikepultz/netdns2/blob/master/README.md This snippet demonstrates enabling the client subnet EDNS option using an IPv6 address or subnet, as specified in RFC 7871. It allows for more granular control over client IP information. ```php // // client_subnet(boolean enable, string address) // $r->edns->client_subnet(true, '2607:f8b0:4009:81a::200e/56'); ``` -------------------------------- ### Add Resource Record for Notify Source: https://github.com/mikepultz/netdns2/blob/master/README.md Add a resource record to the Notifier object, which will trigger a notify against secondary servers. ```php $n->add(\NetDNS2\RR::fromString('test.netdns2.com 600 IN A 2.2.2.2')); ``` -------------------------------- ### Enable Chain EDNS Option Source: https://github.com/mikepultz/netdns2/blob/master/README.md Use this snippet to enable the 'chain' EDNS option, providing the FQDN of the closest trust point, as defined in RFC 7901. ```php // // chain(boolean enable, string fqdn_of_closest_trust_point) // $r->edns->chain(true, 'com.'); ``` -------------------------------- ### Enable DNSSEC Verification Source: https://github.com/mikepultz/netdns2/blob/master/README.md Set the 'dnssec' flag to true on the Resolver object to request DNSSEC records and verification. The 'ad' bit in the response header indicates success. ```php try { // // create new resolver object, passing in an array of name servers to use for lookups // $r = new \NetDNS2\Resolver(['nameservers' => [ '1.1.1.1' ]]); // // request DNSSEC records // $r->dnssec = true; // // execute the query // $res = $r->query('org', 'SOA'); // // check the ad flag; if it's set to 1, then the upstream resolver is confirming that // the DNSSEC verification was successful and we can trust the results. // if ($res->header->ad == 1) { echo "DNSSEC verification success!"; } else { echo "DNSSEC verification failure; we can't trust this response."; } } catch(\ ``` ```php \NetDNS2\Exception $e { echo "::query() failed: " . $e->getMessage() . "\n"; } ``` -------------------------------- ### Enable Client Subnet EDNS Option Source: https://github.com/mikepultz/netdns2/blob/master/README.md Use this snippet to include the client subnet option in a DNS query as per RFC 7871. It requires creating a Resolver and then enabling the client_subnet option with a specified IP range. ```php // // create a new Resolver object // $r = new \NetDNS2\Resolver([ 'nameservers' => [ '192.168.0.1' ]]); // // enable the client subnet option, and pass in my IP range // $r->edns->client_subnet(true, '10.10.10.0/24'); // // request the A record // $res = $r->query('example.com', 'A'); ``` -------------------------------- ### NetDNS2 TSIG Authentication for Notifications Source: https://github.com/mikepultz/netdns2/blob/master/README.md Demonstrates how to authenticate DNS NOTIFY requests using TSIG with NetDNS2. This requires the key name and secret to be configured correctly on the server. ```PHP $n = new \NetDNS2\Notifier('netdns2.com', ['nameservers' => [ '192.168.0.1' ]]); // // add a TSIG to authenticate the request // $n->signTSIG('mykey', '9dnf93asdf39fs'); // // trigger a notify request // $n->notify(); ``` -------------------------------- ### Check for Non-existent TXT Record Source: https://github.com/mikepultz/netdns2/blob/master/README.md Check if a domain does NOT have any TXT records using the Updater object. ```php $u->checkNotExists('example.com', 'TXT'); ``` -------------------------------- ### Enable N3U EDNS Option Source: https://github.com/mikepultz/netdns2/blob/master/README.md Enables the NSEC3 Unificaiton (N3U) EDNS option, specifying the supported NSEC3 algorithms. This is part of the features defined in RFC 6975. ```php // // n3u(boolean enable, array supported_nsec3_algorithms) // $r->edns->n3u(true, [ 6, 7 ]); ``` -------------------------------- ### NetDNS2 SIG(0) Authentication for Zone Transfers Source: https://github.com/mikepultz/netdns2/blob/master/README.md Illustrates how to authenticate zone transfer (AXFR) requests using SIG(0) with NetDNS2. This requires a valid private key file path and the OpenSSL extension. ```PHP $r = new \NetDNS2\Resolver([ 'nameservers' => [ '192.168.0.1' ]]); // // add a SIG(0) to authenticate the request // $r->signSIG0('/etc/named/Kexample.com.+001+15765.private'); // // request the zone transfer // $res = $r->query('example.com', 'AXFR'); ``` -------------------------------- ### Trigger DNS Notify Request Source: https://github.com/mikepultz/netdns2/blob/master/README.md Execute the DNS notify request with the configured records and TSIG authentication. ```php $n->notify(); ``` -------------------------------- ### Enable DNS Name Server Identifier (NSID) EDNS Option Source: https://github.com/mikepultz/netdns2/blob/master/README.md This snippet shows how to enable the DNS Name Server Identifier (NSID) EDNS option as defined in RFC 5001. This allows requesting information about the name server. ```php // // nsid(boolean enable) // $r->edns->nsid(true); ``` -------------------------------- ### Allow Unverifiable DNSSEC Results Source: https://github.com/mikepultz/netdns2/blob/master/README.md Set the 'dnssec_cd_flag' to true to allow the upstream resolver to return DNS records even if they are not cryptographically verifiable. Use with caution. ```php // // allow unverifiable DNSSEC results // $r->dnssec_cd_flag = true; ``` -------------------------------- ### Enable DNS Zone Version EDNS Option Source: https://github.com/mikepultz/netdns2/blob/master/README.md Enables the DNS Zone Version EDNS option as defined in RFC 9660. This option can be used to query for the version of a DNS zone. ```php // // zone_version(boolean enable) // $r->edns->zone_version(true); ``` -------------------------------- ### Enable DAU EDNS Option Source: https://github.com/mikepultz/netdns2/blob/master/README.md Enables the DNSSEC Answer Unificaiton (DAU) EDNS option, specifying the supported DNSSEC algorithms. This is part of the features defined in RFC 6975. ```php // // dau(boolean enable, array supported_dnssec_algorithms) // $r->edns->dau(true, [ 9, 10, 16 ]); ``` -------------------------------- ### Add DNS Record Source: https://github.com/mikepultz/netdns2/blob/master/README.md Add a new DNS record to be updated using the Updater object. ```php $u->add(\NetDNS2\RR::fromString('test.example.com 600 IN A 2.2.2.2')); ``` -------------------------------- ### Querying DNS with Internationalized Domain Names (IDN) Source: https://github.com/mikepultz/netdns2/blob/master/README.md Queries DNS for a Unicode domain name. NetDNS2 converts the name to Punycode internally and back to Unicode for display if the PHP Intl extension is available. ```php $res = $r->query('域名.中国', 'CNAME'); echo "域名.中国 resolves to: " . $res->answer[0]->cname; ``` ```php echo "The name value is: " . $res->answer[0]->name; ``` -------------------------------- ### DNSSEC Configuration Options Source: https://github.com/mikepultz/netdns2/blob/master/README.md These options configure DNSSEC behavior for NetDNS2 requests. They control features like enabling DNSSEC, setting the AD and CD flags, and specifying the EDNS(0) payload size. ```php 'dnssec' => false, // // set the DNSSEC AD (Authentic Data) bit on/off. // // this isn't used by client connections, as the upstream resolver is responsible // for verifying the DNSSEC signatures and setting this bit. // // boolean, defaults to false // 'dnssec_ad_flag' => false, // // set the DNSSEC CD (Checking Disabled) bit on/off // // this instructs the upstream resolvers to validate DNSSEC signatures in the // response (when the dnssec option is true). // // if set to true, it signals the upstream resolvers to return the DNS records // regardless of whether they are cryptographically verifiable. // // boolean, defaults to false // 'dnssec_cd_flag' => false, // // the EDNS(0) UDP payload size to use when making DNSSEC requests; see RFC 2671 // section 6.2.3 for more details // // integer, defaults to 1280 // 'dnssec_payload_size' => 4000 ``` -------------------------------- ### Performing IPv6 Reverse DNS Lookup Source: https://github.com/mikepultz/netdns2/blob/master/README.md Performs a reverse DNS lookup (PTR record) for an IPv6 address. ```php $res = $r->query('::1', 'PTR'); 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. 86400 IN PTR localhost. ``` -------------------------------- ### Enable TCP Keepalive EDNS Option Source: https://github.com/mikepultz/netdns2/blob/master/README.md Enables the TCP Keepalive EDNS option, specifying an idle timeout in units of 100 milliseconds. This option is only meaningful when 'use_tcp' is also set to true. ```php // // tcp_keepalive(boolean enable, int timeout) // $r->edns->tcp_keepalive(true, 300); ``` -------------------------------- ### Client-side DNSSEC Signature Verification Source: https://github.com/mikepultz/netdns2/blob/master/README.md Perform full DNSSEC chain-of-trust validation locally using the NetDNS2\DNSSEC\Validator class. Requires 'ext-openssl' and optionally 'ext-sodium'. ```php try { $r = new \NetDNS2\Resolver(['nameservers' => [ '1.1.1.1' ]]); $r->dnssec = true; // // create a validator and load the built-in IANA root trust anchors // $v = new \NetDNS2\DNSSEC\Validator($r); $v->useRootTrustAnchor(); // // query and validate — throws \NetDNS2\Exception on any failure // $res = $r->query('example.com', 'A'); $v->validate($res); echo "signature chain verified successfully\n"; } catch(\ ``` ```php \NetDNS2\Exception $e { echo "DNSSEC validation failed: " . $e->getMessage() . "\n"; } ``` -------------------------------- ### Check if Name is in Use Source: https://github.com/mikepultz/netdns2/blob/master/README.md Check if a given name is currently in use by any resource record using the Updater object. ```php $u->checkNameInUse('test.example.com'); ``` -------------------------------- ### Querying DNS and Accessing IPv4 Address Source: https://github.com/mikepultz/netdns2/blob/master/README.md Performs a DNS query for an A record and accesses the resolved IPv4 address. The address is an instance of \\NetDNS2\\Data\\IPv4 and can be echoed directly or converted to a string using value() or strval(). ```php $res = $r->query('facebook.com', 'A'); echo "facebook resolves to: " . $res->answer[0]->address; ``` ```php echo $res->answer[0]->address; ``` ```php do_something($res->answer[0]->address->value()); ``` ```php do_something(strval($res->answer[0]->address)); ``` -------------------------------- ### Enable DHU EDNS Option Source: https://github.com/mikepultz/netdns2/blob/master/README.md Enables the DNSSEC Hash Unificaiton (DHU) EDNS option, specifying the supported hash algorithms. This is part of the features defined in RFC 6975. ```php // // dhu(boolean enable, array supported_hash_algorithms) // $r->edns->dhu(true, [ 2, 3, 4]); ``` -------------------------------- ### Remove Client Subnet EDNS Option Source: https://github.com/mikepultz/netdns2/blob/master/README.md Demonstrates how to disable a previously added EDNS option, specifically the client subnet option, before executing a DNS query. This is useful for changing your mind about including specific EDNS data. ```php // // create a new Resolver object // $r = new \NetDNS2\Resolver([ 'nameservers' => [ '192.168.0.1' ]]); // // enable the client subnet option, and pass in my IP range // $r->edns->client_subnet(true, '10.10.10.0/24'); // // change my mind, and remove the option // $r->edns->client_subnet(false); // // request the A record // $res = $r->query('example.com', 'A'); ``` -------------------------------- ### Enable Expire EDNS Option Source: https://github.com/mikepultz/netdns2/blob/master/README.md Use this snippet to enable the 'expire' EDNS option, as defined in RFC 7314. This option relates to the expiration of DNS records. ```php // // expire(boolean enable) // $r->edns->expire(true); ``` -------------------------------- ### Enable Cookie EDNS Option Source: https://github.com/mikepultz/netdns2/blob/master/README.md This snippet shows how to enable the EDNS Cookie option, as per RFC 7873. The cookie value should be a 16-character hex-encoded string representing an 8-byte value. ```php // // cookie(boolean enable, string cookie_string) // $r->edns->cookie(true, '3132333435363738'); ``` -------------------------------- ### Check if Name is Not in Use Source: https://github.com/mikepultz/netdns2/blob/master/README.md Check if a given name is NOT in use by any resource record using the Updater object. ```php $u->checkNameNotInUse('test.example.com'); ``` -------------------------------- ### Add Custom Trust Anchor for DNSSEC Validation Source: https://github.com/mikepultz/netdns2/blob/master/README.md Manually add a trust anchor for private or split-horizon zones to the DNSSEC Validator. Supports RSA, ECDSA, and ED25519 algorithms. ```php $v->addTrustAnchor(\NetDNS2\RR::fromString( 'internal. 0 IN DS 12345 8 2 ' )); ``` -------------------------------- ### Check for Existing MX Records Source: https://github.com/mikepultz/netdns2/blob/master/README.md Check if a domain has any MX records using the Updater object. ```php $u->checkExists('example.com', 'MX'); ``` -------------------------------- ### Enable DNS Error Reporting Channel EDNS Option Source: https://github.com/mikepultz/netdns2/blob/master/README.md Use this snippet to enable the DNS Error Reporting channel option, specifying an agent domain, as defined in RFC 9567. ```php // // report_channel(boolean enable, string agent_domain) // $r->edns->report_channel(true, 'example.com'); ``` -------------------------------- ### Delete All Records for a Domain Source: https://github.com/mikepultz/netdns2/blob/master/README.md Delete all resource records for a specified domain using the Updater object. ```php $u->deleteAll('example.com'); ``` -------------------------------- ### Enable Extended Error EDNS Option Source: https://github.com/mikepultz/netdns2/blob/master/README.md Enables the Extended DNS Errors EDNS option as defined in RFC 8914. This allows for more detailed error reporting from DNS servers. ```php // // extended_error(boolean enable) // $r->edns->extended_error(true); ``` -------------------------------- ### Check for Specific RR Existence Source: https://github.com/mikepultz/netdns2/blob/master/README.md Check if a specific resource record exists using the Updater object. ```php $u->checkValueExists(\NetDNS2\RR::fromString('test.example.com 600 IN A 2.2.2.2')); ``` -------------------------------- ### Delete DNS Record Source: https://github.com/mikepultz/netdns2/blob/master/README.md Delete a specific DNS record using the Updater object. ```php $u->delete(\NetDNS2\RR::fromString('test.example.com 600 IN A 2.2.2.2')); ``` -------------------------------- ### Delete All MX Records Source: https://github.com/mikepultz/netdns2/blob/master/README.md Delete all MX records for a given domain using the Updater object. ```php $u->deleteAny('example.com', 'MX'); ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.