Tag Archives: netdns2

Net_DNS2 v1.5.0 – Version Bump (requires >= PHP 5.4)

I’ve released version 1.5.0 of the Net_DNS2 library.

You can add it to your project using composer:

composer require pear/net_dns2

Or you can install it through the command line PEAR installer:

pear install Net_DNS2

Version 1.5.0

  • added the AMTRELAY resource record type (RFC 8777).
  • added Net_DNS2_RR::asArray(), which returns the same values as __toString(), but as an array for easier access.
  • added Net_DNS2::closeSockets(), which lets you close all cached network sockets in the resolver object.
  • added Net_DNS2::getSockets(), which returns the local sockets cache array.
  • added date_created and date_last_used to the Net_DNS2_Socket object, to track usage stats on each socket object.
  • added the SHA256, SHA384, and GOST digest defines to Lookups.php.
  • dropped the Net_DNS2_Socket_Sockets, and switch to just using the streams code. There’s no speed difference anymore.
  • fixed a bug in Net_DNS2_Packet::compress() and Net_DNS2_Packet::expand() related to dot literals in compressed names.
  • fixed a display issue in the IPSECKEY RR when displaying hostname / domain names in the gateway field.
  • fixed a couple inconsistencies in the docs.
  • fixed a PHP 7.4 bug in Sockets.php; accessing a null value as an array throws an exception now.
  • fixed Net_DNS2_RR_DS so it will be able to support other digest definitions without any other changes.
  • the Net_DNS2_RR_NIMLOC class was incorrectly named Net_DNS2_RR_NIMLOCK.
  • Net_DNS2_PrivateKey was using the wrong member variable name for the key_format value.
  • changed all references to array() to [].
  • removed all sorts of license noise from the files.
  • updated the test cases to use PHPUnit v9+.

Net_DNS2 Moved to GitHub

I’ve never been a bit fan of git- I’ve got used to using SVN over the years, and never saw a compelling reason to change- until now- that Google is shutting down the Google Code service- so I’m forced to move.

Luckily I can still keep using SVN with GitHub- I can put off actually using git for the foreseeable future!

The new Net_DNS2 repository is officially moved to GitHub:


Net_DNS2 Version 1.3.2 Released

I’ve released version 1.3.2 of the PEAR Net_DNS2 library- you can install it now through the command line PEAR installer:

pear install Net_DNS2

Download it directly from the Google Code page here.

Or, you can also add it to your project using composer.

Version 1.3.2

  • added support for the EUI48 and EUI64 resource records (RFC7043).
  • fixed how we handle the return values from socket select() statements; this wasn’t causing a problem, but it wasn’t quite right.
  • added some error messaging when the socket times out).
  • before we cache the data, unset the rdata value; this was causing some JSON errors to be generated, and we don’t need the data anyway.

Net_DNS2 Version 1.3.1 Released

I’ve released version 1.3.1 of the PEAR Net_DNS2 library- you can install it now through the command line PEAR installer:

pear install Net_DNS2

Download it directly from the Google Code page here.

Or, you can also add it to your project using composer.

Version 1.3.1

  • added the Net_DNS2_Packet_Request and Net_DNS2_Packet_Response objects to the Net_DNS2_Exception object
  • added support in the TSIG class for SHA algorithms (requires the hash extension, which is included in PHP >= 5.1.2), patch provided by Manuel Mausz
  • added support for the NID, L32, L64, and LP DNS RR’s (RFC6742)
  • lots of phpcs cleanup

Net_DNS2 Version 1.3.0 – More DNSSEC Features

This release includes many new DNSSEC changes, including a new, simple “dnssec” flag that tells the server to send all the DNSSEC related resource records for the given zone, as well as include the AD flag indicating if the data is authentic. This is analogous to the “+dnssec” option on the command line dig command.

Setting “dnssec” to true makes Net_DNS2 automatically add an OPT record to the additional section of the request, with the DO bit set to 1, indicating that we would like the DNSSEC information related to the given zone.

$resolver = new Net_DNS2_Resolver(array('nameservers' => array('')));

$resolver->dnssec = true;

$result = $resolver->query('org', 'SOA', 'IN');



Net_DNS2_Packet_Response Object
    [answer_from] =>
    [answer_socket_type] => 2
    [header] => Net_DNS2_Header Object
            [id] => 31102
            [qr] => 1
            [opcode] => 0
            [aa] => 0
            [tc] => 0
            [rd] => 1
            [ra] => 1
            [z] => 0
            [ad] => 1
            [cd] => 0
            [rcode] => 0
            [qdcount] => 1
            [ancount] => 2
            [nscount] => 0
            [arcount] => 1

    [question] => Array
            [0] => Net_DNS2_Question Object
                    [qname] => org
                    [qtype] => SOA
                    [qclass] => IN


    [answer] => Array
            [0] => Net_DNS2_RR_SOA Object
                    [mname] => a0.org.afilias-nst.info
                    [rname] => noc.afilias-nst.info
                    [serial] => 2010472684
                    [refresh] => 1800
                    [retry] => 900
                    [expire] => 604800
                    [minimum] => 86400
                    [name] => org
                    [type] => SOA
                    [class] => IN
                    [ttl] => 886
                    [rdlength] => 51

            [1] => Net_DNS2_RR_RRSIG Object
                    [typecovered] => SOA
                    [algorithm] => 7
                    [labels] => 1
                    [origttl] => 900
                    [sigexp] => 20130429014033
                    [sigincep] => 20130408004033
                    [keytag] => 31380
                    [signname] => org
                    [signature] => KBWEIC7BTypmbMTPU2KjCkPDbN1tV29ShWqa2zoGb4uQcRDBgYhz2ajpOaaJPrK+YY2E7BavLI+kulhJn9r/5kjXlOHQG/34B+OFlQwTTwHIRqtSmBu1qJorJSrSObQGVjZt4hteNVF6rfbS2u1m/Rh43eaoVCHfhJaeyr+MzLA=
                    [name] => org
                    [type] => RRSIG
                    [class] => IN
                    [ttl] => 886
                    [rdlength] => 151


    [authority] => Array

    [additional] => Array
            [0] => Net_DNS2_RR_OPT Object
                    [option_code] => 
                    [option_length] => 0
                    [option_data] => 
                    [extended_rcode] => 0
                    [version] => 0
                    [do] => 1
                    [z] => 0
                    [name] => 
                    [type] => OPT
                    [class] => 512
                    [ttl] => 32768
                    [rdlength] => 0
                    [rdata] => 


You can see that the response includes the original OPT RR in the additional section, with the DO bit set to 1. The header section also includes the AD bit set to 1, indicating that the server considers the data authentic.

I’ve also included the ability to adjust the AD flag  when making a query (to indicate to the server that we’d like the value of the AD bit, without having to set the DO bit in the OPT RR – see RFC6840 section 5.7), and to adjust the CD flag (telling the server that the client will perform it’s own signature validation).

Net_DNS2 does not validate the DNSSEC signatures itself, but it does provide all the data from DNS needed so that users can. Future versions of Net_DNS2 may provide support for this.

See the change log page for a full list of changes in this release.

You can install Net_DNS2 version 1.3.0 directly from PEAR, using the command line PEAR installer:

pear install Net_DNS2

Or download it directly from the Google Code page here.