!aH      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFG NoneAHdnsEncode ByteString using the  -https://tools.ietf.org/html/rfc4648#section-7RFC4648 base32hex1 encoding with no padding as specified for the  /https://tools.ietf.org/html/rfc5155#section-3.3RFC5155 Next Hashed Owner Name field.Hdns input bufferdnsbase32hex outputH Safe|uIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~None"#2gdns;RData formats for a few EDNS options, and an opaque catcalldnsName Server Identifier (RFC5001). Bidirectional, empty from client. (opaque octet-string). May contain binary data, which MUST be empty in queries.dnswDNSSEC Algorithm Understood (RFC6975). Client to server. (array of 8-bit numbers). Lists supported DNSKEY algorithms.dnsoDS Hash Understood (RFC6975). Client to server. (array of 8-bit numbers). Lists supported DS hash algorithms.dnsuNSEC3 Hash Understood (RFC6975). Client to server. (array of 8-bit numbers). Lists supported NSEC3 hash algorithms.dnsClient subnet (RFC7871). Bidirectional. (source bits, scope bits, address). The address is masked and truncated when encoding queries. The address is zero-padded when decoding. Invalid input encodings result in an  value instead.dns}Unsupported or malformed IP client subnet option. Bidirectional. (address family, source bits, scope bits, opaque address).dnsGeneric EDNS option. (numeric , opaque content)dnsEDNS Option Code (RFC 6891). dnsFrom option code to number. dns%EDNS information defined in RFC 6891. dns2EDNS version, presently only version 0 is defined. dnsSupported UDP payload size.dnsRequest DNSSEC replies (with RRSIG and NSEC records as as appropriate) from the server. Generally, not needed (except for diagnostic purposes) unless the signatures will be validated. Just setting the AD bit in the query and checking it in the response is sufficient (but often subject to man-in-the-middle forgery) if all that's wanted is whether the server validated the response.dnsEDNS options (e.g. , , ...)dns4Type for resource records in the additional section.dns6Type alias for resource records in the answer section.dns6Type alias for resource records in the answer section.dnsRaw data format for each type.dns IPv4 addressdnsAn authoritative name servednsThe canonical name for an aliasdns&Marks the start of a zone of authoritydns NULL RR (EXPERIMENTAL, RFC1035).dnsA domain name pointerdns Mail exchangedns Text stringsdns IPv6 AddressdnsServer Selection (RFC2782)dnsDNAME (RFC6672)dns OPT (RFC6891) dnsDelegation Signer (RFC4034)!dnsDNSSEC signature"dns&DNSSEC denial of existence NSEC record#dnsDNSKEY (RFC4034)$dns+DNSSEC hashed denial of existence (RFC5155)%dnsNSEC3 zone parameters (RFC5155)&dns)TLSA (RFC6698) RD_CDS RD_CDNSKEY RD_CSYNC'dnsUnknown resource data(dnsRRSIG representation. As noted in  1https://tools.ietf.org/html/rfc4034#section-3.1.5Section 3.1.5 of RFC 4034h the RRsig inception and expiration times use serial number arithmetic. As a result these timestamps are not pure values, their meaning is time-dependent! They depend on the present time and are both at most approximately +/-68 years from the present. This ambiguity is not a problem because cached RRSIG records should only persist a few days, signature lifetimes should be *much* shorter than 68 years, and key rotation should result any misconstrued 136-year-old signatures fail to validate. This also means that the interpretation of a time that is exactly half-way around the clock at now +/-0x800000008 is not important, the signature should never be valid.rThe upshot for us is that we need to convert these *impure* relative values to pure absolute values at the moment they are received from from the network (or read from files, ... in some impure I/O context), and convert them back to 32-bit values when encoding. Therefore, the constructor takes absolute 64-bit representations of the inception and expiration times.The , function performs the requisite conversion.*dnsRRtype of RRset signed+dnsDNSKEY algorithm,dnsNumber of labels signed-dnsMaximum origin TTL.dnsTime last valid/dnsTime first valid0dnsSigning key tag1dnsSigning domain2dnsOpaque signature3dns%Raw data format for resource records.5dnsName6dnsResource record type7dnsResource record class8dns Time to live9dns Resource data:dnsTime to live in second.;dnsResource record class.<dns"Raw data format for DNS questions.>dns A domain name?dnsThe type of the query@dnsEDNS extended 12-bit response code. Non-EDNS messages use only the low 4 bits. With EDNS this stores the combined error code from the DNS header and and the EDNS psuedo-header. See l for more detail.Adns Convert an @ to its numeric value.BdnsKind of query.CdnsA standard query.Ddns2An inverse query (inverse queries are deprecated).EdnsA server status request.Fdns$A zone change notification (RFC1996)GdnsAn update request (RFC2136)HdnsQuery or response.IdnsQuery.Jdns Response.KdnsQuery controls form a L, as with function composition, the left-most value has the last say. The  is generated by two sets of combinators, one that controls query-related DNS header flags, and another that controls EDNS features.The header flag controls are: ,  and .The EDNS feature controls are: , , ,  and N. When EDNS is disabled, all the other EDNS-related controls have no effect.Example: Disable DNSSEC checking on the server, and request signatures and NSEC records, perhaps for your own independent validation. The UDP buffer size is set large, for use with a local loopback nameserver on the same host.:{mconcat [ adFlag FlagClear , cdFlag FlagSet , doFlag FlagSet= , ednsSetUdpSize (Just 8192) -- IPv4 loopback server? ]:}(ad:0,cd:1,edns.udpsize:8192,edns.dobit:1Example: Use EDNS version 1 (yet to be specified), request nameserver ids from the server, and indicate a client subnet of "192.0.2.1/24".:set -XOverloadedStringslet emptyNSID = "" let mask = 24let ipaddr = read "192.0.2.1":{!mconcat [ ednsSetVersion (Just 1)7 , ednsSetOptions (ODataAdd [OD_NSID emptyNSID])C , ednsSetOptions (ODataAdd [OD_ClientSubnet mask 0 ipaddr]) ]:}/edns.version:1,edns.options:[NSID,ClientSubnet]dns0EDNS query controls. When EDNS is disabled via ednsEnabled FlagClear7, all the other EDNS-related overrides have no effect.EednsHeader $ makeEmptyQuery $ ednsEnabled FlagClear <> doFlag FlagSetNoEDNSdnsEnableddnsVersiondnsUDP SizednsDNSSEC OK (DO) bitdnsEDNS option list tweaksLdnsThe default EDNS Option list is empty. We define two operations, one to prepend a list of options, and another to set a specific list of options.Mdns&Add the specified options to the list.Ndns!Set the option list as specified.dnsqControl over query-related DNS header flags. As with function composition, the left-most value has the last say.Odns&Boolean flag operations. These form a . When combined via F, as with function composition, the left-most value has the last say.mempty :: FlagOpFlagKeepFlagSet <> memptyFlagSetFlagClear <> FlagSet <> mempty FlagClear+FlagReset <> FlagClear <> FlagSet <> mempty FlagResetPdnsSet the flag to 1QdnsClear the flag to 0Rdns#Reset the flag to its default valueSdnsLeave the flag unchangedTdns8Raw data format for the flags of DNS Query and Response.VdnsQuery or response.WdnsKind of query.XdnsAA (Authoritative Answer) bit - this bit is valid in responses, and specifies that the responding name server is an authority for the domain name in question section.YdnsTC (Truncated Response) bit - specifies that this message was truncated due to length greater than that permitted on the transmission channel.ZdnsRD (Recursion Desired) bit - this bit may be set in a query and is copied into the response. If RD is set, it directs the name server to pursue the query recursively. Recursive query support is optional.[dnsRA (Recursion Available) bit - this be is set or cleared in a response, and denotes whether recursive query support is available in the name server.\dns=The full 12-bit extended RCODE when EDNS is in use. Should always be zero in well-formed requests. When decoding replies, the high eight bits from any EDNS response are combined with the 4-bit RCODE from the DNS header. When encoding replies, if no EDNS OPT record is provided, RCODE values > 15 are mapped to .]dns7AD (Authenticated Data) bit - (RFC4035, Section 3.2.3).^dns6CD (Checking Disabled) bit - (RFC4035, Section 3.2.2)._dns9Raw data format for the header of DNS Query and Response.adnsQuery or reply identifier.bdnsFlags, OPCODE, and RCODEcdnsJAn identifier assigned by the program that generates any kind of query.ddns+DNS message format for queries and replies.fdnsHeader with extended @gdnsEDNS pseudo-headerhdns The question for the name serveridnsRRs answering the questionjdns RRs pointing toward an authoritykdns"RRs holding additional informationldns<Data type representing the optional EDNS pseudo-header of a d When a single well-formed OPT 3G was present in the message's additional section, it is decoded to an  ' record and and stored in the message g field. The corresponding OPT RR. is then removed from the additional section.When the constructor is n, no EDNS OPT> record was present in the message additional section. When o, the message holds either a malformed OPT record or more than one OPT record, which can still be found in (have not been removed from) the message additional section.The EDNS OPT record augments the message error status with an 8-bit field that forms 12-bit extended RCODE when combined with the 4-bit RCODE from the unextended DNS header. In EDNS messages it is essential to not use just the bare 4-bit @j from the original DNS header. Therefore, in order to avoid potential misinterpretation of the response @q, when the OPT record is decoded, the upper eight bits of the error status are automatically combined with the \{ of the message header, so that there is only one place in which to find the full 12-bit result. Therefore, the decoded  4 pseudo-header, does not hold any error status bits.]The reverse process occurs when encoding messages. The low four bits of the message header \ are encoded into the wire-form DNS header, while the upper eight bits are encoded as part of the OPT record. In DNS responses with an \M larger than 15, EDNS extensions SHOULD be enabled by providing a value for g with a constructor of lN. If EDNS is not enabled in such a message, in order to avoid truncation of @N values that don't fit in the non-extended DNS header, the encoded wire-form @ is set to .-When encoding messages for transmission, the gF is used to generate the additional OPT record. Do not add explicit OPT; records to the aditional section, configure EDNS via the l instead.*let getopts eh = mapEDNS eh ednsOptions []:let optsin = [OD_ClientSubnet 24 0 $ read "192.0.2.1"]:let masked = [OD_ClientSubnet 24 0 $ read "192.0.2.0"]Blet message = makeEmptyQuery $ ednsSetOptions $ ODataSet optsinBlet optsout = getopts. ednsHeader <$> (decode $ encode message)optsout == Right maskedTruemdnsA valid EDNS messagendnsA valid non-EDNS messageodnsMultiple or bad additional OPT RRspdns9An enumeration of all possible DNS errors that can occur.qdns\The sequence number of the answer doesn't match our query. This could indicate foul play.rdns_The question section of the response doesn't match our query. This could indicate foul play.sdnsA zone tranfer, i.e., a request of type AXFR, was attempted with the "lookup" interface. Zone transfer is different enough from "normal" requests that it requires a different interface.tdns3The number of retries for the request was exceeded.udnsTCP fallback request timed out.vdnsWThe answer has the correct sequence number, but returned an unexpected RDATA format.wdns The domain for query is illegal.xdns2The name server was unable to interpret the query.ydnsZThe name server was unable to process this query due to a problem with the name server.zdnsSThis code signifies that the domain name referenced in the query does not exist.{dns=The name server does not support the requested kind of query.|dns)The name server refuses to perform the specified operation for policy reasons. For example, a name server may not wish to provide the information to the particular requester, or a name server may not wish to perform a particular operation (e.g., zone transfer) for particular data.}dns9The server does not support the OPT RR version or content~dnsConfiguration is wrong.dnsNetwork failure.dnsError is unknowndnsTypes for resource records.dnsFrom type to number.dns}Type for a mailbox encoded on the wire as a DNS name, but the first label is conceptually the local part of an email address, and may contain internal periods that are not label separators. Therefore, in mailboxes @ is used as the separator between the first and second labels, and any '.' characters in the first label are not escaped. The encoding is otherwise the same as * above. This is most commonly seen in the mrname of SOAA records. On input, if there is no unescaped @ character in the , it is reparsed with '.' as the first label separator. Thus the traditional format with all labels separated by dots is also accepted, but decoding from wire form always uses @ between the first label and the domain-part of the address. Examples: 2hostmaster@example.org. -- First label is simply  hostmaster, john.smith@examle.com. -- First label is  john.smith dnsThis type holds the presentation form of fully-qualified DNS domain names encoded as ASCII A-labels, with '.' separators between labels. Non-printing characters are escaped as \DDDK (a backslash, followed by three decimal digits). The special characters:  ", $, (, ), ;, @, and \ are escaped by prepending a backslash. The trailing '.' is optional on input, but is recommended, and is always added when decoding from  wire form. The encoding of domain names to  wire form[, e.g. for transmission in a query, requires the input encodings to be valid, otherwise a  may be thrown. Domain names received in wire form in DNS messages are escaped to this presentation form as part of decoding the d.8This form is ASCII-only. Any conversion between A-label s, and U-label TextF happens at whatever layer maps user input to DNS names, or presents friendly DNS names to the user. Not all users can read all scripts, and applications that default to U-label form should ideally give the user a choice to see the A-label form. Examples: www.example.org. -- Ordinary DNS name. _25._tcp.mx1.example.net. -- TLSA RR initial labels have _ prefixes. \001.exotic.example. -- First label is Ctrl-A! just\.one\.label.example. -- First label is "just.one.label" dnsClient subnet (RFC7871)dns-DNSSEC algorithm support (RFC6974, section 3)dnsNSID (RFC5001, section 2.3)dnsMalformed (peer) EDNS message, no RCODE available. This is not an RCODE that can be sent by a peer. It lies outside the 12-bit range expressible via EDNS. The low 12-bits are chosen to coincide with c. When an EDNS message is malformed, and we're unable to extract the extended RCODE, the header \ is set to .dns#Bad/missing Server Cookie [RFC7873]dnsBad Truncation [RFC4635]dns!Algorithm not supported [RFC2930]dnsDuplicate key name [RFC2930]dnsBad TKEY Mode [RFC2930]dns&Signature out of time window [RFC2845]dnsKey not recognized [RFC2845]dns$Bad OPT Version (BADVERS, RFC 6891).dnsNotZone - Dynamic update response, a name used in the Prerequisite or Update Section is not within the zone denoted by the Zone Section.dnskNotAuth - Dynamic update response, the server is not authoritative for the zone named in the Zone Section.dns\NXRRSet - Dynamic update response, a pre-requisite RRSet that should exist, does not exist.dns\YXRRSet - Dynamic update response, a pre-requisite RRSet that should not exist, does exist.dns^YXDomain - Dynamic update response, a pre-requisite domain that should not exist, does exist.dns9Refused - The name server refuses to perform the specified operation for policy reasons. For example, a name server may not wish to provide the information to the particular requester, or a name server may not wish to perform a particular operation (e.g., zone transfer) for particular data.dnsRNot Implemented - The name server does not support the requested kind of query.dnsName Error - Meaningful only for responses from an authoritative name server, this code signifies that the domain name referenced in the query does not exist.dnsnServer failure - The name server was unable to process this query due to a problem with the name server.dnsDFormat error - The name server was unable to interpret the query.dnsNo error condition.dns/Certification Authority Authorization (RFC6844)dns8A request for all records the server/cache has availablednsZone transfer (RFC5936)dns)Child-To-Parent Synchronization (RFC7477)dns3DNSKEY(s) the Child wants reflected in DS (RFC7344)dnsChild DS (RFC7344)dnsTLSA (RFC6698)dnsNSEC3PARAM (RFC5155)dnsNSEC3 (RFC5155)dnsDNSKEY (RFC4034)dnsNSEC (RFC4034)dnsRRSIG (RFC4034)dnsDelegation Signer (RFC4034)dns OPT (RFC6891)dnsDNAME (RFC6672)dnsServer Selection (RFC2782)dns IPv6 Addressdns Text stringsdns Mail exchangednsA domain name pointerdnsA null RR (EXPERIMENTAL)dns&Marks the start of a zone of authoritydnsThe canonical name for an aliasdnsAn authoritative name servedns IPv4 addressdnsFrom number to type.dnsBReturn the second argument for EDNS messages, otherwise the third.dnszReturn the output of a function applied to the EDNS pseudo-header if EDNS is enabled, otherwise return a default value.dnsDefault Tr record suitable for making recursive queries. By default the RD bit is set, and the AD and CD bits are cleared.dnsApply the given O: to a default boolean value to produce the final setting.dns2We don't show options left at their default value.dnsShow non-default flag valuesdns>Combine a list of options for display, skipping default valuesdns&Apply all the query flag overrides to , returning the resulting Tq suitable for making queries with the requested flag settings. This is only needed if you're creating your own d, the   function takes a K2 argument and handles this conversion internally.QDefault overrides can be specified in the resolver configuration by setting the   field of the  argument to k. These then apply to lookups via resolvers based on the resulting configuration, with the exception of   which takes an additional K+ argument to augment the default overrides.dnszSince any given option code can appear at most once in the list, we de-duplicate by the OPTION CODE when combining lists.dnsFConstruct a list of 0 or 1 EDNS OPT RRs based on EdnsControls setting.dns Generator of K that adjusts the RD bit.rdFlag FlagClearrd:0dns Generator of K that adjusts the AD bit.adFlag FlagSetad:1dns Generator of K that adjusts the CD bit.cdFlag FlagSetcd:1dns Generator of KR that enables or disables EDNS support. When EDNS is disabled, the rest of the   controls are ignored.EednsHeader $ makeEmptyQuery $ ednsEnabled FlagClear <> doFlag FlagSetNoEDNSdns Generator of K that adjusts the   version. A value of  makes no changes, while  v sets the EDNS version to v.ednsSetVersion (Just 1)edns.version:1dns Generator of K that adjusts the   UDP buffer size. A value of  makes no changes, while  n# sets the EDNS UDP buffer size to n.ednsSetUdpSize (Just 2048)edns.udpsize:2048dns Generator of K that adjusts the   DnssecOk (DO) bit.doFlag FlagSet edns.dobit:1dns Generator of K that adjusts the list of   options.:set -XOverloadedStrings&ednsSetOptions (ODataAdd [OD_NSID ""])edns.options:[NSID]dnsAConvert a 16-bit DNS OPCODE number to its internal representationdnsQConvert the internal representation of a DNS OPCODE to its 16-bit numeric value.dns+Convert a numeric value to a corresponding @<. The behaviour is undefined for values outside the range  [0 .. 0xFFF]H since the EDNS extended RCODE is a 12-bit value. Values in the range [0xF01 .. 0xFFF] are reserved for private use.dns'Resource record class for the Internet.dnsGiven a 32-bit circle-arithmetic DNS time, and the current absolute epoch time, return the epoch time corresponding to the DNS timestamp.dns.Convert epoch time to a YYYYMMDDHHMMSS string::{let testVector =* [ ( "19230704085602", -1467299038)* , ( "19331017210945", -1142563815)* , ( "19480919012827", -671668293 )* , ( "19631210171455", -191227505 )* , ( "20060819001740", 1155946660 )* , ( "20180723061122", 1532326282 )* , ( "20281019005024", 1855529424 )* , ( "20751108024632", 3340406792 )* , ( "21240926071415", 4883008455 )* , ( "21270331070215", 4962150135 )* , ( "21371220015305", 5300560385 )* , ( "21680118121052", 6249787852 )* , ( "21811012210032", 6683202032 )* , ( "22060719093224", 7464648744 )* , ( "22100427121648", 7583717808 )* , ( "22530821173957", 8950757997 )* , ( "23010804210243", 10463979763)* , ( "23441111161706", 11829514626)* , ( "23750511175551", 12791843751), , ( "23860427060801", 13137746881) ]8 in (==) <$> map (showTime.snd) <*> map fst $ testVector:}TruednsA d= template for queries with default settings for the message _ and lF. This is the initial query message state, before customization via K.dnsDefault response. When responding to EDNS queries, the response must either be an EDNS response, or else FormatErr must be returned. The default response message has EDNS disabled (g set to n(), it should be updated as appropriate.Do not explicitly add OPT RRs to the additional section, instead let the encoder compute and add the OPT record based on the EDNS pseudo-header.The @ in the _ should be set to the appropriate 12-bit extended value, which will be split between the primary header and EDNS OPT record during message encoding (low 4 bits in DNS header, high 8 bits in EDNS OPT record). See l for more details.dnsA query template with K# overrides applied, with just the < and query c remaining to be filled in.dnsConstruct a complete query d, by combining the  template with the specified c, and <. The K can be  to leave all header and EDNS settings at their default values, or some combination of overrides. A default set of overrides can be enabled via the   field of .. Per-query overrides are possible by using .dnsConstruct a query response d.dnsThe default EDNS pseudo-header for queries. The UDP buffer size is set to 1216 bytes, which should result in replies that fit into the 1280 byte IPv6 minimum MTU. Since IPv6 only supports fragmentation at the source, and even then not all gateways forward IPv6 pre-fragmented IPv6 packets, it is best to keep DNS packet sizes below this limit when using IPv6 nameservers. A larger value may be practical when using IPv4 exclusively. defaultEDNS = EDNS { ednsVersion = 0 -- The default EDNS version is 0 , ednsUdpSize = 1216 -- IPv6-safe UDP MTU , ednsDnssecOk = False -- We don't do DNSSEC validation , ednsOptions = [] -- No EDNS options by default } dns1Maximum UDP size that can be advertised. If the   of   is larger, then this value is sent instead. This value is likely to work only for local nameservers on the loopback network. Servers may enforce a smaller limit. maxUdpSize16384dns"Minimum UDP size to advertise. If   of  0 is smaller, then this value is sent instead. minUdpSize512dnsFrom number to option code.dnsRecover the (often implicit)  from a value of the  sum type.dnsUse  /https://tools.ietf.org/html/rfc2929#section-2.3 names for DNS RCODEsdns4Provide an Enum instance for backwards compatibilitydns&Apply all the query flag overrides to , returning thednsEDNS pseudo-headerdns!Value to return for EDNS messagesdns%Value to return for non-EDNS messagesdnsEDNS pseudo-headerdnsFunction to apply to   valuedns$Default result for non-EDNS messagesdnsDNS circle-arithmetic timestampdnscurrent epoch timednsabsolute DNS timestampdnsFlag and EDNS overridesdnsCrypto random request iddnsQuestion name and typedns'Custom RD/AD/CD flags and EDNS settings ! "#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~3456789;:! "#$%&'()*+,-./012defghijkKOPQRSLMN_`abcTUVWXYZ[\]^HIJBCDEFG@Almno  <=>?pqrstuvwxyz{|}~None=? dnsParse a list of elements that takes up exactly a given number of bytes. In order to avoid infinite loops, if an element parser succeeds without moving the buffer offset forward, an error will be returned.dnsTo get a broad range of correct RRSIG inception and expiration times without over or underflow, we choose a time half way between midnight PDT 2010-07-15 (the day the root zone was signed) and 2^32 seconds later on 2146-08-21. Since decode and  are pure, we can't peek at the current time while parsing. Outside this date range the output is off by some non-zero multiple 2^32 seconds.dnsDecode a domain name in A-label form to a leading label and a tail with the remaining labels, unescaping backlashed chars and decimal triples along the way. Any U-label conversion belongs at the layer above this code.`This function is pure, but is not total, it throws an error when presented with malformed inputdnsConvert a wire-form label to presentation-form by escaping the separator, special and non-printing characters. For simple labels with no bytes that require escaping we get back the input bytestring asis with no copying or re-construction.Note: the separator is required to be either '.' or '@', but this constraint is the caller's responsibility and is not checked here.dns0In the presentation form of DNS labels, these characters are escaped by prepending a backlash. (They have special meaning in zone files). Whitespace and other non-printable or non-ascii characters are encoded via "DDD" decimal escapes. The separator character is also quoted in each label. Note that '@'' is quoted even when not the separator.dns7Is the given byte the separator or one of the specials?dnsIs the given byte a plain byte that reqires no escaping. The tests are ordered to succeed or fail quickly in the most common cases. The test ranges assume the expected numeric values of the named special characters. Note: the separator is assumed to be either  or '@'9 and so not matched by any of the first three fast-path  cases.dnsSome numeric byte constants.dnsSome numeric byte constants.dnsSome numeric byte constants.dnsSome numeric byte constants.dnselement type for error messagesdnsinput buffer lengthdnselement parserdns'Reference time for DNS clock arithmeticdnsParserdnsEncoded message.None"#     None"#KhdnsEncode DNSSEC NSEC type bitsdns2Encode EDNS OPTION consisting of a list of octets.dns"Encode an EDNS OPTION byte string.NonednsEncode DNS flags.dnsEncode DNS header.dnsEncode a domain. dnsVEncode a mailbox name. The first label is separated from the remaining labels by an \@ rather than a .0. This is used for the contact address in the SOA record.!dnsEncode a ResourceRecord. !NoneDdns Encode a dS for transmission over UDP. For transmission over TCP encapsulate the result via  , or use *, which handles this internally. If any 3- in the message contains incorrectly encoded . name ByteStrings, this function may raise a .None"dnsMHelper to find position of RData end, that is, the offset of the first byte after the current RData.#dns;Concatenate a sequence of length-prefixed strings of text /https://tools.ietf.org/html/rfc1035#section-3.3$dnsPointers MUST point back into the packet per RFC1035 Section 4.1.4. This is further interpreted by the DNS community (from a discussion on the IETF DNSOP mailing list) to mean that they don't point back into the same domain. Therefore, when starting to parse a domain, the current offset is also a strict upper bound on the targets of any pointers that arise while processing the domain. When following a pointer, the target again becomes a stict upper bound for any subsequent pointers. This results in a simple loop-prevention algorithm, each sequence of valid pointer values is necessarily strictly decreasing! The third argument to %r is a strict pointer upper bound, and is set here to the position at the start of parsing the domain or mailbox.Note: the separator passed to %/ is required to be either '.' or '@', or else . needs to be modified to handle the new value.%dnsGet a domain name, using sep1 as the separator between the 1st and 2nd label. Subsequent labels (and always the trailing label) are terminated with a ".".BNote: the separator is required to be either '.' or '@', or else . needs to be modified to handle the new value.Domain name compression pointers must always refer to a position that precedes the start of the current domain name. The starting offsets form a strictly decreasing sequence, which prevents pointer loops."dns*number of bytes left from current positiondns end position&'()*$+None,dns Decode the T field of _:. This is an internal function exposed only for testing.-dns Decode the _H of a message. This is an internal function. exposed only for testing..dnsDecode a domain name. Since DNS names may use name compression, it is not generally possible to decode the names separately from the enclosing DNS message. This is an internal function exposed only for testing./dns&Decode a mailbox name (the SOA record mrname field). Since DNS names may use name compression, it is not generally possible to decode the names separately from the enclosing DNS message. This is an internal function.0dnsDecoding resource records.bDecode a resource record (RR) with any DNS timestamps interpreted at the nominal epoch time (see decodeAt). Since RRs may use name compression, it is not generally possible to decode resource record separately from the enclosing DNS message. This is an internal function.1dnsDecode a resource record (RR) with DNS timestamps interpreted at the supplied epoch time. Since RRs may use DNS name compression, it is not generally possible to decode resource record separately from the enclosing DNS message. This is an internal function.1dnscurrent epoch timednsencoded resource record,-./01None'dnsDecode an input buffer containing a single encoded DNS message. If the input buffer has excess content beyond the end of the message an error is returned. DNS circle-arithmeticP timestamps (e.g. in RRSIG records) are interpreted at the supplied epoch time.dnsDecode an input buffer containing a single encoded DNS message. If the input buffer has excess content beyond the end of the message an error is returned. DNS circle-arithmetic timestamps (e.g. in RRSIG records) are interpreted based on a nominal time in the year 2073 chosen to maximize the time range for which this gives correct translations of 32-bit epoch times to absolute 64-bit epoch times. This will yield incorrect results starting circa 2141.dnsDecode a buffer containing multiple encoded DNS messages each preceded by a 16-bit length in network byte order. Any left-over bytes of a partial message after the last complete message are returned as the second element of the result tuple. DNS circle-arithmeticP timestamps (e.g. in RRSIG records) are interpreted at the supplied epoch time.dnsDecode a buffer containing multiple encoded DNS messages each preceded by a 16-bit length in network byte order. Any left-over bytes of a partial message after the last complete message are returned as the second element of the result tuple. DNS circle-arithmetica timestamps (e.g. in RRSIG records) are interpreted based on a nominal time in the year 2078 chosen to give correct dates for DNS timestamps over a 136 year time range from the date the root zone was signed on the 15th of July 2010 until the 21st of August in 2146. Outside this date range the output is off by some non-zero multiple 2^32 seconds.2dns0Decode multiple messages using the given parser.dnscurrent epoch timednsencoded input bufferdnsdecoded message or errordnsencoded input bufferdnsdecoded message or errordnscurrent epoch timednsencoded input bufferdns`decoded messages and left-over partial message or error if any complete message fails to parse.dnsencoded input bufferdns`decoded messages and left-over partial message or error if any complete message fails to parse.2dnsmessage decoderdnsenoded input bufferdns`decoded messages and left-over partial message or error if any complete message fails to parse.NoneP dnsReceive and decode a single d from a UDP 3. Messages longer than  are silently truncated, but this should not occur in practice, since we cap the advertised EDNS UDP buffer size limit at the same value. A p, is raised if I/O or message decoding fails.dnsReceive and decode a single  DNSMesage] from a virtual-circuit (TCP). It is up to the caller to implement any desired timeout. An p- is raised if I/O or message decoding fails.dnsSend an encoded dm datagram over UDP. The message length is implicit in the size of the UDP datagram. With TCP you must use , because TCP does not have message boundaries, and each message needs to be prepended with an explicit length. The socket must be explicitly connected to the destination nameserver.dnsSend a single encoded d over TCP. An explicit length is prepended to the encoded buffer before transmission. If you want to send a batch of multiple encoded messages back-to-back over a single TCP connection, and then loop to collect the results, use 5 to prefix each message with a length, and then use F to send a concatenated batch of the resulting encapsulated messages.dnsSend one or more encoded d[ buffers over TCP, each allready encapsulated with an explicit length prefix (perhaps via ;) and then concatenated into a single buffer. DO NOT use  with UDP.dns The encoded d has the specified request ID. The default values of the RD, AD, CD and DO flag bits, as well as various EDNS features, can be adjusted via the K parameter.NThe caller is responsible for generating the ID via a securely seeded CSPRNG.dnsEncapsulate an encoded d buffer for transmission over a TCP virtual circuit. With TCP the buffer needs to start with an explicit length (the length is implicit with UDP).dnsCompose a response with a single IPv4 RRset. If the query had an EDNS pseudo-header, a suitable EDNS pseudo-header must be added to the response message, or else a  response must be sent. The response TTL defaults to 300 seconds, and should be updated (to the same value across all the RRs) if some other TTL value is more appropriate.dnsCompose a response with a single IPv6 RRset. If the query had an EDNS pseudo-header, a suitable EDNS pseudo-header must be added to the response message, or else a  response must be sent. The response TTL defaults to 300 seconds, and should be updated (to the same value across all the RRs) if some other TTL value is more appropriate.dnsCrypto random request iddnsQuery name and typednsQuery flag and EDNS overrides  None|fdnsAbstract data type of DNS Resolver. This includes newly seeded identifier generators for all specified DNS servers and a cache database.dnsuIntermediate abstract data type for resolvers. IP address information of DNS servers is generated according to !4 internally. This value can be safely reused for  withResolver./The naming is confusing for historical reasons. dns'Type for resolver configuration. Use 0 to create a new value.CAn example to use Google's public DNS cache instead of resolv.conf:Blet conf = defaultResolvConf { resolvInfo = RCHostName "8.8.8.8" }BAn example to use multiple Google's public DNS cache concurrently:hlet conf = defaultResolvConf { resolvInfo = RCHostNames ["8.8.8.8","8.8.4.4"], resolvConcurrent = True }An example to disable EDNS:Llet conf = defaultResolvConf { resolvQueryControls = ednsEnabled FlagClear }*An example to enable query result caching:Dlet conf = defaultResolvConf { resolvCache = Just defaultCacheConf }3An example to disable requesting recursive service.Glet conf = defaultResolvConf { resolvQueryControls = rdFlag FlagClear }7An example to set the AD bit in all queries by default.Elet conf = defaultResolvConf { resolvQueryControls = adFlag FlagSet }HAn example to set the both the AD and CD bits in all queries by default.Wlet conf = defaultResolvConf { resolvQueryControls = adFlag FlagSet <> cdFlag FlagSet }An example with an EDNS buffer size of 1216 bytes, which is more robust with IPv6, and the DO bit set to request DNSSEC responses.clet conf = defaultResolvConf { resolvQueryControls = ednsSetUdpSize (Just 1216) <> doFlag FlagSet }!dnsServer information."dnsTimeout in micro seconds.#dns.The number of retries including the first try.$dns9Concurrent queries if multiple DNS servers are specified.%dnsCache configuration.&dns\Overrides for the default flags used for queries via resolvers that use this configuration.'dns"Cache configuration for responses.(dnsBIf RR's TTL is higher than this value, this value is used instead.)dns"Cache pruning interval in seconds.*dns#The type to specify a cache server.+dnsA path for "resolv.conf" where one or more IP addresses of DNS servers should be found on Unix. Default DNS servers are automatically detected on Windows regardless of the value of the file name.,dnsA numeric IP address. Warning: host names are invalid.-dnsNumeric IP addresses. Warning: host names are invalid..dns&A numeric IP address and port number. Warning: host names are invalid./dnsDefault cache configuration.defaultCacheConf/CacheConf {maximumTTL = 300, pruningDelay = 10}0dnsReturn a default  :! is + "/etc/resolv.conf"." is 3,000,000 micro seconds.# is 3.$ is False.% is Nothing.& is an empty set of overrides.456789: ;&%$#"!'<)(*.-,+/0None2=dnsCheck response for a matching identifier and question. If we ever do pipelined TCP, we'll need to handle out of order responses. See: -https://tools.ietf.org/html/rfc7766#section-74765>NoneS1dnsMake a  from a  . Examples:&rs <- makeResolvSeed defaultResolvConf2dnsGiving a thread-safe + to the function of the second argument.3dnsGiving thread-safe 7s to the function of the second argument. For each 2, multiple lookups must be done sequentially. s can be used concurrently. &%$#"!')(*+,-./0123 0!"#$%&*+,-.'/()123None"#ʻ4dnsLook up resource records of a specified type for a domain, collecting the results from the ANSWER section of the response. See the documentation of 6= to understand the concrete behavior. Cache is used if % is .Example:&rs <- makeResolvSeed defaultResolvConfBwithResolver rs $ \resolver -> lookup resolver "www.example.com" ARight [93.184.216.34]5dnsLook up resource records of a specified type for a domain, collecting the results from the AUTHORITY section of the response. See the documentation of 6B to understand the concrete behavior. Cache is used even if % is .?dnseLooking up resource records of a domain. The first parameter is one of the field accessors of the d type -- this allows you to choose which section (answer, authority, or additional) you would like to inspect for the result.6dns2Look up a name and return the entire DNS Response.-For a given DNS server, the queries are done:A new UDP socket bound to a new local port is created and a new identifier is created atomically from the cryptographically secure pseudo random number generator for the target DNS server. Then UDP queries are tried with the limitation of # (use EDNS if specifiecd). If it appears that the target DNS server does not support EDNS, it falls back to traditional queries.If the response is truncated, a new TCP socket bound to a new local port is created. Then exactly one TCP query is retried.&If multiple DNS servers are specified   ('RCHostNames ') or found (+A), either sequential lookup or concurrent lookup is carried out:In sequential lookup ($ is False), the query procedure above is processed in the order of the DNS servers sequentially until a successful response is received.In concurrent lookup ($ is True), the query procedure above is processed for each DNS server concurrently. The first received response is accepted even if it is an error.Cache is not used even if % is .The example code: s rs <- makeResolvSeed defaultResolvConf withResolver rs $ \resolver -> lookupRaw resolver "www.example.com" A $And the (formatted) expected output: H Right (DNSMessage { header = DNSHeader { identifier = 1, flags = DNSFlags { qOrR = QR_Response, opcode = OP_STD, authAnswer = False, trunCation = False, recDesired = True, recAvailable = True, rcode = NoErr, authenData = False }, }, question = [Question { qname = "www.example.com.", qtype = A}], answer = [ResourceRecord {rrname = "www.example.com.", rrtype = A, rrttl = 800, rdlen = 4, rdata = 93.184.216.119}], authority = [], additional = []}) 6AXFR requests cannot be performed with this interface.&rs <- makeResolvSeed defaultResolvConf@withResolver rs $ \resolver -> lookupRaw resolver "mew.org" AXFRLeft InvalidAXFRLookup7dns Similar to 6y, but the default values of the RD, AD, CD and DO flag bits, as well as various EDNS features, can be adjusted via the K parameter.8dnswMessages with a non-error RCODE are passed to the supplied function for processing. Other messages are translated to p instances. Note that zt is not a lookup error. The lookup is successful, bearing the sad news that the requested domain does not exist. z responses may return a meaningful AD bit, may contain useful data in the authority section, and even initial CNAME records that lead to the ultimately non-existent domain. Applications that wish to process the content of zF (NXDomain) messages will need to implement their own RCODE handling.6dnsResolver obtained via  withResolverdns Query domaindns Query RRtype7dnsResolver obtained via  withResolverdns Query domaindns Query RRtypednsQuery flag and EDNS overrides4567845678None. 9dns/Look up all 'A' records for the given hostname.A straightforward example:&rs <- makeResolvSeed defaultResolvConf=withResolver rs $ \resolver -> lookupA resolver "www.mew.org"Right [210.130.207.72]hThis function will also follow a CNAME and resolve its target if one exists for the queries hostname:&rs <- makeResolvSeed defaultResolvConf>withResolver rs $ \resolver -> lookupA resolver "www.kame.net"Right [203.178.141.194]:dns9Look up all (IPv6) 'AAAA' records for the given hostname. Examples:&rs <- makeResolvSeed defaultResolvConfCwithResolver rs $ \resolver -> lookupAAAA resolver "www.wide.ad.jp",Right [2001:200:dff:fff1:216:3eff:fe4b:651c];dnsLook up all 'MX' records for the given hostname. Two parts constitute an MX record: a hostname , and an integer priority. We therefore return each record as a (, Int).In this first example, we look up the MX for the domain "example.com". It has no MX (to prevent a deluge of spam from examples posted on the internet). But remember, "no results" is still a successful result.&rs <- makeResolvSeed defaultResolvConf>withResolver rs $ \resolver -> lookupMX resolver "example.com"Right []3The domain "mew.org" does however have a single MX:&rs <- makeResolvSeed defaultResolvConf:withResolver rs $ \resolver -> lookupMX resolver "mew.org"Right [("mail.mew.org.",10)]ZAlso note that all hostnames are returned with a trailing dot to indicate the DNS root.<dnsuLook up all 'MX' records for the given hostname, and then resolve their hostnames to IPv4 addresses by calling 9". The priorities are not retained. Examples:import Data.List (sort)&rs <- makeResolvSeed defaultResolvConfHips <- withResolver rs $ \resolver -> lookupAviaMX resolver "wide.ad.jp" fmap sort ips$Right [133.138.10.39,203.178.136.30]hSince there is more than one result, it is necessary to sort the list in order to check for equality.=dnsuLook up all 'MX' records for the given hostname, and then resolve their hostnames to IPv6 addresses by calling :". The priorities are not retained.@dns.This function performs the real work for both > and ?>. The only difference between those two is which function, 4 or 5S, is used to perform the lookup. We take either of those as our first parameter.>dnsLook up all 'NS' records for the given hostname. The results are taken from the ANSWER section of the response (as opposed to AUTHORITY). For details, see e.g.  %http://www.zytrax.com/books/dns/ch15/.There will typically be more than one name server for a domain. It is therefore extra important to sort the results if you prefer them to be at all deterministic. Examples:import Data.List (sort)&rs <- makeResolvSeed defaultResolvConf@ns <- withResolver rs $ \resolver -> lookupNS resolver "mew.org" fmap sort ns%Right ["ns1.mew.org.","ns2.mew.org."]?dnsLook up all 'NS' records for the given hostname. The results are taken from the AUTHORITY section of the response and not the usual ANSWER (use >% for that). For details, see e.g.  %http://www.zytrax.com/books/dns/ch15/.There will typically be more than one name server for a domain. It is therefore extra important to sort the results if you prefer them to be at all deterministic.For an example, we can look up the nameservers for "example.com" from one of the root servers, a.gtld-servers.net, the IP address of which was found beforehand:import Data.List (sort)6let ri = RCHostName "192.5.6.30" -- a.gtld-servers.net.let rc = defaultResolvConf { resolvInfo = ri }rs <- makeResolvSeed rcHns <- withResolver rs $ \resolver -> lookupNSAuth resolver "example.com" fmap sort ns3Right ["a.iana-servers.net.","b.iana-servers.net."]@dnsOLook up all 'TXT' records for the given hostname. The results are free-form s.)Two common uses for 'TXT' records are  4http://en.wikipedia.org/wiki/Sender_Policy_Framework and  7http://en.wikipedia.org/wiki/DomainKeys_Identified_Mail9. As an example, we find the SPF record for "mew.org":&rs <- makeResolvSeed defaultResolvConf;withResolver rs $ \resolver -> lookupTXT resolver "mew.org"Right ["v=spf1 +mx -all"]AdnsLook up the 'SOA' record for the given domain. The result 7-tuple consists of the 'mname', 'rname', 'serial', 'refresh', 'retry', 'expire' and 'minimum' fields of the SOA record.An @ separator is used between the first and second labels of the 'rname' field. Since 'rname' is an email address, it often contains periods within its first label. Presently, the trailing period is not removed from the domain part of the 'rname', but this may change in the future. Users should be prepared to remove any trailing period before using the 'rname` as a contact email address.&rs <- makeResolvSeed defaultResolvConf;withResolver rs $ \resolver -> lookupSOA resolver "mew.org"HRight [("ns1.mew.org.","kazu@mew.org.",201406240,3600,300,3600000,3600)]BdnsLook up all 'PTR' records for the given hostname. To perform a reverse lookup on an IP address, you must first reverse its octets and then append the suffix ".in-addr.arpa."gWe look up the PTR associated with the IP address 210.130.137.80, i.e., 80.137.130.210.in-addr.arpa:&rs <- makeResolvSeed defaultResolvConfNwithResolver rs $ \resolver -> lookupPTR resolver "164.2.232.202.in-addr.arpa"Right ["www.iij.ad.jp."]The C1 function is more suited to this particular task.CdnsConvenient wrapper around B7 to perform a reverse lookup on a single IP address.We repeat the example from B0, except now we pass the IP address directly:&rs <- makeResolvSeed defaultResolvConfBwithResolver rs $ \resolver -> lookupRDNS resolver "202.232.2.164"Right ["www.iij.ad.jp."]DdnsNLook up all 'SRV' records for the given hostname. SRV records consist (see  #https://tools.ietf.org/html/rfc2782") of the following four fields:"Priority (lower is more-preferred)kWeight (relative frequency with which to use this record amongst all results with the same priority)/Port (the port on which the service is offered)5Target (the hostname on which the service is offered)mThe first three are integral, and the target is another DNS hostname. We therefore return a four-tuple  (Int,Int,Int,). Examples:&rs <- makeResolvSeed defaultResolvConfUwithResolver rs $ \resolver -> lookupSRV resolver "_xmpp-server._tcp.jabber.ietf.org"%Right [(5,0,5269,"jabber.ietf.org.")] 9:;<=>?@ABCD 9:;<=>?@ABCDNone]sEdns Perform both F and G on the given i. When comparing DNS names taken from user input, this is often necessary to avoid unexpected results.Examples:#let domain1 = BS.pack "ExAmPlE.COM"$let domain2 = BS.pack "example.com."domain1 == domain2False&normalize domain1 == normalize domain2TrueThe E function should be idempotent:2normalize (normalize domain1) == normalize domain1True(Ensure that we don't crash on the empty :,import qualified Data.ByteString.Char8 as BSnormalize BS.empty"."Fdns9Normalize the case of the given DNS name for comparisons.YAccording to RFC #1035, "For all parts of the DNS that are part of the official protocol, all comparisons between character strings (e.g., labels, domain names, etc.) are done in a case-insensitive manner." This function chooses to lowercase its argument, but that should be treated as an implementation detail if at all possible.Examples:#let domain1 = BS.pack "ExAmPlE.COM"#let domain2 = BS.pack "exAMPle.com"domain1 == domain2False.normalizeCase domain1 == normalizeCase domain2TrueThe F function should be idempotent:>normalizeCase (normalizeCase domain2) == normalizeCase domain2True(Ensure that we don't crash on the empty :,import qualified Data.ByteString.Char8 as BSnormalizeCase BS.empty""GdnseNormalize the given name by appending a trailing dot (the DNS root) if one does not already exist.Warning: this does not produce an equivalent DNS name! However, users are often unaware of the effect that the absence of the root will have. In user interface design, it may therefore be wise to act as if the user supplied the trailing dot during comparisons.Per RFC #1034,"Since a complete domain name ends with the root label, this leads to a printed form which ends in a dot. We use this property to distinguish between:za character string which represents a complete domain name (often called 'absolute'). For example, 'poneria.ISI.EDU.' a character string that represents the starting labels of a domain name which is incomplete, and should be completed by local software using knowledge of the local domain (often called 'relative'). For example, 'poneria' used in the ISI.EDU domain.FRelative names are either taken relative to a well known origin, or to a list of domains used as a search list. Relative names appear mostly at the user interface, where their interpretation varies from implementation to implementation, and in master files, where they are relative to a single origin domain name."Examples:#let domain1 = BS.pack "example.com"$let domain2 = BS.pack "example.com."domain1 == domain2False.normalizeRoot domain1 == normalizeRoot domain2TrueThe G function should be idempotent:>normalizeRoot (normalizeRoot domain1) == normalizeRoot domain1True(Ensure that we don't crash on the empty :,import qualified Data.ByteString.Char8 as BSnormalizeRoot BS.empty"."EFGEFG None]  ! "#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGA !"#$%%&'()*+,-./0123456789:;<=>?@A;BCDEFGHIJKLLMNOPQRSTTUVWXYZ[\]^_`abcdefghijkklmnopqrstuuvwxyyz{|}~      !"#$%&'()*+,-./012345 6789:;<=>?@ABCD EFGHIJKLMNOPQRST #UVWUXYUXZUV[U\]UV^U_`U_aU_bU_cU_dU_eU_fU_gU_hU_iU_jU_kU_lU_mU_nU_oU_pU_qU_rU_sU_tU_uU_vUVwUVxUVyUVzUV{UV|UV}UV~UUVUVUVUVUVUVUUUUUUUUUUUUUUUVUVUVUVUVUUUUUUUUUVUUVUVUVUVUVUVUVUVU\U\U\U\U\U\U\U\U\U\U\U\U\U\UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU U U U U UUUUUUUUUUUUUUUUUUUUUUUU U!U!U"U#U#U$U%U%U&U'(U')U'*U'+U',U'-U'.U'/U'0U'1U'2U'3U'4U'5U'6U'7U'8U'9U':U';U'<U'=U'>U'?U'@U'AU'BU'CU'DU'EU'FU'GU'HU'IU'JU'KU'LU'MU'NU'OU'PU'QU'RU'SU'TU'UU'VU'WU'XU'YU'ZU'[U'\U']U'^U'_U'`UabUacUacUdeUdeUfgUfhUfiUfjUklUkmUknUkoUkpUkqUkrUksUktUkuUkvUkwUkxUkyUkzUk{U|}U_~U_U_UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUXUXUXUXUXUXUXBUXUXUXUXUXUXUXUXUXUXUXUXUXUXUXUXUXUXUXUXUXUXUXUXUUUUUUUUUUVUVUVUVUVUVUVUVUVUVUVUVUV      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQ/RST0UV6WXYZ[ dns-4.0.0-9zv92Wu82wPEK8qd87FEQ7Network.DNS.TypesNetwork.DNS.EncodeNetwork.DNS.DecodeNetwork.DNS.IONetwork.DNS.ResolverNetwork.DNS.LookupRawNetwork.DNS.LookupNetwork.DNS.UtilsNetwork.DNS.Base32HexNetwork.DNS.Imports lookupRawCtl Network.DNSresolvQueryControls ResolvConfmakeResolvSeed loookupRawCtlNetwork.DNS.StateBinaryNetwork.DNS.MemoNetwork.DNS.Encode.BuildersNetwork.DNS.Encode.InternalencodeVCsendVCNetwork.DNS.Decode.ParsersNetwork.DNS.Decode.InternalNetwork.DNS.Types.InternalNetwork.DNS.TransportODataOD_NSIDOD_DAUOD_DHUOD_N3UOD_ClientSubnet OD_ECSgeneric UnknownODataOptCode fromOptCodeEDNS ednsVersion ednsUdpSize ednsDnssecOk ednsOptionsAdditionalRecordsAuthorityRecordsAnswersRDataRD_ARD_NSRD_CNAMERD_SOARD_NULLRD_PTRRD_MXRD_TXTRD_AAAARD_SRVRD_DNAMERD_OPTRD_DSRD_RRSIGRD_NSEC RD_DNSKEYRD_NSEC3 RD_NSEC3PARAMRD_TLSA UnknownRData RDREP_RRSIG rrsigType rrsigKeyAlgrrsigNumLabelsrrsigTTLrrsigExpirationrrsigInception rrsigKeyTag rrsigZone rrsigValueResourceRecordrrnamerrtyperrclassrrttlrdataTTLCLASSQuestionqnameqtypeRCODE fromRCODEOPCODEOP_STDOP_INVOP_SSR OP_NOTIFY OP_UPDATEQorRQR_Query QR_Response QueryControlsODataOpODataAddODataSetFlagOpFlagSet FlagClear FlagResetFlagKeepDNSFlagsqOrRopcode authAnswer trunCation recDesired recAvailablercode authenData chkDisable DNSHeader identifierflags Identifier DNSMessageheader ednsHeaderquestionanswer authority additional EDNSheaderNoEDNS InvalidEDNSDNSErrorSequenceNumberMismatchQuestionMismatchInvalidAXFRLookupRetryLimitExceededTimeoutExpiredUnexpectedRDATA IllegalDomain FormatError ServerFailure NameErrorNotImplementedOperationRefused BadOptRecordBadConfigurationNetworkFailure DecodeErrorUnknownDNSErrorTYPEfromTYPEMailboxDomain ClientSubnetN3UDHUDAUNSIDBadRCODE BadCookieBadTruncBadAlgBadNameBadModeBadTimeBadKeyBadVersNotZoneNotAuthNXRRSetYXRRSetYXDomainRefusedNotImplNameErrServFail FormatErrNoErrCAAANYAXFRCSYNCCDNSKEYCDSTLSA NSEC3PARAMNSEC3DNSKEYNSECRRSIGDSOPTDNAMESRVAAAATXTMXPTRNULLSOACNAMENSAtoTYPEifEDNSmapEDNSdefaultDNSFlagsrdFlagadFlagcdFlag ednsEnabledednsSetVersionednsSetUdpSizedoFlagednsSetOptionstoOPCODE fromOPCODEtoRCODEclassINdnsTime defaultQuerydefaultResponsemakeEmptyQuery makeQuery makeResponse defaultEDNS maxUdpSize minUdpSize toOptCode $fShowTYPE$fExceptionDNSError$fMonoidFlagOp$fSemigroupFlagOp$fShowHeaderControls$fMonoidHeaderControls$fSemigroupHeaderControls $fShowRCODE $fEnumRCODE$fShowRD_RRSIG $fShowOptCode $fShowOData $fShowRData$fMonoidODataOp$fSemigroupODataOp$fShowEdnsControls$fMonoidEdnsControls$fSemigroupEdnsControls$fShowQueryControls$fMonoidQueryControls$fSemigroupQueryControls$fEqTYPE $fOrdTYPE $fEqDNSError$fShowDNSError $fEqFlagOp $fShowFlagOp$fEqHeaderControls$fEqQorR $fShowQorR $fEnumQorR $fBoundedQorR $fEqOPCODE $fShowOPCODE $fEnumOPCODE$fBoundedOPCODE $fEqRCODE $fEqDNSFlags$fShowDNSFlags $fEqDNSHeader$fShowDNSHeader $fEqQuestion$fShowQuestion $fEqRD_RRSIG $fOrdRD_RRSIG $fEqOptCode $fOrdOptCode $fEqOData $fOrdOData$fEqEDNS $fShowEDNS$fEqEDNSheader$fShowEDNSheader $fEqRData $fOrdRData$fEqResourceRecord$fShowResourceRecord$fEqDNSMessage$fShowDNSMessage $fEqODataOp$fEqEdnsControls$fEqQueryControlsencodedecodeAtdecode decodeManyAt decodeManyreceive receiveVCsendsendAllencodeQuestion responseA responseAAAAResolver ResolvSeed resolvInfo resolvTimeout resolvRetryresolvConcurrent resolvCache CacheConf maximumTTL pruningDelayFileOrNumericHost RCFilePath RCHostName RCHostNames RCHostPortdefaultCacheConfdefaultResolvConf withResolver withResolverslookup lookupAuth lookupRawfromDNSMessagelookupA lookupAAAAlookupMX lookupAviaMXlookupAAAAviaMXlookupNS lookupNSAuth lookupTXT lookupSOA lookupPTR lookupRDNS lookupSRV normalize normalizeCase normalizeRootbaseGHC.Base++GHC.Listfilterzipmap Control.Monadguardjoin GHC.FloatFloatingpiexplogsqrt**logBasesincostanasinacosatansinhcoshtanhasinhacoshatanhlog1pexpm1log1pexplog1mexpMonad>>=>>returnfailFunctorfmap<$ghc-prim GHC.ClassesOrd>=minmax><compare<=Data.Typeable.InternalTypeable Applicative<*>pure*><*liftA2 Data.Foldablefoldrlengthnullfoldlfoldl'foldl1sumproductfoldr1maximumminimumelemData.TraversablemapMsequence<>MonoidmemptymappendmconcatGHC.IntInt64 GHC.MaybeMaybeNothingJust GHC.TypesOrderingLTEQGTWordGHC.WordWord8Word16Word32Word64TyConbytestring-0.10.8.2Data.ByteString.Internal ByteString<**> Data.Functor<$> Alternativemanysome<|>empty MonadPlusmzeromplusmfilter<$!>unless replicateM_ replicateMfoldM_foldM zipWithM_zipWithM mapAndUnzipMforever<=<>=>filterM Data.ListisSubsequenceOf mapAccumR mapAccumLforMControl.Applicativeoptional WrappedMonad WrapMonad unwrapMonad WrappedArrow WrapArrow unwrapArrowZipList getZipList Data.TypeabletypeOf7typeOf6typeOf5typeOf4typeOf3typeOf2typeOf1 rnfTypeReptypeRepFingerprint typeRepTyCon typeRepArgs splitTyConAppmkFunTy funResultTygcast2gcast1gcasteqTcast showsTypeReptypeReptypeOfTypeReprnfTyContyConFingerprint tyConName tyConModule tyConPackageData.Functor.ConstConstgetConstfindnotElem minimumBy maximumByallanyorand concatMapconcatmsum sequence_forM_mapM_ Data.MonoidFirstgetFirstLastgetLastApgetApData.Semigroup.InternalDualgetDualEndoappEndoAllgetAllAnygetAnySumgetSumProduct getProductAltgetAlt Data.OldListunwordswordsunlineslinesunfoldrsortOnsortBysort permutations subsequencestailsinitsgroupBygroupdeleteFirstsByunzip7unzip6unzip5unzip4zipWith7zipWith6zipWith5zipWith4zip7zip6zip5zip4genericReplicate genericIndexgenericSplitAt genericDrop genericTake genericLengthinsertByinsert partition transpose intercalate intersperse intersectBy intersectunionByunion\\deleteBydeletenubBynub isInfixOf isSuffixOf isPrefixOf findIndices findIndex elemIndices elemIndex stripPrefix dropWhileEndData.Ord comparingDown Data.ProxyProxyData.Type.Equality:~:Refl:~~:HReflNumericshowOctshowHex showIntAtBase showHFloat showGFloatAlt showFFloatAlt showGFloat showFFloat showEFloatshowInt readSigned readFloatreadHexreadDecreadOctreadIntGHC.Read lexDigitsfromRat floatToDigits showFloat byteSwap64 byteSwap32 byteSwap16 Data.BitstoIntegralSizedpopCountDefaulttestBitDefault bitDefaultBits.&..|.xor complementshiftrotatezeroBitsbitsetBitclearBit complementBittestBit bitSizeMaybebitSizeisSignedshiftL unsafeShiftLshiftR unsafeShiftRrotateLrotateRpopCount FiniteBits finiteBitSizecountLeadingZeroscountTrailingZerosvoidGHC.Real showSignedunzip3unzipzipWith3zipWithzip3!!reversebreakspansplitAtdroptake dropWhile takeWhilecycle replicaterepeatiterate'iteratescanr1scanrscanl'scanl1scanlfoldl1'initlasttailunconshead Data.MaybemapMaybe catMaybes listToMaybe maybeToList fromMaybefromJust isNothingisJustmaybeapliftM5liftM4liftM3liftM2liftMwhen=<<liftA3liftANonEmpty:| EdnsControlsextEnextVnextSzextDOextOdHeaderControls applyFlag skipDefaultshowFlagshowOpts queryDNSFlags odataDedup queryEdnsshowTimeodataToOptCodesGetMany dnsTimeMidrunSGet parseLabel unparseLabel escSpecials isSpecialisPlain.TruezerosemiatsignbslashrunSGetWithLeftoversAtPStatepsDomain psPositionpsInputpsAtTimeSGet wsPositionSPutput8put16put32putInt8putInt16putInt32 putByteString putReplicate addPositionWwsPopwsPush getPositiongetInput getAtTimepushpopget8get16get32getInt8getInt16getInt32 getNBytes getNoctets skipNBytesgetNByteStringfitSGet initialStatefailSGet runSGetAtrunSGetWithLeftoversrunSPutCacheDBEntryPrioKeySection AuthorityAnswernewCache lookupCache insertCacheprunecopy copyOData putNsecTypes putODWords putODBytes putDNSMessage putHeader putDNSFlagsputResourceRecord putDomain putMailboxencodeDNSFlagsencodeDNSHeader encodeDomain encodeMailboxencodeResourceRecordrdataEndgetTXT getDomain getDomain' getResponse getDNSFlags getHeadergetResourceRecordsgetResourceRecord getMailboxdecodeDNSFlagsdecodeDNSHeader decodeDomain decodeMailboxdecodeResourceRecorddecodeResourceRecordAt decodeMParse&network-3.1.0.1-3hHBpw17wpa9MleAlG8j6iNetwork.Socket.TypesSocketcachegenIds resolvseed nameservers resolvconf checkRespresolve lookupSection lookupNSImpl