h&mg      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~  Safe-InferreddnsDecode an input buffer containing a single encoded DNS message. If the input buffer has excess content beyond the end of the message an error is returned. DNS circle-arithmetic timestamps (e.g. in RRSIG records) are interpreted at the supplied epoch time.dnsDecode an input buffer containing a single encoded DNS message. If the input buffer has excess content beyond the end of the message an error is returned. DNS circle-arithmetic timestamps (e.g. in RRSIG records) are interpreted based on a nominal time in the year 2073 chosen to maximize the time range for which this gives correct translations of 32-bit epoch times to absolute 64-bit epoch times. This will yield incorrect results starting circa 2141.dnsDecode a buffer containing multiple encoded DNS messages each preceded by a 16-bit length in network byte order. Any left-over bytes of a partial message after the last complete message are returned as the second element of the result tuple. DNS circle-arithmetic timestamps (e.g. in RRSIG records) are interpreted at the supplied epoch time.dnsDecode a buffer containing multiple encoded DNS messages each preceded by a 16-bit length in network byte order. Any left-over bytes of a partial message after the last complete message are returned as the second element of the result tuple. DNS circle-arithmetic timestamps (e.g. in RRSIG records) are interpreted based on a nominal time in the year 2078 chosen to give correct dates for DNS timestamps over a 136 year time range from the date the root zone was signed on the 15th of July 2010 until the 21st of August in 2146. Outside this date range the output is off by some non-zero multiple 2^32 seconds.dns0Decode multiple messages using the given parser.dnscurrent epoch timednsencoded input bufferdnsdecoded message or errordnsencoded input bufferdnsdecoded message or errordnscurrent epoch timednsencoded input bufferdnsdecoded messages and left-over partial message or error if any complete message fails to parse.dnsencoded input bufferdnsdecoded messages and left-over partial message or error if any complete message fails to parse.dnsmessage decoderdnsenoded input bufferdnsdecoded messages and left-over partial message or error if any complete message fails to parse. Safe-Inferreddns Encode a h for transmission over UDP. For transmission over TCP encapsulate the result via   , or use  *, which handles this internally. If any - in the message contains incorrectly encoded J. name ByteStrings, this function may raise a N. Safe-Inferred"m dnsReceive and decode a single h from a UDP ;, throwing away the client address. Messages longer than   are silently truncated, but this should not occur in practice, since we cap the advertised EDNS UDP buffer size limit at the same value. A ^- is raised if I/O or message decoding fails.dnsReceive and decode a single h from a UDP . Messages longer than   are silently truncated, but this should not occur in practice, since we cap the advertised EDNS UDP buffer size limit at the same value. A ^, is raised if I/O or message decoding fails.dnsReceive and decode a single  DNSMesage from a virtual-circuit (TCP). It is up to the caller to implement any desired timeout. An ^- is raised if I/O or message decoding fails.dnsSend an encoded h datagram over UDP. The message length is implicit in the size of the UDP datagram. With TCP you must use , because TCP does not have message boundaries, and each message needs to be prepended with an explicit length. The socket must be explicitly connected to the destination nameserver.dnsSend an encoded h datagram over UDP to a given address. The message length is implicit in the size of the UDP datagram. With TCP you must use , because TCP does not have message boundaries, and each message needs to be prepended with an explicit length.dnsSend a single encoded h over TCP. An explicit length is prepended to the encoded buffer before transmission. If you want to send a batch of multiple encoded messages back-to-back over a single TCP connection, and then loop to collect the results, use 5 to prefix each message with a length, and then use  to send a concatenated batch of the resulting encapsulated messages.dnsSend one or more encoded h buffers over TCP, each allready encapsulated with an explicit length prefix (perhaps via ;) and then concatenated into a single buffer. DO NOT use  with UDP.dns The encoded h has the specified request ID. The default values of the RD, AD, CD and DO flag bits, as well as various EDNS features, can be adjusted via the  parameter.The caller is responsible for generating the ID via a securely seeded CSPRNG.dnsEncapsulate an encoded h buffer for transmission over a TCP virtual circuit. With TCP the buffer needs to start with an explicit length (the length is implicit with UDP).dnsCompose a response with a single IPv4 RRset. If the query had an EDNS pseudo-header, a suitable EDNS pseudo-header must be added to the response message, or else a o response must be sent. The response TTL defaults to 300 seconds, and should be updated (to the same value across all the RRs) if some other TTL value is more appropriate.dnsCompose a response with a single IPv6 RRset. If the query had an EDNS pseudo-header, a suitable EDNS pseudo-header must be added to the response message, or else a o response must be sent. The response TTL defaults to 300 seconds, and should be updated (to the same value across all the RRs) if some other TTL value is more appropriate.dnsCrypto random request iddnsQuery name and typednsQuery flag and EDNS overrides    Safe-Inferred"6dnsCheck response for a matching identifier and question. If we ever do pipelined TCP, we'll need to handle out of order responses. See: -https://tools.ietf.org/html/rfc7766#section-7 Safe-Inferred" -dnsMake a  from a . Examples:&rs <- makeResolvSeed defaultResolvConfdnsGiving a thread-safe + to the function of the second argument.dnsGiving thread-safe 7s to the function of the second argument. For each 2, multiple lookups must be done sequentially. s can be used concurrently. Safe-Inferred%&4dnsLook up resource records of a specified type for a domain, collecting the results from the ANSWER section of the response. See the documentation of = to understand the concrete behavior. Cache is used if  is .Example:&rs <- makeResolvSeed defaultResolvConfwithResolver rs $ \resolver -> lookup resolver "www.example.com" ARight [93.184.216.34]dnsLook up resource records of a specified type for a domain, collecting the results from the AUTHORITY section of the response. See the documentation of  to understand the concrete behavior. Cache is used even if  is .dnsLooking up resource records of a domain. The first parameter is one of the field accessors of the h type -- this allows you to choose which section (answer, authority, or additional) you would like to inspect for the result.dns2Look up a name and return the entire DNS Response.-For a given DNS server, the queries are done:A new UDP socket bound to a new local port is created and a new identifier is created atomically from the cryptographically secure pseudo random number generator for the target DNS server. Then UDP queries are tried with the limitation of  (use EDNS if specifiecd). If it appears that the target DNS server does not support EDNS, it falls back to traditional queries.If the response is truncated, a new TCP socket bound to a new local port is created. Then exactly one TCP query is retried.&If multiple DNS servers are specified  ('RCHostNames ') or found (), either sequential lookup or concurrent lookup is carried out:In sequential lookup ( is False), the query procedure above is processed in the order of the DNS servers sequentially until a successful response is received.In concurrent lookup ( is True), the query procedure above is processed for each DNS server concurrently. The first received response is accepted even if it is an error.Cache is not used even if  is .The example code:  rs <- makeResolvSeed defaultResolvConf withResolver rs $ \resolver -> lookupRaw resolver "www.example.com" A $And the (formatted) expected output:  Right (DNSMessage { header = DNSHeader { identifier = 1, flags = DNSFlags { qOrR = QR_Response, opcode = OP_STD, authAnswer = False, trunCation = False, recDesired = True, recAvailable = True, rcode = NoErr, authenData = False }, }, question = [Question { qname = "www.example.com.", qtype = A}], answer = [ResourceRecord {rrname = "www.example.com.", rrtype = A, rrttl = 800, rdlen = 4, rdata = 93.184.216.119}], authority = [], additional = []}) 6AXFR requests cannot be performed with this interface.&rs <- makeResolvSeed defaultResolvConfwithResolver rs $ \resolver -> lookupRaw resolver "mew.org" AXFRLeft InvalidAXFRLookupdns Similar to , but the default values of the RD, AD, CD and DO flag bits, as well as various EDNS features, can be adjusted via the  parameter.dns Similar to , but the recv action can be replaced with something other than . For example, in an environment where frequent retrieval of the current time is a performance issue, you can pass the time from outside instead of having  retrieve the current time.dnsMessages with a non-error RCODE are passed to the supplied function for processing. Other messages are translated to ^ instances. Note that T is not a lookup error. The lookup is successful, bearing the sad news that the requested domain does not exist. T responses may return a meaningful AD bit, may contain useful data in the authority section, and even initial CNAME records that lead to the ultimately non-existent domain. Applications that wish to process the content of T (NXDomain) messages will need to implement their own RCODE handling.dnsResolver obtained via  withResolverdns Query domaindns Query RRtypednsResolver obtained via  withResolverdns Query domaindns Query RRtypednsQuery flag and EDNS overridesdnsResolver obtained via  withResolverdns Query domaindns Query RRtypednsQuery flag and EDNS overridesdns%Action to receive message from socket Safe-InferredPS dns/Look up all 'A' records for the given hostname.A straightforward example:&rs <- makeResolvSeed defaultResolvConfwithResolver rs $ \resolver -> lookupA resolver "192.0.2.1.nip.io"Right [192.0.2.1]This function will also follow a CNAME and resolve its target if one exists for the queried hostname:'rs2 <- makeResolvSeed defaultResolvConf?withResolver rs2 $ \resolver -> lookupA resolver "www.kame.net"Right [210.155.141.200]dns9Look up all (IPv6) 'AAAA' records for the given hostname. Examples:&rs <- makeResolvSeed defaultResolvConfwithResolver rs $ \resolver -> lookupAAAA resolver "www.wide.ad.jp"*Right [2001:200:0:180c:20c:29ff:fec9:9d61]dnsLook up all 'MX' records for the given hostname. Two parts constitute an MX record: a hostname , and an integer priority. We therefore return each record as a (J, Int).In this first example, we look up the MX for the domain "example.com". It has an RFC7505 NULL MX (to prevent a deluge of spam from examples posted on the internet).&rs <- makeResolvSeed defaultResolvConf>withResolver rs $ \resolver -> lookupMX resolver "example.com"Right [(".",0)]3The domain "mew.org" does however have a single MX:'rs2 <- makeResolvSeed defaultResolvConf;withResolver rs2 $ \resolver -> lookupMX resolver "mew.org"Right [("mail.mew.org.",10)]Also note that all hostnames are returned with a trailing dot to indicate the DNS root.However the MX host itself has no need for an MX record, so its MX RRset is empty. But, "no results" is still a successful result.'rs3 <- makeResolvSeed defaultResolvConfwithResolver rs3 $ \resolver -> lookupMX resolver "mail.mew.org"Right []dnsLook up all 'MX' records for the given hostname, and then resolve their hostnames to IPv4 addresses by calling ". The priorities are not retained. Examples:import Data.List (sort)&rs <- makeResolvSeed defaultResolvConfips <- withResolver rs $ \resolver -> lookupAviaMX resolver "wide.ad.jp" fmap sort ipsRight [203.178.136.30]Since there is more than one result, it is necessary to sort the list in order to check for equality.dnsLook up all 'MX' records for the given hostname, and then resolve their hostnames to IPv6 addresses by calling ". The priorities are not retained.dns.This function performs the real work for both  and >. The only difference between those two is which function,  or , is used to perform the lookup. We take either of those as our first parameter.dnsLook up all 'NS' records for the given hostname. The results are taken from the ANSWER section of the response (as opposed to AUTHORITY). For details, see e.g.  %http://www.zytrax.com/books/dns/ch15/.There will typically be more than one name server for a domain. It is therefore extra important to sort the results if you prefer them to be at all deterministic. Examples:import Data.List (sort)&rs <- makeResolvSeed defaultResolvConfns <- withResolver rs $ \resolver -> lookupNS resolver "mew.org" fmap sort ns%Right ["ns1.mew.org.","ns2.mew.org."]dnsLook up all 'NS' records for the given hostname. The results are taken from the AUTHORITY section of the response and not the usual ANSWER (use % for that). For details, see e.g.  %http://www.zytrax.com/books/dns/ch15/.There will typically be more than one name server for a domain. It is therefore extra important to sort the results if you prefer them to be at all deterministic.For an example, we can look up the nameservers for "example.com" from one of the root servers, a.gtld-servers.net, the IP address of which was found beforehand:import Data.List (sort)6let ri = RCHostName "192.5.6.30" -- a.gtld-servers.net.let rc = defaultResolvConf { resolvInfo = ri }rs <- makeResolvSeed rcns <- withResolver rs $ \resolver -> lookupNSAuth resolver "example.com" fmap sort ns3Right ["a.iana-servers.net.","b.iana-servers.net."]dnsLook up all 'TXT' records for the given hostname. The results are free-form s.)Two common uses for 'TXT' records are  4http://en.wikipedia.org/wiki/Sender_Policy_Framework and  7http://en.wikipedia.org/wiki/DomainKeys_Identified_Mail9. As an example, we find the SPF record for "mew.org":&rs <- makeResolvSeed defaultResolvConf;withResolver rs $ \resolver -> lookupTXT resolver "mew.org"Right ["v=spf1 +mx -all"]dnsLook up the 'SOA' record for the given domain. The result 7-tuple consists of the 'mname', 'rname', 'serial', 'refresh', 'retry', 'expire' and 'minimum' fields of the SOA record.An @ separator is used between the first and second labels of the 'rname' field. Since 'rname' is an email address, it often contains periods within its first label. Presently, the trailing period is not removed from the domain part of the 'rname', but this may change in the future. Users should be prepared to remove any trailing period before using the 'rname` as a contact email address.&rs <- makeResolvSeed defaultResolvConfsoa <- withResolver rs $ \resolver -> lookupSOA resolver "mew.org"3map (\ (mn, rn, _, _, _, _, _) -> (mn, rn)) <$> soa(Right [("ns1.mew.org.","kazu@mew.org.")]dnsLook up all 'PTR' records for the given hostname. To perform a reverse lookup on an IP address, you must first reverse its octets and then append the suffix ".in-addr.arpa."We look up the PTR associated with the IP address 210.130.137.80, i.e., 80.137.130.210.in-addr.arpa:&rs <- makeResolvSeed defaultResolvConfwithResolver rs $ \resolver -> lookupPTR resolver "180.2.232.202.in-addr.arpa"Right ["www.iij.ad.jp."]The 1 function is more suited to this particular task.dnsConvenient wrapper around 7 to perform a reverse lookup on a single IP address.We repeat the example from 0, except now we pass the IP address directly:&rs <- makeResolvSeed defaultResolvConfwithResolver rs $ \resolver -> lookupRDNS resolver "202.232.2.180"Right ["www.iij.ad.jp."]dnsLook up all 'SRV' records for the given hostname. SRV records consist (see  #https://tools.ietf.org/html/rfc2782") of the following four fields:"Priority (lower is more-preferred)Weight (relative frequency with which to use this record amongst all results with the same priority)/Port (the port on which the service is offered)5Target (the hostname on which the service is offered)The first three are integral, and the target is another DNS hostname. We therefore return a four-tuple  (Int,Int,Int,J). Examples:&rs <- makeResolvSeed defaultResolvConfwithResolver rs $ \resolver -> lookupSRV resolver "_xmpp-server._tcp.jabber.ietf.org"Right [(5,0,5269,"_dc-srv.6661af51975d._xmpp-server._tcp.jabber.ietf.org.")]   Safe-InferredP JKML !"#$%&'()*+,-./0123^]\[ZYXWVUTSRQPONhgfedcbilkjwvutsrqpnm|{zyx~}_a`4o56789:;<=>?@ABCDEF IHGJM !"#$%&'()*+,-./0123 !"#$%&'()*+,-./0123Lhgfedcb|{zyx~}lkjiwvutsrqpnm4o56789:;<=>?@ABCDEF4o56789:;<=>?@ABCDEF_a`  IHGIHG ^]\[ZYXWVUTSRQPONK Safe-Inferrededns Perform both  and  on the given J. When comparing DNS names taken from user input, this is often necessary to avoid unexpected results.Examples:#let domain1 = BS.pack "ExAmPlE.COM"$let domain2 = BS.pack "example.com."domain1 == domain2False&normalize domain1 == normalize domain2TrueThe  function should be idempotent:2normalize (normalize domain1) == normalize domain1True(Ensure that we don't crash on the empty J:,import qualified Data.ByteString.Char8 as BSnormalize BS.empty"."dns9Normalize the case of the given DNS name for comparisons.According to RFC #1035, "For all parts of the DNS that are part of the official protocol, all comparisons between character strings (e.g., labels, domain names, etc.) are done in a case-insensitive manner." This function chooses to lowercase its argument, but that should be treated as an implementation detail if at all possible.Examples:#let domain1 = BS.pack "ExAmPlE.COM"#let domain2 = BS.pack "exAMPle.com"domain1 == domain2False.normalizeCase domain1 == normalizeCase domain2TrueThe  function should be idempotent:>normalizeCase (normalizeCase domain2) == normalizeCase domain2True(Ensure that we don't crash on the empty J:,import qualified Data.ByteString.Char8 as BSnormalizeCase BS.empty""dnsNormalize the given name by appending a trailing dot (the DNS root) if one does not already exist.Warning: this does not produce an equivalent DNS name! However, users are often unaware of the effect that the absence of the root will have. In user interface design, it may therefore be wise to act as if the user supplied the trailing dot during comparisons.Per RFC #1034,"Since a complete domain name ends with the root label, this leads to a printed form which ends in a dot. We use this property to distinguish between:a character string which represents a complete domain name (often called 'absolute'). For example, 'poneria.ISI.EDU.'a character string that represents the starting labels of a domain name which is incomplete, and should be completed by local software using knowledge of the local domain (often called 'relative'). For example, 'poneria' used in the ISI.EDU domain.Relative names are either taken relative to a well known origin, or to a list of domains used as a search list. Relative names appear mostly at the user interface, where their interpretation varies from implementation to implementation, and in master files, where they are relative to a single origin domain name."Examples:#let domain1 = BS.pack "example.com"$let domain2 = BS.pack "example.com."domain1 == domain2False.normalizeRoot domain1 == normalizeRoot domain2TrueThe  function should be idempotent:>normalizeRoot (normalizeRoot domain1) == normalizeRoot domain1True(Ensure that we don't crash on the empty J:,import qualified Data.ByteString.Char8 as BSnormalizeRoot BS.empty"."dnsSplit a domain name in A-label form into its initial label and the rest of the domain. Returns an error if the initial label is malformed. When no more labels remain, the initial label will satisfy .This also decodes any escaped characters in the initial label, which may therefore contain whitespace, binary data, or unescaped internal dots. To reconstruct the original domain, the initial label may sometimes require correct escaping of special characters.Examples"import Data.ByteString.Char8 as BS%splitDomain $ BS.pack "abc\\.def.xyz"Right ("abc.def","xyz")$splitDomain $ BS.pack ".abc.def.xyz"1Left (DecodeError "invalid domain: .abc.def.xyz")dnsSplit a K( in A-label form into its initial label  (the  localpart) of the email address) and the remaining J (the  domainpart0 of the email address, with a possible trailing ). Returns an error if the initial label is malformed. When no more labels remain, the initial label will satisfy 5. The remaining labels can be obtained by applying  the returned domain part.This also decodes any escaped characters in the initial label, which may therefore contain whitespace, binary data, or unescaped internal dots. To reconstruct the original mailbox, the initial label may sometimes require correct escaping of special characters.Example"import Data.ByteString.Char8 as BS/splitMailbox $ BS.pack "Joe.Admin@example.com.""Right ("Joe.Admin","example.com.")  Safe-Inferrede JKML !"#$%&'()*+,-./0123^NOPQRSTUVWXYZ[]\hbcdefgiljkwmnpqrstuv|xy{z~}`_a456789:;<=>?@ABCDEoF GIH                   ! " # $ % & ' ( ) * + , - . / 0 1 2 3 4 5 6 7 8 9 : ; < = > ? @ A B C D E F G H I J K L M N O P Q R S T U V W X Y Z [ \ ] ^ _ ` a b c d e f g h i j k l m n o p q r s t u v  w x y  z { | } ~                                  n                                                                                              dns-4.2.0-Ett1ZpP10qoKulXb3bX46eNetwork.DNS.TypesNetwork.DNS.ResolverNetwork.DNS.DecodeNetwork.DNS.EncodeNetwork.DNS.IONetwork.DNS.LookupRawNetwork.DNS.LookupNetwork.DNS.UtilsencodeVCsendVCNetwork.DNS.Transport Network.DNS-dns-4.2.0-Ett1ZpP10qoKulXb3bX46e-dns-internalNetwork.DNS.Types.InternalDHUN3UUnknownDNSError DNSMessage DNSHeaderDNSFlagsQuestionResourceRecord RDREP_RRSIGEDNS toOptCode minUdpSize maxUdpSize defaultEDNS makeResponse makeQuerymakeEmptyQuerydefaultResponse defaultQueryclassINtoRCODE fromOPCODEtoOPCODEdefaultDNSFlagsmapEDNSifEDNStoTYPEANSCNAMESOANULLPTRMXTXTAAAASRVDNAMEOPTDSRRSIGNSECDNSKEYNSEC3 NSEC3PARAMTLSACDSCDNSKEYCSYNCAXFRANYCAANoErrServFailNameErrNotImplRefusedYXDomainYXRRSetNXRRSetNotAuthNotZoneBadVersBadKeyBadTimeBadModeBadNameBadAlgBadTrunc BadCookieBadRCODENSIDDAU ClientSubnetDomainMailboxfromTYPETYPE DecodeErrorNetworkFailureBadConfiguration BadOptRecordOperationRefusedNotImplemented NameError ServerFailure FormatError IllegalDomainUnexpectedRDATATimeoutExpiredRetryLimitExceededInvalidAXFRLookupQuestionMismatchSequenceNumberMismatchDNSError EDNSheader InvalidEDNSNoEDNS additional authorityanswerquestion ednsHeaderheader Identifierflags identifier chkDisable authenData FormatErrrcode recAvailable recDesired trunCation authAnsweropcodeqOrRFlagKeep FlagReset FlagClearFlagSetFlagOpODataSetODataAddODataOpednsSetOptionsednsSetUdpSizeednsSetVersion ednsEnableddoFlagcdFlagadFlagrdFlag QueryControls QR_ResponseQR_QueryQorR OP_UPDATE OP_NOTIFYOP_SSROP_INVOP_STDOPCODE fromRCODERCODEqtypeqnameCLASSTTLrdatarrttlrrclassrrtyperrname rrsigValue rrsigZone rrsigKeyTagrrsigInceptionrrsigExpirationrrsigTTLrrsigNumLabels rrsigKeyAlg rrsigTypednsTimeRD_RRSIG UnknownRDataRD_CAA RD_CDNSKEYRD_CDSRD_TLSA RD_NSEC3PARAMRD_NSEC3 RD_DNSKEYRD_NSECRD_DSRD_OPTRD_DNAMERD_SRVRD_AAAARD_RPRD_TXTRD_MXRD_PTRRD_NULLRD_SOARD_CNAMERD_NSRD_ARDataAnswersAuthorityRecordsAdditionalRecords ednsOptions ednsDnssecOk ednsUdpSize ednsVersion fromOptCodeOptCode UnknownOData OD_ECSgenericOD_ClientSubnetOD_N3UOD_DHUOD_DAUOD_NSIDODataNetwork.DNS.Types.ResolverdefaultResolvConfdefaultCacheConf RCHostPort RCHostNames RCHostName RCFilePathFileOrNumericHost pruningDelay maximumTTL CacheConfresolvQueryControls resolvCacheresolvConcurrent resolvRetry resolvTimeout resolvInfo ResolvConf ResolvSeedResolverdecodeAtdecode decodeManyAt decodeManyencodereceive receiveFrom receiveVCsendsendTosendAllencodeQuestion responseA responseAAAAmakeResolvSeed withResolver withResolverslookup lookupAuth lookupRaw lookupRawCtllookupRawCtlRecvfromDNSMessagelookupA lookupAAAAlookupMX lookupAviaMXlookupAAAAviaMXlookupNS lookupNSAuth lookupTXT lookupSOA lookupPTR lookupRDNS lookupSRV normalize normalizeCase normalizeRoot splitDomain splitMailbox decodeMParse%network-3.1.4.0-B2siKM4RZ608EJIWCrOTuNetwork.Socket.TypesSocket checkResp resolvseedgenIdscacheresolvebase GHC.MaybeJust lookupSection lookupNSImplbytestring-0.11.3.1Data.ByteString.Internal ByteStringData.ByteStringnullGHC.Base.