chieftools/dns-resolver
Composer 安装命令:
composer require chieftools/dns-resolver
包简介
Recursive DNS resolver with DNSSEC validation
README 文档
README
A recursive DNS resolver for PHP with full DNSSEC validation. Performs iterative resolution from the root servers down, just like a real resolver — no reliance on the system stub resolver.
The intention of this package is to be a full non-caching resolver implementation. This allows stable and consistent results. It is not designed for latency critical applications or high query volumes. For those use cases, consider using a (local) caching resolver instead.
If you want to see the resolver in action, check out dns.chief.tools — a free online DNS lookup tool built with this package.
Requirements
- PHP 8.4+
- ext-openssl
Installation
composer require chieftools/dns-resolver
Quick start
use ChiefTools\DNS\Resolver\Resolver; use ChiefTools\DNS\Resolver\Enums\LookupStatus; $result = new Resolver()->resolve('example.com', 'A'); if ($result->status === LookupStatus::SUCCESS) { foreach ($result->records as $record) { echo "{$record->name} {$record->ttl} {$record->type->value} {$record->data}\n"; } }
Interpreting results
LookupResult::status is the machine-readable outcome of the lookup. info is only a human-readable message for non-success cases.
use ChiefTools\DNS\Resolver\Resolver; use ChiefTools\DNS\Resolver\Enums\LookupStatus; $result = new Resolver()->resolve('example.com', 'A'); if ($result->status === LookupStatus::NXDOMAIN) { echo "The domain does not exist.\n"; } elseif ($result->status === LookupStatus::QUERY_FAILED) { echo "The lookup failed and may succeed on retry.\n"; } elseif ($result->status === LookupStatus::NO_RECORDS) { echo "The domain exists, but no records were found for that type.\n"; } if ($result->isNxdomain()) { // Convenience helper for NXDOMAIN checks } if ($result->isLookupFailed()) { // Convenience helper for transport / nameserver failure checks } foreach ($result->records as $record) { echo $record->validation->name . "\n"; // SIGNED, FAILED, or UNKNOWN }
Querying multiple types
Pass an array of types to resolve them in a single call. The resolver queries the authoritative server for each type once it reaches it, avoiding redundant delegation walks.
use ChiefTools\DNS\Resolver\Resolver; $result = new Resolver()->resolve('example.com', ['A', 'AAAA', 'MX']); $aRecords = $result->ofType('A'); $mxRecords = $result->ofType(\ChiefTools\DNS\Resolver\Enums\RecordType::MX);
DNSSEC validation
DNSSEC is enabled by default (DnssecMode::ON). The resolver validates the full chain of trust from the root zone trust anchor through every delegation.
use ChiefTools\DNS\Resolver\Resolver; use ChiefTools\DNS\Resolver\Enums\DnssecMode; // Validate and report — always returns results (default) $result = new Resolver()->resolve('example.com', 'A', dnssec: DnssecMode::ON); echo $result->dnssec->status->value; // "signed", "unsigned", "invalid", or "indeterminate" // Per-record validation status foreach ($result->records as $record) { echo $record->validation->name; // SIGNED, FAILED, or UNKNOWN } // Strict mode — clears records when validation fails $result = new Resolver()->resolve('example.com', 'A', dnssec: DnssecMode::STRICT); // Disable DNSSEC entirely $result = new Resolver()->resolve('example.com', 'A', dnssec: DnssecMode::OFF);
Configuration
use ChiefTools\DNS\Resolver\ResolverConfig; $resolver = new Resolver( config: new ResolverConfig( ipv6: false, // Disable IPv6 for nameserver resolution (default: true) timeout: 5, // Per-query timeout in seconds (default: 2) maxDepth: 15, // Maximum recursive lookups (default: 10) ), );
Custom executor
The resolver ships with NetDns2QueryExecutor (default) and DigQueryExecutor. You can provide your own by implementing the DnsQueryExecutor interface.
DigQueryExecutor requires external dig and jc binaries. If you do not need that integration, the default NetDns2QueryExecutor is the simpler and faster choice.
use ChiefTools\DNS\Resolver\Executors\DigQueryExecutor; $resolver = new Resolver( executor: new DigQueryExecutor( digPath: '/usr/local/bin/dig', jcPath: '/usr/local/bin/jc', ), );
Event callback
The onEvent callback fires synchronously during resolution, giving real-time visibility into every step. This is useful for streaming UIs, CLI progress output, or debug logging.
use ChiefTools\DNS\Resolver\Resolver; use ChiefTools\DNS\Resolver\Events\ResolverEvent; $result = new Resolver()->resolve('example.com', 'A', onEvent: function (ResolverEvent $event) { // Pre-formatted message for simple output echo $event->message . "\n"; // Or use structured data // $event->type — EventType enum (LOOKUP, QUERY, DELEGATION, CNAME, QUERY_FAILURE, NAMESERVER_FALLBACK, RESOLVE_NAMESERVER, RESOLVE_FAILURE) // $event->depth — nesting level for visual indentation // $event->domain — domain being queried // $event->nameserver, $event->address, $event->timeMs, etc. // $event->status — per-step status such as "signed", "unsigned", "invalid", or null on non-query events }, );
Result objects
LookupResult
| Property | Type | Description |
|---|---|---|
records |
list<Record> |
Resolved records |
timeMs |
int |
Total resolution time in milliseconds |
status |
LookupStatus |
Final lookup outcome: SUCCESS, NO_RECORDS, NXDOMAIN, or QUERY_FAILED |
info |
?string |
Human-readable message for non-success outcomes or strict DNSSEC failures |
dnssec |
?DnssecResult |
DNSSEC validation result (null when disabled) |
Methods: isEmpty(), isNxdomain(), isLookupFailed(), ofType(RecordType|string)
Record
| Property | Type | Description |
|---|---|---|
name |
string |
Owner name (e.g. example.com.) |
type |
RecordType |
Record type enum |
ttl |
int |
Time to live |
data |
string |
Formatted record data |
rawData |
string |
Original data as received from the nameserver |
validation |
RecordValidation |
SIGNED, FAILED, or UNKNOWN |
DnssecResult
| Property | Type | Description |
|---|---|---|
status |
DnssecStatus |
SIGNED, UNSIGNED, INVALID, or INDETERMINATE |
errors |
list<string> |
Validation error messages |
Methods: isSigned(), isInvalid()
Supported record types
A, AAAA, CNAME, MX, TXT, NS, SOA, PTR, SRV, CAA, DS, DNSKEY, CDS, CDNSKEY, CSYNC, HTTPS, SVCB, DNAME, NAPTR, TLSA, SSHFP, SMIMEA, OPENPGPKEY, CERT, URI, LOC, SPF
Security Vulnerabilities
If you discover a security vulnerability within this project, please report it privately via GitHub: https://github.com/chieftools/dns-resolver/security/advisories/new. All security vulnerabilities will be swiftly addressed. There is no bug bounty program at this time.
License
This package is open-source software licensed under the Apache License 2.0. This means you are free to use, modify, and distribute the software for both commercial and non-commercial purposes. See the LICENSE file for details.
chieftools/dns-resolver 适用场景与选型建议
chieftools/dns-resolver 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 4.01k 次下载、GitHub Stars 达 1, 最近一次更新时间为 2026 年 04 月 05 日, 在 PHP 生态内属于活跃度较高的组件。
我们在过去多个企业项目中使用过 chieftools/dns-resolver 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 chieftools/dns-resolver 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
统计信息
- 总下载量: 4.01k
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 1
- 点击次数: 36
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: Apache-2.0
- 更新时间: 2026-04-05