dnsjava
diff --git a/‎EXAMPLES.md
Lines changed: 66 additions & 0 deletions b/‎EXAMPLES.md
Lines changed: 66 additions & 0 deletions
diff --git a/‎LICENSE
Lines changed: 1 addition & 0 deletions b/‎LICENSE
Lines changed: 1 addition & 0 deletions
@@ -122,3 +122,69 @@ for (int i = 0; i < n.labels(); i++) {
     System.out.println(n.getLabelString(i));
 }
+
+## DNSSEC Resolver
+
+```java
+import java.io.*;
+
+import java.nio.charset.StandardCharsets;
+import org.xbill.DNS.*;
+
+public class ResolveExample {
+
+    static String ROOT = ". IN DS 20326 8 2 E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D";
+
+    public static void main(String[] args) throws Exception {
+        // Send two sample queries using a standard resolver
+        SimpleResolver sr = new SimpleResolver("4.2.2.1");
+        System.out.println("Standard resolver:");
+        sendAndPrint(sr, "www.dnssec-failed.org.");
+        sendAndPrint(sr, "www.isc.org.");
+
+        // Send the same queries using the validating resolver with the
+        // trust anchor of the root zone
+        // http://data.iana.org/root-anchors/root-anchors.xml
+        ValidatingResolver vr = new ValidatingResolver(sr);
+        vr.loadTrustAnchors(new ByteArrayInputStream(ROOT.getBytes(StandardCharsets.US_ASCII)));
+        System.out.println("\n\nValidating resolver:");
+        sendAndPrint(vr, "www.dnssec-failed.org.");
+        sendAndPrint(vr, "www.isc.org.");
+    }
+
+    private static void sendAndPrint(Resolver vr, String name) throws IOException {
+        System.out.println("\n---" + name);
+        Record qr = Record.newRecord(Name.fromConstantString(name), Type.A, DClass.IN);
+        Message response = vr.send(Message.newQuery(qr));
+        System.out.println("AD-Flag: " + response.getHeader().getFlag(Flags.AD));
+        System.out.println("RCode:   " + Rcode.string(response.getRcode()));
+        for (RRset set : response.getSectionRRsets(Section.ADDITIONAL)) {
+            if (set.getName().equals(Name.root) && set.getType() == Type.TXT
+                && set.getDClass() == ValidatingResolver.VALIDATION_REASON_QCLASS) {
+                System.out.println("Reason:  " + ((TXTRecord) set.first()).getStrings().get(0));
+            }
+        }
+    }
+}
+
+```
+
+This should result in an output like
+```
+Standard resolver:
+---www.dnssec-failed.org.
+AD-Flag: false
+RCode:   NOERROR
+---www.isc.org.
+AD-Flag: false
+RCode:   NOERROR
+
+Validating resolver:
+---www.dnssec-failed.org.
+AD-Flag: false
+RCode:   SERVFAIL
+Reason:  Could not establish a chain of trust to keys for [dnssec-failed.org.]. Reason: Did not match a DS to a DNSKEY.
+---www.isc.org.
+AD-Flag: true
+RCode:   NOERROR
+```
@@ -1,4 +1,5 @@
 Copyright (c) 1998-2019, Brian Wellington
+Copyright (c) 2005 VeriSign. All rights reserved.
 Copyright (c) 2019-2021, dnsjava authors
 
 All rights reserved.
Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,5 @@`
`1`	`1`	`Copyright (c) 1998-2019, Brian Wellington`
	`2`	`+Copyright (c) 2005 VeriSign. All rights reserved.`
`2`	`3`	`Copyright (c) 2019-2021, dnsjava authors`
`3`	`4`
`4`	`5`	`All rights reserved.`