DNS Query for License Activation & Deactivation

LicenseDNS employs a dedicated DNS server that signals its DNSSEC capabilities by setting the DO (DNSSEC OK) bit in its responses to DNS TXT queries. Upon receiving a valid query for an active license, the server returns the corresponding TXT records associated with that license. Crucially, when the client's DNS resolver successfully validates the DNSSEC signatures accompanying these TXT records, it provides a cryptographic guarantee that the license information genuinely originates from the LicenseDNS server and has remained unaltered during transmission. Consequently, the TXT values obtained through this process can be trusted implicitly, eliminating the need for the client application to implement any independent cryptographic signature verification mechanisms. The successful DNSSEC validation handled by the resolver establishes the necessary chain of trust.

LicenseDNS Query Structure for Activation/Deactivation

LicenseDNS Query Structure for Activation/Deactivation To manage your software license (activate or deactivate), you'll construct a specific DNS TXT query and send it to any standard recursive DNS server. This query follows a defined structure, requiring three distinct labels preceding the core LicenseDNS query host: q.licensedns.net.

The structure of these preceding labels is as follows:

1. Action Label: A single lowercase letter indicating the desired action:
   • a: Represents a license activation request.
   • d: Represents a license deactivation request.
2. License and Product Hash Label: This label is derived from your license key and product identifier. To generate it:
   • Concatenate your complete license key with the product's uppercase ID.
   • Calculate the SHA256 hash of this combined string.
   • Use only the first 32 characters of the resulting hexadecimal hash.
3. Fingerprint Label: A string of up to 32 characters representing a unique identifier for the device or user to which the license should be bound. This can be a device ID, a user identifier, or any other relevant unique string.

By combining these three labels in the specified order, separated by dots, and appending the LicenseDNS query host q.licensedns.net, you form the complete DNS TXT query for license activation or deactivation.

Example Query

License key: 5F32A-UN7KF-UE9V8-AW3NS
Product Id: ADA14AE9-08A8-4AE2-B69E-AAE277B8346F
Fingerprint: example-fingerprint

First calculate hash by concanating license key and product Id then take first 32 characters. A sample Java code: DigestUtils.sha256Hex("5F32A-UN7KF-UE9V8-AW3NS" + "ADA14AE9-08A8-4AE2-B69E-AAE277B8346F").substring(0, 32);

To activate this license, the domain to send DNS TXT query should be
a.7F3735C907D319640373EFA17E196059.example-fingerprint.q.licensedns.net
The first label a is for activation, the second label 7F3735C907D319640373EFA17E196059 is the calculated hash value. the third label example-fingerprintis the fingerprint.

To deactivate this license, the domain to send DNS TXT query should be
d.7F3735C907D319640373EFA17E196059.example-fingerprint.q.licensedns.net
The first label d is for deactivation, the second label 7F3735C907D319640373EFA17E196059 is the calculated hash value. the third label example-fingerprint is the fingerprint.

DNS Query Response

You can initiate the DNS query for license activation or deactivation either through programmatic means within your application's code or by utilizing command-line tools provided by your operating system. For applications requiring explicit DNSSEC validation, numerous libraries are available across various programming languages to facilitate this process.

Below is an illustrative example demonstrating how to activate a license on a Linux system using the delv command. The +short option is used to display only the relevant TXT record values, while the +trust option explicitly shows the DNSSEC validation result:

$ delv a.7F3735C907D319640373EFA17E196059.example-fingerprint.q.licensedns.net -t txt +short +trust
; fully validated
"anything"
"result=success"
"company=Acme Co."
"fullname=John Doe"
"email=john@acme.com"
"some-key=some-value"
"feature1=some-value1"
"feature2=some-value2"
"epochtime=1742590074543"
"datetime=2025-03-21 20:47:54"

As the output from the DNS query confirms, the response has undergone and successfully passed DNSSEC validation. This cryptographic verification assures you that the received data, including all the TXT records, genuinely originates from the authorized LicenseDNS server and has not been tampered with during transit. Furthermore, the response contains all the specific features that were defined and associated with this license key during its generation. This comprehensive and validated information allows your application to confidently enforce the correct licensing terms and functionalities.

Output when delv command used to deactivate the license.

$ delv d.7F3735C907D319640373EFA17E196059.example-fingerprint.q.licensedns.net -t txt +short +trust
; fully validated
"result=success"
"epochtime=1742594751129"
"datetime=2025-03-21 22:05:51"

The LicenseDNS GitHub repository provides practical examples for developers to programmatically send DNS queries. These examples demonstrate how to perform both direct DNS lookups and DNS-over-HTTPS (DoH) queries using public resolvers such as Google and Cloudflare, facilitating easy integration with various network configurations and security preferences.

The server adds following TXT values on each query.

• result=success it is set as either success or fail
• datetime=datetime it sends the server datetime in yyyy-MM-dd HH:mm:ss
• epochtime=epochtime it sends the server datetime in epochtime long number
• fullname=full name license owner full name if defined
• email=email address license owner e-mail address if defined
• company=company name license owner company name if defined