A Rust based DNS client, server, and resolver

Overview

minimum rustc: 1.51 Build Status codecov License: MIT License: Apache 2.0 Dependabot Status Discord

Trust-DNS

Trust-DNS

A Rust based DNS client, server, and Resolver, built to be safe and secure from the ground up.

This repo consists of multiple crates:

Library Description
Trust-DNS Binaries for running a DNS authoritative server.
Proto trust-dns-proto Raw DNS library, exposes an unstable API and only for use by the other Trust-DNS libraries, not intended for end-user use.
Client trust-dns-client Used for sending query, update, and notify messages directly to a DNS server.
Server trust-dns-server Use to host DNS records, this also has a named binary for running in a daemon form.
Resolver trust-dns-resolver Utilizes the client library to perform DNS resolution. Can be used in place of the standard OS resolution facilities.
Rustls trust-dns-rustls Implementation of DNS over TLS protocol using the rustls and ring libraries.
NativeTls trust-dns-native-tls Implementation of DNS over TLS protocol using the Host OS' provided default TLS libraries
OpenSsl trust-dns-openssl Implementation of DNS over TLS protocol using OpenSSL

Goals

  • Build a safe and secure DNS server and client with modern features.
  • No panics, all code is guarded
  • Use only safe Rust, and avoid all panics with proper Error handling
  • Use only stable Rust
  • Protect against DDOS attacks (to a degree)
  • Support options for Global Load Balancing functions
  • Make it dead simple to operate

Status:

Resolver

The Trust-DNS Resolver is a native Rust implementation for stub resolution in Rust applications. The Resolver supports many common query patterns, all of which can be configured when creating the Resolver. It is capable of using system configuration on Unix and Windows. On Windows there is a known issue that relates to a large set of interfaces being registered for use, so might require ignoring the system configuration.

The Resolver will properly follow CNAME chains as well as SRV record lookups. There is a long term plan to make the Resolver capable of fully recursive queries, but that's not currently possible.

Client

The Trust-DNS Client is intended to be used for operating against a DNS server directly. It can be used for verifying records or updating records for servers that support SIG0 and dynamic update. The Client is also capable of validating DNSSEC. As of now NSEC3 validation is not yet supported, though NSEC is. There are two interfaces that can be used, the async/await compatible AsyncClient and a blocking Client for ease of use. Today, Tokio is required for the executor Runtime.

Unique client side implementations

These are standards supported by the DNS protocol. The client implements them as high level interfaces, which is a bit more rare.

Feature Description
SyncDnssecClient DNSSec validation
create atomic create of a record, with authenticated request
append verify existence of a record and append to it
compare_and_swap atomic (depends on server) compare and swap
delete_by_rdata delete a specific record
delete_rrset delete an entire record set
delete_all delete all records sets with a given name
notify notify server that it should reload a zone

Server

The server code is complete, the daemon supports IPv4 and IPv6, UDP and TCP. There currently is no way to limit TCP and AXFR operations, so it is still not recommended to put into production as TCP can be used to DOS the service. Zone file parsing is complete and supported. There is currently no forking option, and the server is not yet threaded (although it is implemented with async IO, so threading may not be a huge benefit). There is still a lot of work to do before a server can be trusted with this externally. Running it behind a firewall on a private network would be safe.

Zone signing support is complete, to insert a key store a pem encoded rsa file in the same directory as the initial zone file with the .key suffix. Note: this must be only readable by the current user. If one is not present one will be created and written to the correct location. This also acts as the initial key for dynamic update SIG(0) validation. To get the public key, the DNSKEY record for the zone can be queried. This is needed to provide to other upstream servers to create the DS key. Dynamic DNS is also complete, if enabled, a journal file will be stored next to the zone file with the jrnl suffix. Note: if the key is changed or updated, it is currently the operators responsibility to remove the only public key from the zone, this allows for the DNSKEY to exist for some unspecified period of time during key rotation. Rotating the key currently is not available online and requires a restart of the server process.

DNS-over-TLS and DNS-over-HTTPS on the Server

Support of TLS on the Server is managed through a pkcs12 der file. The documentation is captured in the example test config file, example.toml. A registered certificate to the server can be pinned to the Client with the add_ca() method. Alternatively, as the client uses the rust-native-tls library, it should work with certificate signed by any standard CA.

DNS-over-TLS and DNS-over-HTTPS

DoT and DoH are supported. This is accomplished through the use of one of native-tls, openssl, or rustls (only rustls is currently supported for DoH). The Resolver requires only requires valid DoT or DoH resolvers being registered in order to be used.

To use with the Client, the TlsClientConnection or HttpsClientConnection should be used. Similarly, to use with the tokio AsyncClient the TlsClientStream or HttpsClientStream should be used. ClientAuth, mTLS, is currently not supported, there are some issues still being worked on. TLS is useful for Server authentication and connection privacy.

To enable DoT one of the features dns-over-native-tls, dns-over-openssl, or dns-over-rustls must be enabled, dns-over-https-rustls is used for DoH.

DNSSec status

Currently the root key is hardcoded into the system. This gives validation of DNSKEY and DS records back to the root. NSEC is implemented, but not NSEC3. Because caching is not yet enabled, it has been noticed that some DNS servers appear to rate limit the connections, validating RRSIG records back to the root can require a significant number of additional queries for those records.

Zones will be automatically resigned on any record updates via dynamic DNS. To enable DNSSEC, one of the features dnssec-openssl or dnssec-rustls must be enabled.

RFCs implemented

Basic operations

  • RFC 1035: Base DNS spec (see the Resolver for caching)
  • RFC 2308: Negative Caching of DNS Queries (see the Resolver)
  • RFC 2782: Service location
  • RFC 3596: IPv6
  • RFC 6891: Extension Mechanisms for DNS
  • RFC 6761: Special-Use Domain Names (resolver)
  • RFC 6762: mDNS Multicast DNS (experimental feature: mdns)
  • RFC 6763: DNS-SD Service Discovery (experimental feature: mdns)
  • RFC ANAME: Address-specific DNS aliases (ANAME)

Update operations

Secure DNS operations

  • RFC 3007: Secure Dynamic Update
  • RFC 4034: DNSSEC Resource Records
  • RFC 4035: Protocol Modifications for DNSSEC
  • RFC 4509: SHA-256 in DNSSEC Delegation Signer
  • RFC 5702: SHA-2 Algorithms with RSA in DNSKEY and RRSIG for DNSSEC
  • RFC 6844: DNS Certification Authority Authorization (CAA) Resource Record
  • RFC 6698: The DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA
  • RFC 6840: Clarifications and Implementation Notes for DNSSEC
  • RFC 6844: DNS Certification Authority Authorization Resource Record
  • RFC 6944: DNSKEY Algorithm Implementation Status
  • RFC 6975: Signaling Cryptographic Algorithm Understanding
  • RFC 7858: DNS over TLS (feature: dns-over-rustls, dns-over-native-tls, or dns-over-openssl)
  • RFC DoH: DNS over HTTPS, DoH (feature: dns-over-https-rustls)

RFCs in progress or not yet implemented

Basic operations

  • RFC 2317: Classless IN-ADDR.ARPA delegation

Update operations

Secure DNS operations

  • RFC 5155: DNSSEC Hashed Authenticated Denial of Existence
  • DNSCrypt: Trusted DNS queries
  • S/MIME: Domain Names For S/MIME

Usage

This assumes that you have Rust stable installed. These presume that the trust-dns repos have already been synced to the local system:

$ git clone https://github.com/bluejekyll/trust-dns.git
$ cd trust-dns

Prerequisites

Minimum Rust Version

  • The current minimum rustc version for this project is 1.51
  • OpenSSL development libraries (optional in client and resolver, min version 1.0.2)

Mac OS X: using homebrew

  $ brew install openssl
  $ export OPENSSL_INCLUDE_DIR=`brew --prefix openssl`/include
  $ export OPENSSL_LIB_DIR=`brew --prefix openssl`/lib

Debian-based (includes Ubuntu & Raspbian): using apt-get

  # note for openssl that a minimum version of 1.0.2 is required for TLS, 
  #  if this is an issue, TLS can be disabled (on the client), see below.
  $ apt-get install openssl
  $ apt-get install libssl-dev pkg-config

Testing

Trust-DNS uses cargo-make for build workflow management. While running cargo test at the project root will work, this is not exhaustive. Install cargo-make with cargo install cargo-make.

  • Default tests

    These are good for running on local systems. They will create sockets for local tests, but will not attempt to access remote systems. Tests can also be run from the crate directory, i.e. client or server and cargo test

$ cargo make
  • Default feature tests

    Trust-DNS has many features, to quickly test with them or without, there are three targets supported, default, no-default-features, all-features:

$ cargo make all-features
  • Individual feature tests

    Trust-DNS has many features, each individual feature can be tested in dependently, see individual crates for all their features, here is a not necessarily up to date list: dns-over-rustls, dns-over-https-rustls, dns-over-native-tls, dns-over-openssl, dns-dnssec-openssl, dns-dnssec-openssl, dns-dnssec-ring, mdns. Each feature can be tested with itself as the task target for cargo-make:

$ cargo make dns-over-https-rustls
  • Benchmarks

    Waiting on benchmarks to stabilize in mainline Rust.

Building

  • Production build, from the trust-dns base dir, to get all features, just pass the --all-features flag.
$ cargo build --release -p trust-dns

Running

Warning: Trust-DNS is still under development, running in production is not recommended. The server is currently only single-threaded, it is non-blocking so this should allow it to work with most internal loads.

  • Verify the version
$ ./target/release/named --version
  • Get help
$ ./target/release/named --help
  • Launch named server with test config

You may want not passing the -p parameter will run on default DNS ports. For the tls features, there are also port options for those, see trust-dns --help

$ ./target/release/named -c ./tests/test-data/named_test_configs/example.toml -z ./tests/test-data/named_test_configs/ -p 24141
  • Query the just launched server with dig
$ dig @127.0.0.1 -p 24141 www.example.com

Using the trust-dns-resolver CLI

Available in 0.20

$ cargo install --bin resolve trust-dns-util

Or from source, in the trust-dns directory

$ cargo install --bin resolve --path util

example:

$ resolve www.example.com.
Querying for www.example.com. A from udp:8.8.8.8:53, tcp:8.8.8.8:53, udp:8.8.4.4:53, tcp:8.8.4.4:53, udp:[2001:4860:4860::8888]:53, tcp:[2001:4860:4860::8888]:53, udp:[2001:4860:4860::8844]:53, tcp:[2001:4860:4860::8844]:53
Success for query name: www.example.com. type: A class: IN
        www.example.com. 21063 IN A 93.184.216.34

Using as a dependency and custom features

The Client has a few features which can be disabled for different reasons when embedding in other software.

  • dnssec-openssl It is a default feature, so default-features will need to be set to false (this will disable all other default features in trust-dns). Until there are other crypto libraries supported, this will also disable DNSSec validation. The functions will still exist, but will always return errors on validation. The below example line will disable all default features and enable OpenSSL, remove "openssl" to remove the dependency on OpenSSL.

  • dnssec-ring Ring support can be used for RSA and ED25519 DNSSec validation.

  • dns-over-native-tls Uses native-tls for DNS-over-TLS implementation, only supported in client and resolver, not server.

  • dns-over-openssl Uses openssl for DNS-over-TLS implementation supported in server and client, resolver does not have default CA chains.

  • dns-over-rustls Uses rustls for DNS-over-TLS implementation, only supported in client and resolver, not server. This is the best option where a pure Rust toolchain is desired. Supported in client, resolver, and server.

  • dns-over-https-rustls Uses rustls for DNS-over-HTTPS (and DNS-over-TLS will be enabled) implementation, only supported in client, resolver, and server. This is the best option where a pure Rust toolchain is desired.

  • mdns EXPERIMENTAL Enables the experimental mDNS features as well as DNS-SD. This currently has known issues.

Using custom features in dependencies:

[dependencies]
  ...
trust-dns = { version = "*", default-features = false, features = ["dnssec-openssl"] }

Using custom features during build:

$> cargo build --release --features dns-over-rustls
...

FAQ

  • Why are you building another DNS server?

    Because of all the security advisories out there for BIND. Using Rust semantics it should be possible to develop a high performance and safe DNS Server that is more resilient to attacks.

Community

For live discussions beyond this repository, please see this Discord.

License

Licensed under either of

at your option.

Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.

Comments
  • DNSSEC signature problem for non-existent CAA record

    DNSSEC signature problem for non-existent CAA record

    I noticed that Let's Encrypt fails to issue a certificate for a subdomain that doesn't have a CAA record.

    AcmeChallenge { url: "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/8jXImq1gAHL7wCgdnvQdAwq1AI5-ZEMC53OJh8ID5Xo/255101671", type: "dns-01", status: "invalid", validated: None, error: Some(AcmeError { type: "urn:ietf:params:acme:error:dns", detail: "DNS problem: SERVFAIL looking up CAA for www2.ikenmeyer.com", status: 400 }), token: "SZxytWSDIoSPxNwaxklLuM82sQ-uNw3O6326E-ooNXc" }

    Acme challenges themselves work smooth.

    "DNSSEC validation failure"

    • Existing subdomain (AAAA) with inexisting record type (CAA): https://dns.google.com/query?name=www2.ikenmeyer.com&type=CAA&dnssec=true (http://dnsviz.net/d/www2.ikenmeyer.com/dnssec/)

    • Inexisting subdomain: https://dns.google.com/query?name=www2.ikenmeyer.eu&type=CAA&dnssec=true This looks very broken: http://dnsviz.net/d/www2.ikenmeyer.eu/dnssec/ NSEC proving non-existence of www2.ikenmeyer.eu/A: No NSEC RR matches the SNAME (www2.ikenmeyer.eu). www2.ikenmeyer.eu/A (NODATA): The Authoritative Answer (AA) flag was not set in the response.

    An existing CAA record is fine of course: https://dns.google.com/query?name=www.ikenmeyer.com&type=CAA&dnssec=true

    This problem occurs both with OpenSSL and ring.

    It could be related to a different problem I observed while setting a low "Negative TTL" value: http://dnsviz.net/d/ikenmeyer.eu/dnssec/ RRSIG ikenmeyer.eu/SOA alg 14, id 8974: The TTL of the RRSIG RR (600) does not match the TTL of the RRset it covers (86400). Lowering SOA TTL (86400) to the value of Negative TTL (600) doesn't seem to help either.

    Debian Testing: Binary compiled with: cargo install trust-dns-server --git https://github.com/bluejekyll/trust-dns --rev 8a3130976acb9e9219da7e516c4f850dc91c75e4 --features "dnssec-ring dnssec-openssl" --force

    Keys generated with: openssl ecparam -out keys/p384.pem -name secp384r1 -genkey kt generate p384 --out keys/ikenmeyer.eu.pk8

    Journals have been deleted before starting the server. Start command is basically: /home/trustdns/named --config=/home/trustdns/config.toml --zonedir=/home/trustdns/zones/

    /home/trustdns/config.toml

    listen_addrs_ipv4 = ["217.197.83.185"]
    listen_addrs_ipv6 = ["::1", "2001:67c:1400:2190::1", "2001:67c:1400:2190::2"]
    listen_port = 53
    
    # [...]
    
    # openssl, only today and for comparison
    [[zones]]
    zone = "ikenmeyer.com"
    zone_type = "Master"
    file = "ikenmeyer.com"
    enable_dnssec = true
    stores = { type = "sqlite", zone_file_path = "ikenmeyer.com", journal_file_path = "ikenmeyer.com.jrnl", allow_update = true }
    keys = [{key_path="keys/p384.pem", algorithm="ECDSAP384SHA384", is_zone_signing_key=true}, {key_path="auth.pk8", algorithm="ED25519", is_zone_update_auth=true}]
    
    # ring
    [[zones]]
    zone = "ikenmeyer.eu"
    zone_type = "Master"
    file = "ikenmeyer.eu"
    enable_dnssec = true
    stores = { type = "sqlite", zone_file_path = "ikenmeyer.eu", journal_file_path = "ikenmeyer.eu.jrnl", allow_update = true }
    keys = [{key_path="keys/ikenmeyer.eu.pk8", algorithm="ECDSAP384SHA384", is_zone_signing_key=true}, {key_path="auth.pk8", algorithm="ED25519", is_zone_update_auth=true}]
    

    /home/trustdns/zones/ikenmeyer.com

    @ 86400 IN SOA ns1.darkspirit.eu. hostmaster.terrax.net. (
     201902272       ; Serial
     3600            ; Refresh - we don't have slaves
     600             ; Retry
     86400           ; Expire
     600)            ; Negative TTL - rfc2308
    @ 600 IN NS ns1.darkspirit.eu.
    @ 600 IN NS ns2.darkspirit.eu.
    @ 600 IN MX 0 .
    @ 600 IN TXT "v=spf1 mx -all"
    @ 600 IN CAA 0 issue "letsencrypt.org; validationmethods=dns-01"
    @ 600 IN CAA 0 iodef "mailto:[email protected]"
    www 600 IN CAA 0 issue "letsencrypt.org; validationmethods=dns-01"
    www2 60 IN AAAA 2001:67c:1400:2190::1
    _dmarc 600 IN TXT "v=DMARC1; p=reject; sp=reject; adkim=s; aspf=s; rua=mailto:[email protected]; ruf=mailto:[email protected]; rf=afrf; pct=100; ri=86400"
    terrax._domainkey 600 IN CNAME terrax._domainkey.terrax.net.
    

    /home/trustdns/zones/ikenmeyer.eu

    @ 86400 IN SOA ns1.darkspirit.eu. hostmaster.terrax.net. (
     201902171       ; Serial
     3600            ; Refresh - we don't have slaves
     600             ; Retry
     86400           ; Expire
     600)            ; Negative TTL - rfc2308
    @ 600 IN NS ns1.darkspirit.eu.
    @ 600 IN NS ns2.darkspirit.eu.
    @ 600 IN MX 5 mx.h.terrax.net.
    @ 600 IN TXT "v=spf1 mx -all"
    @ 600 IN CAA 0 issue "letsencrypt.org; validationmethods=dns-01"
    @ 600 IN CAA 0 iodef "mailto:[email protected]"
    _xmpp-client._tcp 60 IN SRV 5 0 5222 xmpp.ikenmeyer.eu.
    _xmpp-server._tcp 60 IN SRV 5 0 5269 xmpp.ikenmeyer.eu.
    xmpp 60 IN AAAA 2a01:4f8:1c1c:92b1::1
    xmpp 60 IN A 116.203.51.149
    xmpp 60 IN MX 0 .
    _5222._tcp 60 IN TLSA 3 1 2 4727dbd37773096819b1c0f0406714f42cdcadb958862ed4f862e90cb777e231a593a6c632f7c45f5ad4c7ca66e2d3c0b78b97490e0d04006555e25522e3d4c9
    _5269._tcp 60 IN TLSA 3 1 2 4727dbd37773096819b1c0f0406714f42cdcadb958862ed4f862e90cb777e231a593a6c632f7c45f5ad4c7ca66e2d3c0b78b97490e0d04006555e25522e3d4c9
    _dmarc 600 IN TXT "v=DMARC1; p=reject; sp=reject; adkim=s; aspf=s; rua=mailto:[email protected]; ruf=mailto:[email protected]; rf=afrf; pct=100; ri=86400"
    terrax._domainkey 600 IN CNAME terrax._domainkey.terrax.net.
    
    bug crate:server feature:dnsssec 
    opened by Darkspirit 39
  • ` sends too many requests">

    "unable to enqueue message" when `AsyncClient ` sends too many requests

    Describe the bug During pressure tests for scale like 890 qps, I found

    2020-11-08 18:24:11,428 DEBUG [trust_dns_proto::xfer] enqueueing message: [Query { name: Name { is_fqdn: true, labels: [baidu, com] }, query_type: A, query_class: IN }]
    2020-11-08 18:24:11,428 DEBUG [trust_dns_proto::xfer] unable to enqueue message
    2020-11-08 18:24:11,428 WARN  [droute::router] Upstream encountered error: could not send request, returning SERVFAIL
    2020-11-08 18:24:11,428 DEBUG [trust_dns_proto::xfer::dns_exchange] io_stream is done, shutting down
    

    where droute is the name of my project.

    To Reproduce Hard to get down to a minimal reproducible code snippet. However, I did the following:

    1. Receive DNS query in an event loop. Spawn a new task for each query.
    2. For each task, clone the AsyncClient and send through it.

    There is only one AsyncClient, but it is cloned for several times. I tested with delay in between, 1 millisecond doesn't help (issue persists for unable to enqueue), 2 milliseconds result in timeout (I set timeout for like 2 seconds per query). I also tested to have multiple AsyncClient, which results in high rate of timeout.

    Code related can be found here

    Expected behavior No error

    System:

    • OS: [e.g. macOS]
    • Architecture: [e.g. x86_64]
    • Version [e.g. 22]
    • rustc version: [e.g. 1.28]

    Version: Crate: client Version: 0.19.5

    Additional context I also used tokio-compat, but it doesn't seem to occur the issue.

    opened by LEXUGE 36
  • Background with generic spawn

    Background with generic spawn

    @hawkw this brings the Background back. But I'm still working through how to expose it properly at the NameServer level. I'll leave a note in that location.

    opened by bluejekyll 27
  • "proto error" was returned from lookup_ip

    Describe the bug

    I was using AsyncResolver with read_system_conf(). I have got "proto error" when resolving any addresses. Some useful logs are here:

    [2019-10-29][00:05:09.424859000][TRACE] [trust_dns_resolver::async_resolver::background] AsyncResolver performing lookup_ip
    [2019-10-29][00:05:09.425002000][DEBUG] [trust_dns_proto::xfer::dns_handle] querying: www.example.com A
    [2019-10-29][00:05:09.425114000][DEBUG] [trust_dns_resolver::name_server::name_server] reconnecting: NameServerConfig { socket_addr: V4(211.148.192.141:53), protocol: Udp, tls_dns_name: None, tls_config: None }
    [2019-10-29][00:05:09.425175000][DEBUG] [trust_dns_resolver::name_server::name_server] reconnecting: NameServerConfig { socket_addr: V4(211.148.192.151:53), protocol: Udp, tls_dns_name: None, tls_config: None }
    [2019-10-29][00:05:09.425222000][TRACE] [trust_dns_resolver::name_server::connection_provider] polling response inner
    [2019-10-29][00:05:09.425247000][DEBUG] [trust_dns_resolver::name_server::connection_provider] connecting: Udp { socket_addr: V4(211.148.192.141:53), timeout: 5s }
    [2019-10-29][00:05:09.425309000][DEBUG] [trust_dns_resolver::name_server::name_server] name_server connection failure: tokio spawn error
    [2019-10-29][00:05:09.425341000][TRACE] [trust_dns_resolver::name_server::connection_provider] polling response inner
    [2019-10-29][00:05:09.425362000][DEBUG] [trust_dns_resolver::name_server::connection_provider] connecting: Udp { socket_addr: V4(211.148.192.151:53), timeout: 5s }
    [2019-10-29][00:05:09.425407000][DEBUG] [trust_dns_resolver::name_server::name_server] name_server connection failure: tokio spawn error
    [2019-10-29][00:05:09.434640000][DEBUG] [trust_dns_resolver::name_server::name_server] reconnecting: NameServerConfig { socket_addr: V4(211.148.192.141:53), protocol: Tcp, tls_dns_name: None, tls_config: None }
    [2019-10-29][00:05:09.434720000][DEBUG] [trust_dns_resolver::name_server::name_server] reconnecting: NameServerConfig { socket_addr: V4(211.148.192.151:53), protocol: Tcp, tls_dns_name: None, tls_config: None }
    [2019-10-29][00:05:09.434798000][TRACE] [trust_dns_resolver::name_server::connection_provider] polling response inner
    [2019-10-29][00:05:09.434843000][DEBUG] [trust_dns_resolver::name_server::connection_provider] connecting: Tcp { socket_addr: V4(211.148.192.141:53), timeout: 5s }
    [2019-10-29][00:05:09.434951000][DEBUG] [trust_dns_resolver::name_server::name_server] name_server connection failure: tokio spawn error
    [2019-10-29][00:05:09.434986000][TRACE] [trust_dns_resolver::name_server::connection_provider] polling response inner
    [2019-10-29][00:05:09.435031000][DEBUG] [trust_dns_resolver::name_server::connection_provider] connecting: Tcp { socket_addr: V4(211.148.192.151:53), timeout: 5s }
    [2019-10-29][00:05:09.435149000][DEBUG] [trust_dns_resolver::name_server::name_server] name_server connection failure: tokio spawn error
    [2019-10-29][00:05:09.435292000][DEBUG] [trust_dns_resolver::name_server::name_server] reconnecting: NameServerConfig { socket_addr: V4(211.148.192.151:53), protocol: Udp, tls_dns_name: None, tls_config: None }
    [2019-10-29][00:05:09.435547000][DEBUG] [trust_dns_resolver::name_server::name_server] reconnecting: NameServerConfig { socket_addr: V4(211.148.192.141:53), protocol: Udp, tls_dns_name: None, tls_config: None }
    [2019-10-29][00:05:09.435617000][TRACE] [trust_dns_resolver::name_server::connection_provider] polling response inner
    [2019-10-29][00:05:09.435659000][DEBUG] [trust_dns_resolver::name_server::connection_provider] connecting: Udp { socket_addr: V4(211.148.192.151:53), timeout: 5s }
    [2019-10-29][00:05:09.435716000][DEBUG] [trust_dns_resolver::name_server::name_server] name_server connection failure: tokio spawn error
    [2019-10-29][00:05:09.435769000][TRACE] [trust_dns_resolver::name_server::connection_provider] polling response inner
    [2019-10-29][00:05:09.435791000][DEBUG] [trust_dns_resolver::name_server::connection_provider] connecting: Udp { socket_addr: V4(211.148.192.141:53), timeout: 5s }
    [2019-10-29][00:05:09.435845000][DEBUG] [trust_dns_resolver::name_server::name_server] name_server connection failure: tokio spawn error
    [2019-10-29][00:05:09.435942000][DEBUG] [trust_dns_resolver::name_server::name_server] reconnecting: NameServerConfig { socket_addr: V4(211.148.192.151:53), protocol: Tcp, tls_dns_name: None, tls_config: None }
    [2019-10-29][00:05:09.436003000][DEBUG] [trust_dns_resolver::name_server::name_server] reconnecting: NameServerConfig { socket_addr: V4(211.148.192.141:53), protocol: Tcp, tls_dns_name: None, tls_config: None }
    [2019-10-29][00:05:09.436065000][TRACE] [trust_dns_resolver::name_server::connection_provider] polling response inner
    [2019-10-29][00:05:09.436107000][DEBUG] [trust_dns_resolver::name_server::connection_provider] connecting: Tcp { socket_addr: V4(211.148.192.151:53), timeout: 5s }
    [2019-10-29][00:05:09.436214000][DEBUG] [trust_dns_resolver::name_server::name_server] name_server connection failure: tokio spawn error
    [2019-10-29][00:05:09.436287000][TRACE] [trust_dns_resolver::name_server::connection_provider] polling response inner
    [2019-10-29][00:05:09.436329000][DEBUG] [trust_dns_resolver::name_server::connection_provider] connecting: Tcp { socket_addr: V4(211.148.192.141:53), timeout: 5s }
    [2019-10-29][00:05:09.436446000][DEBUG] [trust_dns_resolver::name_server::name_server] name_server connection failure: tokio spawn error
    [2019-10-29][00:05:09.436542000][DEBUG] [trust_dns_resolver::name_server::name_server] reconnecting: NameServerConfig { socket_addr: V4(211.148.192.141:53), protocol: Udp, tls_dns_name: None, tls_config: None }
    [2019-10-29][00:05:09.436599000][DEBUG] [trust_dns_resolver::name_server::name_server] reconnecting: NameServerConfig { socket_addr: V4(211.148.192.151:53), protocol: Udp, tls_dns_name: None, tls_config: None }
    [2019-10-29][00:05:09.436645000][TRACE] [trust_dns_resolver::name_server::connection_provider] polling response inner
    [2019-10-29][00:05:09.436688000][DEBUG] [trust_dns_resolver::name_server::connection_provider] connecting: Udp { socket_addr: V4(211.148.192.141:53), timeout: 5s }
    [2019-10-29][00:05:09.436740000][DEBUG] [trust_dns_resolver::name_server::name_server] name_server connection failure: tokio spawn error
    [2019-10-29][00:05:09.436771000][TRACE] [trust_dns_resolver::name_server::connection_provider] polling response inner
    [2019-10-29][00:05:09.436793000][DEBUG] [trust_dns_resolver::name_server::connection_provider] connecting: Udp { socket_addr: V4(211.148.192.151:53), timeout: 5s }
    [2019-10-29][00:05:09.436887000][DEBUG] [trust_dns_resolver::name_server::name_server] name_server connection failure: tokio spawn error
    [2019-10-29][00:05:09.436993000][DEBUG] [trust_dns_resolver::name_server::name_server] reconnecting: NameServerConfig { socket_addr: V4(211.148.192.141:53), protocol: Tcp, tls_dns_name: None, tls_config: None }
    [2019-10-29][00:05:09.437047000][DEBUG] [trust_dns_resolver::name_server::name_server] reconnecting: NameServerConfig { socket_addr: V4(211.148.192.151:53), protocol: Tcp, tls_dns_name: None, tls_config: None }
    [2019-10-29][00:05:09.437115000][TRACE] [trust_dns_resolver::name_server::connection_provider] polling response inner
    [2019-10-29][00:05:09.437155000][DEBUG] [trust_dns_resolver::name_server::connection_provider] connecting: Tcp { socket_addr: V4(211.148.192.141:53), timeout: 5s }
    [2019-10-29][00:05:09.437267000][DEBUG] [trust_dns_resolver::name_server::name_server] name_server connection failure: tokio spawn error
    [2019-10-29][00:05:09.437325000][TRACE] [trust_dns_resolver::name_server::connection_provider] polling response inner
    [2019-10-29][00:05:09.437362000][DEBUG] [trust_dns_resolver::name_server::connection_provider] connecting: Tcp { socket_addr: V4(211.148.192.151:53), timeout: 5s }
    [2019-10-29][00:05:09.437464000][DEBUG] [trust_dns_resolver::name_server::name_server] name_server connection failure: tokio spawn error
    [2019-10-29][00:05:09.437641000][DEBUG] [trust_dns_proto::xfer::dns_handle] querying: www.example.com AAAA
    [2019-10-29][00:05:09.437796000][DEBUG] [trust_dns_resolver::name_server::name_server] reconnecting: NameServerConfig { socket_addr: V4(211.148.192.151:53), protocol: Udp, tls_dns_name: None, tls_config: None }
    [2019-10-29][00:05:09.437854000][DEBUG] [trust_dns_resolver::name_server::name_server] reconnecting: NameServerConfig { socket_addr: V4(211.148.192.141:53), protocol: Udp, tls_dns_name: None, tls_config: None }
    [2019-10-29][00:05:09.437922000][TRACE] [trust_dns_resolver::name_server::connection_provider] polling response inner
    [2019-10-29][00:05:09.437952000][DEBUG] [trust_dns_resolver::name_server::connection_provider] connecting: Udp { socket_addr: V4(211.148.192.151:53), timeout: 5s }
    [2019-10-29][00:05:09.438054000][DEBUG] [trust_dns_resolver::name_server::name_server] name_server connection failure: tokio spawn error
    [2019-10-29][00:05:09.438106000][TRACE] [trust_dns_resolver::name_server::connection_provider] polling response inner
    [2019-10-29][00:05:09.438137000][DEBUG] [trust_dns_resolver::name_server::connection_provider] connecting: Udp { socket_addr: V4(211.148.192.141:53), timeout: 5s }
    [2019-10-29][00:05:09.438194000][DEBUG] [trust_dns_resolver::name_server::name_server] name_server connection failure: tokio spawn error
    [2019-10-29][00:05:09.438305000][DEBUG] [trust_dns_resolver::name_server::name_server] reconnecting: NameServerConfig { socket_addr: V4(211.148.192.151:53), protocol: Tcp, tls_dns_name: None, tls_config: None }
    [2019-10-29][00:05:09.438365000][DEBUG] [trust_dns_resolver::name_server::name_server] reconnecting: NameServerConfig { socket_addr: V4(211.148.192.141:53), protocol: Tcp, tls_dns_name: None, tls_config: None }
    [2019-10-29][00:05:09.438426000][TRACE] [trust_dns_resolver::name_server::connection_provider] polling response inner
    [2019-10-29][00:05:09.438479000][DEBUG] [trust_dns_resolver::name_server::connection_provider] connecting: Tcp { socket_addr: V4(211.148.192.151:53), timeout: 5s }
    [2019-10-29][00:05:09.438566000][DEBUG] [trust_dns_resolver::name_server::name_server] name_server connection failure: tokio spawn error
    [2019-10-29][00:05:09.438608000][TRACE] [trust_dns_resolver::name_server::connection_provider] polling response inner
    [2019-10-29][00:05:09.438631000][DEBUG] [trust_dns_resolver::name_server::connection_provider] connecting: Tcp { socket_addr: V4(211.148.192.141:53), timeout: 5s }
    [2019-10-29][00:05:09.438690000][DEBUG] [trust_dns_resolver::name_server::name_server] name_server connection failure: tokio spawn error
    [2019-10-29][00:05:09.438868000][DEBUG] [trust_dns_resolver::name_server::name_server] reconnecting: NameServerConfig { socket_addr: V4(211.148.192.141:53), protocol: Udp, tls_dns_name: None, tls_config: None }
    [2019-10-29][00:05:09.438930000][DEBUG] [trust_dns_resolver::name_server::name_server] reconnecting: NameServerConfig { socket_addr: V4(211.148.192.151:53), protocol: Udp, tls_dns_name: None, tls_config: None }
    [2019-10-29][00:05:09.439010000][TRACE] [trust_dns_resolver::name_server::connection_provider] polling response inner
    [2019-10-29][00:05:09.439040000][DEBUG] [trust_dns_resolver::name_server::connection_provider] connecting: Udp { socket_addr: V4(211.148.192.141:53), timeout: 5s }
    [2019-10-29][00:05:09.439102000][DEBUG] [trust_dns_resolver::name_server::name_server] name_server connection failure: tokio spawn error
    [2019-10-29][00:05:09.439136000][TRACE] [trust_dns_resolver::name_server::connection_provider] polling response inner
    [2019-10-29][00:05:09.439160000][DEBUG] [trust_dns_resolver::name_server::connection_provider] connecting: Udp { socket_addr: V4(211.148.192.151:53), timeout: 5s }
    [2019-10-29][00:05:09.439207000][DEBUG] [trust_dns_resolver::name_server::name_server] name_server connection failure: tokio spawn error
    [2019-10-29][00:05:09.439297000][DEBUG] [trust_dns_resolver::name_server::name_server] reconnecting: NameServerConfig { socket_addr: V4(211.148.192.141:53), protocol: Tcp, tls_dns_name: None, tls_config: None }
    [2019-10-29][00:05:09.439350000][DEBUG] [trust_dns_resolver::name_server::name_server] reconnecting: NameServerConfig { socket_addr: V4(211.148.192.151:53), protocol: Tcp, tls_dns_name: None, tls_config: None }
    [2019-10-29][00:05:09.439394000][TRACE] [trust_dns_resolver::name_server::connection_provider] polling response inner
    [2019-10-29][00:05:09.439418000][DEBUG] [trust_dns_resolver::name_server::connection_provider] connecting: Tcp { socket_addr: V4(211.148.192.141:53), timeout: 5s }
    [2019-10-29][00:05:09.439479000][DEBUG] [trust_dns_resolver::name_server::name_server] name_server connection failure: tokio spawn error
    [2019-10-29][00:05:09.439512000][TRACE] [trust_dns_resolver::name_server::connection_provider] polling response inner
    [2019-10-29][00:05:09.439534000][DEBUG] [trust_dns_resolver::name_server::connection_provider] connecting: Tcp { socket_addr: V4(211.148.192.151:53), timeout: 5s }
    [2019-10-29][00:05:09.439585000][DEBUG] [trust_dns_resolver::name_server::name_server] name_server connection failure: tokio spawn error
    [2019-10-29][00:05:09.439683000][DEBUG] [trust_dns_resolver::name_server::name_server] reconnecting: NameServerConfig { socket_addr: V4(211.148.192.151:53), protocol: Udp, tls_dns_name: None, tls_config: None }
    [2019-10-29][00:05:09.439740000][DEBUG] [trust_dns_resolver::name_server::name_server] reconnecting: NameServerConfig { socket_addr: V4(211.148.192.141:53), protocol: Udp, tls_dns_name: None, tls_config: None }
    [2019-10-29][00:05:09.439784000][TRACE] [trust_dns_resolver::name_server::connection_provider] polling response inner
    [2019-10-29][00:05:09.439807000][DEBUG] [trust_dns_resolver::name_server::connection_provider] connecting: Udp { socket_addr: V4(211.148.192.151:53), timeout: 5s }
    [2019-10-29][00:05:09.439859000][DEBUG] [trust_dns_resolver::name_server::name_server] name_server connection failure: tokio spawn error
    [2019-10-29][00:05:09.439889000][TRACE] [trust_dns_resolver::name_server::connection_provider] polling response inner
    [2019-10-29][00:05:09.439910000][DEBUG] [trust_dns_resolver::name_server::connection_provider] connecting: Udp { socket_addr: V4(211.148.192.141:53), timeout: 5s }
    [2019-10-29][00:05:09.439954000][DEBUG] [trust_dns_resolver::name_server::name_server] name_server connection failure: tokio spawn error
    [2019-10-29][00:05:09.440032000][DEBUG] [trust_dns_resolver::name_server::name_server] reconnecting: NameServerConfig { socket_addr: V4(211.148.192.151:53), protocol: Tcp, tls_dns_name: None, tls_config: None }
    [2019-10-29][00:05:09.440082000][DEBUG] [trust_dns_resolver::name_server::name_server] reconnecting: NameServerConfig { socket_addr: V4(211.148.192.141:53), protocol: Tcp, tls_dns_name: None, tls_config: None }
    [2019-10-29][00:05:09.440128000][TRACE] [trust_dns_resolver::name_server::connection_provider] polling response inner
    [2019-10-29][00:05:09.440150000][DEBUG] [trust_dns_resolver::name_server::connection_provider] connecting: Tcp { socket_addr: V4(211.148.192.151:53), timeout: 5s }
    [2019-10-29][00:05:09.440206000][DEBUG] [trust_dns_resolver::name_server::name_server] name_server connection failure: tokio spawn error
    [2019-10-29][00:05:09.440237000][TRACE] [trust_dns_resolver::name_server::connection_provider] polling response inner
    [2019-10-29][00:05:09.440258000][DEBUG] [trust_dns_resolver::name_server::connection_provider] connecting: Tcp { socket_addr: V4(211.148.192.141:53), timeout: 5s }
    [2019-10-29][00:05:09.440308000][DEBUG] [trust_dns_resolver::name_server::name_server] name_server connection failure: tokio spawn error
    [2019-10-29][00:05:09.440377000][ERROR] [shadowsocks::relay::dns_resolver] Failed to resolve www.example.com:80, err: proto error
    

    To Reproduce Steps to reproduce the behavior:

    1. Create a AsyncResolver with read_system_conf

      let (config, opts) = read_system_conf().expect("Failed to read global dns sysconf");
      let (resolver, bg) = AsyncResolver::new(config, opts);
      
      tokio::spawn(bg);  // Runs background task.
      
    2. Call lookup_ip with any addresses

      let addrs = resolver.lookup_ip("www.example.com").await?;
      

    Expected behavior

    lookup_ip should return valid IPs instead of errors.

    System:

    • OS: macOS 10.14.6
    • Architecture: x86_64
    • Version: ?
    • rustc version: 1.39.0-beta.7 (23f8f652b 2019-10-26)

    Version: Crate: resolver Version: master on github

    opened by zonyitoo 27
  • Synchronous resolver is not Send + Sync

    Synchronous resolver is not Send + Sync

    This is due to its embedding of the async Reactor from Tokio. This means that for my Send + Sync structure, I need to instead create a resolver on each call instead of being able to amortize it to be constructed just once.

    bug perf crate:client crate:proto 
    opened by mathstuf 25
  • Spurious resolution failure with concurrent requests

    Spurious resolution failure with concurrent requests

    Describe the bug With 3 servers and a configuration with 2 concurrent requests, name resolution sometimes fails, other times not.

    To Reproduce Use default for ResolverOpts::num_concurrent_reqs field and 3 authorities on different domains. With them construct Resolver. With such resolver, Resolver::lookup_ip will sometimes spuriously fail with resolution.

    Expected behavior To Resolver::lookup_ip successfully resolve a name.

    System:

    • OS: Ubuntu
    • Architecture: x64
    • Version 18.04.3 LTS
    • rustc version: 1.39.0

    Version: Crate: trust-dns-resolver Version: 0.12

    Additional context Client and Server were in the same process.

    With ResolverOpts::num_concurrent_reqs = 1 Resolver::lookup_ip behaves as expected.

    Servers were made with trust-dns-server = 0.17.

    Discovered while working on https://github.com/timberio/vector/pull/1118

    bug crate:resolver 
    opened by ktff 24
  • Reverse DNS Zone returns NS records instead of SOA

    Reverse DNS Zone returns NS records instead of SOA

    Describe the bug

    I am not a DNS expert bug this makes weeks since I am trying to setup my reverse IPV6 Zone. Today my hosting provided hosted the zone on his server so we could compare DNS results.

    To Reproduce

    Other DNS server

    dig -x 2a10:4646:14::53 @2a10:4640::2
    

    My trust-dns server

    dig -x 2a10:4646:14::1 @2a10:4646:14::53
    

    Expected behavior A clear and concise description of what you expected to happen.

    Version: Version: latest version in docker (0.20.3)

    Additional context

    --- dc  2021-08-05 14:03:18.847302592 +0200
    +++ dyjix       2021-08-05 14:03:27.619222479 +0200
    @@ -1,24 +1,20 @@
     
     ;; global options: +cmd
     ;; Got answer:
    -;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55012
    -;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 0
    +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31506
    +;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
     
    +;; OPT PSEUDOSECTION:
    +; EDNS: version: 0, flags:; udp: 1680
     ;; QUESTION SECTION:
     ;1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.4.1.0.0.6.4.6.4.0.1.a.2.ip6.arpa. IN PTR
     
     ;; ANSWER SECTION:
    -1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.4.1.0.0.6.4.6.4.0.1.a.2.ip6.arpa. 86400        IN PTR dc4-dns.servers.datacenters.network.
    
    -;; AUTHORITY SECTION:
    -4.1.0.0.6.4.6.4.0.1.a.2.ip6.arpa. 86400        IN NS   ns01.dns.datacenters.network.
    -4.1.0.0.6.4.6.4.0.1.a.2.ip6.arpa. 86400        IN NS   ns02.dns.datacenters.network.
    -4.1.0.0.6.4.6.4.0.1.a.2.ip6.arpa. 86400        IN NS   ns03.dns.datacenters.network.
    -4.1.0.0.6.4.6.4.0.1.a.2.ip6.arpa. 86400        IN NS   ns04.dns.datacenters.network.
    +1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.4.1.0.0.6.4.6.4.0.1.a.2.ip6.arpa. 60 IN        PTR dc4-dns.servers.datacenters.network.
    

    Diff on other query

    dig 4.1.0.0.6.4.6.4.0.1.a.2.ip6.arpa. @2a10:4646:14::53
    
    dig 4.1.0.0.6.4.6.4.0.1.a.2.ip6.arpa. @2a10:4640::2
    
     ;; global options: +cmd
     ;; Got answer:
    -;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24897
    -;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
    +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64414
    +;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
    +;; WARNING: recursion requested but not available
     
    +;; OPT PSEUDOSECTION:
    +; EDNS: version: 0, flags:; udp: 1680
     ;; QUESTION SECTION:
     ;4.1.0.0.6.4.6.4.0.1.a.2.ip6.arpa. IN  A
     
     ;; AUTHORITY SECTION:
    -4.1.0.0.6.4.6.4.0.1.a.2.ip6.arpa. 604800 IN SOA        a.misconfigured.powerdns.server. hostmaster.4.1.0.0.6.4.6.4.0.1.a.2.ip6.arpa. 9 28800 7200 604800 86400
    +4.1.0.0.6.4.6.4.0.1.a.2.ip6.arpa. 3600 IN SOA  a.misconfigured.powerdns.server. hostmaster.4.1.0.0.6.4.6.4.0.1.a.2.ip6.arpa. 2021080505 10800 3600 604800 3600
     
    
    opened by williamdes 22
  • (wip) use resolv_conf to parse resolv.conf files

    (wip) use resolv_conf to parse resolv.conf files

    This is still work in progress but I'm opening early to have feedback about whether this is the right direction. Here is what I did:

    • get rid of the lalrpop parser
    • move unix specific stuff to a unix.rs module
    • derived a couple more trait on the config types (Eq is convenient to have for tests, and Copy is convenient for NameServerConfig)

    Note that for the moment, this depends on https://github.com/tailhook/resolv-conf/pull/5

    Also, for the moment resolv-conf does not make a distinction between domain and search: https://github.com/tailhook/resolv-conf/blob/d7ab0ce0a80f6433dbb6ba32468ad3e6b5d272c2/src/grammar.rs#L141-L149

    I think this is an issue.

    opened by little-dude 22
  • Upgrade to Tokio 0.3

    Upgrade to Tokio 0.3

    Need to upgrade all crates:

    • [x] proto
    • [x] rustls - depends on tokio-rustls
    • [x] https - dependecies on tokio-rustls, et al. (tests failing, temp impl on git master branch from h2)
    • [x] client
    • [x] openssl - depends on tokio-openssl
    • [x] native-tls - requires move to tokio-native-tls
    • [x] resolver
    • [x] server
    • [x] bin
    • [x] util
    • [x] tests

    Fixes: #1250

    blocked on:

    • [x] test failure: https_client_stream::tests::test_https_google in trust-dns-https
    • [ ] ~~h2 0.3 release with upgrade to Tokio 0.3~~, will fix this on release of 0.20.
    opened by bluejekyll 21
  • Client fails to verify records with uppercased names

    Client fails to verify records with uppercased names

    Test case:

    #[test]
    fn test_dnssec_rollernet_td() {
        use trust_dns::udp::UdpClientConnection;
        use trust_dns::client::Client;
        let c = Client::new(UdpClientConnection::new("8.8.8.8:53".parse().unwrap()).unwrap());
        c.secure_query(
            &Name::parse("rollernet.us.", None).unwrap(),
            DNSClass::IN,
            RecordType::DS,
        ).unwrap();
    }
    

    This fails with No DNSKEY proof available error while validating the returned NSEC record, but according to http://dnsviz.net/d/rollernet.us/dnssec/ , the server returns correct RRSIG. From what I can tell, this server returns uppercased names in the record, but all names are converted to lowercase on deserialization, which breaks verification.

    bug 
    opened by SAPikachu 20
  • always attempt reconnect when nameserver is picked

    always attempt reconnect when nameserver is picked

    Currently the NameServerPool can be exhausted when connections are not reattempted. This should make sure that connects will always be attempted even if all the connections are failed.

    fixes: #454

    opened by bluejekyll 19
  • Graceful Shutdown of Server

    Graceful Shutdown of Server

    Am I missing a way to do orderly shutdown of the server?

    As in: a way to stop the server from accepting new connections, finish the running requests and then resolve the ServerFuture.?

    enhance crate:server 
    opened by theduke 4
  • Trust-DNS does not work in IPv4-only environment

    Trust-DNS does not work in IPv4-only environment

    Describe the bug Whenever I connect to my parent's WiFi, trust-dns stops working, and I do not get any DNS resolving at all. My parents have a very old legacy internet connection that only has an IPv4 address. I'm using the same configuration that I use in other networks, so naturally I have both IPv4 and IPv6 addresses to forward to. If I remove those IPv6 addresses (first two name_servers) from the config, trust-dns works fine.

    To Reproduce

    • Install trust-dns:
      yay -S trust-dns
      
    • Write /etc/named.toml
      listen_addrs_ipv4 = ["127.0.0.1"]
      listen_addrs_ipv6 = ["::1"]
      listen_port = 53
      
      [[zones]]
      zone = "."
      zone_type = "Forward"
      
      [zones.stores]
      type = "forward"
      
      [[zones.stores.name_servers]]
      socket_addr = "[2606:4700:4700::1111]:853"
      protocol = "tls"
      tls_dns_name = "1dot1dot1dot1.cloudflare-dns.com"
      trust_nx_responses = false
      
      [[zones.stores.name_servers]]
      socket_addr = "[2606:4700:4700::1001]:853"
      protocol = "tls"
      tls_dns_name = "1dot1dot1dot1.cloudflare-dns.com"
      trust_nx_responses = false
      
      [[zones.stores.name_servers]]
      socket_addr = "1.1.1.1:853"
      protocol = "tls"
      tls_dns_name = "1dot1dot1dot1.cloudflare-dns.com"
      trust_nx_responses = false
      
      [[zones.stores.name_servers]]
      socket_addr = "1.0.0.1:853"
      protocol = "tls"
      tls_dns_name = "1dot1dot1dot1.cloudflare-dns.com"
      trust_nx_responses = false
      
    • Start named.service via systemd
    • Try to do a dns lookup
      $ drill msrd0.de
      Error: error sending query: Could not send or receive, because of network error
      

    Expected behavior I get a response rather than a network error.

    System:

    • OS: ArchLinux
    • Architecture: x86_64
    • Version: Rolling Release
    • rustc version: 1.66

    Version: Crate: trust-dns Version: 0.22.0

    Additional context Trust-dns does not indicate any errors in its log:

    $ sudo systemctl status named
    [sudo] password for msrd0:
    ● named.service - TRUST-DNS server
         Loaded: loaded (/etc/systemd/system/named.service; enabled; preset: disabled)
         Active: active (running) since Wed 2022-12-28 11:07:00 CET; 2min 0s ago
       Main PID: 590 (named)
          Tasks: 5 (limit: 9408)
         Memory: 18.4M
            CPU: 215ms
         CGroup: /system.slice/named.service
                 └─590 /usr/bin/named
    
    Dec 28 11:08:36 ACER-SP314-51 named[590]: 1672222116:INFO:trust_dns_server::server::server_future:771:request:41536 src:UDP://::1#39573 QUERY:radicale.msrd0.de.:A:IN qflags:RD response:NoError rr:2/0/0 rflags:RD,RA
    Dec 28 11:08:44 ACER-SP314-51 named[590]: 1672222124:INFO:trust_dns_server::server::server_future:771:request:47544 src:UDP://::1#51488 QUERY:chat.signal.org.:A:IN qflags:RD response:NoError rr:2/0/0 rflags:RD,RA
    Dec 28 11:08:45 ACER-SP314-51 named[590]: 1672222125:INFO:trust_dns_server::server::server_future:771:request:31124 src:UDP://::1#55179 QUERY:chat.signal.org.:A:IN qflags:RD response:NoError rr:2/0/0 rflags:RD,RA
    Dec 28 11:08:50 ACER-SP314-51 named[590]: 1672222130:INFO:trust_dns_server::server::server_future:771:request:31124 src:UDP://::1#55179 QUERY:chat.signal.org.:A:IN qflags:RD response:NoError rr:2/0/0 rflags:RD,RA
    Dec 28 11:08:50 ACER-SP314-51 named[590]: 1672222130:INFO:trust_dns_server::server::server_future:771:request:43374 src:UDP://::1#55333 QUERY:chat.signal.org.:A:IN qflags:RD response:NoError rr:2/0/0 rflags:RD,RA
    Dec 28 11:08:55 ACER-SP314-51 named[590]: 1672222135:INFO:trust_dns_server::server::server_future:771:request:31124 src:UDP://::1#41384 QUERY:chat.signal.org.:A:IN qflags:RD response:NoError rr:2/0/0 rflags:RD,RA
    Dec 28 11:08:55 ACER-SP314-51 named[590]: 1672222135:INFO:trust_dns_server::server::server_future:771:request:43374 src:UDP://::1#55333 QUERY:chat.signal.org.:A:IN qflags:RD response:NoError rr:2/0/0 rflags:RD,RA
    Dec 28 11:09:00 ACER-SP314-51 named[590]: 1672222140:INFO:trust_dns_server::server::server_future:771:request:55726 src:UDP://::1#47138 QUERY:chat.signal.org.:A:IN qflags:RD response:NoError rr:2/0/0 rflags:RD,RA
    Dec 28 11:09:00 ACER-SP314-51 named[590]: 1672222140:INFO:trust_dns_server::server::server_future:771:request:43374 src:UDP://::1#56296 QUERY:chat.signal.org.:A:IN qflags:RD response:NoError rr:2/0/0 rflags:RD,RA
    Dec 28 11:09:05 ACER-SP314-51 named[590]: 1672222145:INFO:trust_dns_server::server::server_future:771:request:17793 src:UDP://::1#60414 QUERY:chat.signal.org.:A:IN qflags:RD response:NoError rr:2/0/0 rflags:RD,RA
    
    perf platform:linux has workaround 
    opened by msrd0 3
  • Update all dependencies

    Update all dependencies

    A big dependency bump.

    Reasoning:

    • Many dependencies were pinned down to the micro version number and some dependencies weren't bumped for a very long time, which led some of them to become heavily (2+ years) outdated. For any crate that depends on trust-dns-*, this would most likely lead to dependency bloat.
    • For some dependencies, different versions were listed (e.g., 1.0 and 1.21 for tokio).

    Notes:

    • Verified that it builds locally with all features/targets enabled and tests pass, on both 1.66 and MSRV (1.60).
    • Verified that nothing's missing via cargo upgrade --incompatible.
    • Updated Cargo.lock.
    opened by aldanor 4
  • " methods">

    "into_" methods

    Consider this struct: https://docs.rs/trust-dns-proto/0.22.0/trust_dns_proto/rr/rdata/mx/struct.MX.html

    It has an owned Name field, but there is no way to get that out of it; you can only get &Name.

    For efficiency purposes, I would like to be able to do into_exchange to get Name from MX.

    This applies in general to all similar data types.

    perf 
    opened by mattfbacon 7
  • Show rfc9250 DoQ support

    Show rfc9250 DoQ support

    This PR:

    • shows the support for DNS over QUIC in comments and README files ;
    • fixes DNS-over-* typos: RFCs shows DNS over TLS, DNS over HTTPS, DNS over QUIC without dashes ;
    • update URLs for RFCs and Internet Drafts because of the transition from tools.ietf.org.

    fixes: #1837

    opened by HLFH 1
Releases(v0.22.0)
  • v0.22.0(Sep 2, 2022)

    0.22.0

    Removed

    • (deps) don't pull in env_logger if we aren't actually a binary #1701 by @Noah-Kennedy

    Added

    • (resolver) Add option to use a provided name server order #1766 by @nhurley3
    • (proto) Add invalid utf8 output test for TXT::fmt. #1755 by @darnuria
    • (proto) Support 0-RTT in DNS over QUIC #1716 by @msoxzw
    • (recursor) new A Trust DNS based Recursor!!! #1710 by @bluejekyll
    • (resolver) Allow customizing the static hosts configuration #1705 by @fantix
    • (proto/server) Support loading pkcs#1 private key as well #1704 by @lisongmin
    • (util) Trust dns client cli (like dig) #1680 by @bluejekyll

    Fixed

    • (proto) Only retry UDP socket bind if it returned EADDRINUSE #1761 by @peterthejohnston
    • (all) Add necessary conditional compilation cfgs #1752 by @trevor-crypto
    • (server) Populate name_pointers correctly via MessageResponseBuilder request #1744 by @jeff-hiner
    • (resolver) Do not fail parse_resolv_conf on invalid hostname #1740 by @schultetwin1
    • (all) doc: Fix warnings reported by cargo doc #1737 by @wiktor-k
    • (proto) Use u16::*_be_bytes represent length field (fixes DoQ) #1715 by @msoxzw
    • (proto) Prevent invalid 0-length labels via from_raw_bytes #1700 by @jonasbb
    • (proto/server) Drop UDP packets on send failure #1696 by @jeff-hiner
    • (all) removed .max(0), unnecessary with u32's #1691 by @bluejekyll
    • (server) sanitize all addresses received by the server before attempting any r… #1690 by @bluejekyll
    • (server) Remove forced (unecessary) Mutex from handler #1679 by @jeff-hiner
    • (proto) Fix SvcParamKey::Unknown parsing #1678 by @jeff-hiner

    Changed

    • (all) Minimum Rust Version now 1.59 #1771 by @bluejekyll
    • (client) Parser panic to result #1758 by @darnuria
    • (client) Avoid 3 unwrap() call inc Parser::flush_record. #1757 by @darnuria
    • (client) Cleanup lex #1756 by @darnuria
    • (resovler) Make maximum request depth configurable #1749 by @wiktor-k
    • (server) Clean up ForwardAuthority api #1748 by @chotchki
    • (resolver) Relax mut requirements for resolver.clear_cache() and add cache flushing example #1747 by @dns2utf8
    • (resolver) Lookup access Records list directly #1746 by @izissise
    • (proto) Pass DnsRequestOptions to DNSSEC validating routines #1742 by @wiktor-k
    • (proto) Increase the maximum request depth to 26 #1736 by @wiktor-k
    • (server) Mark ForwardLookup as public #1729 by @chotchki
    • (all) upgrade windows openssl version to 1_1_1p #1728 by @bluejekyll
    • (all) Converted to tracing from log #1706 by @erikh and @bluejekyll
    • (server) Move logger setup code into binary #1703 by @djc
    • (proto) ignore errors when disconnected #1695 by @edevil
    • (server) RequestInfo derives Clone trait. #1693 by @humb1t
    • (proto/server) make doq transport settings more consistent with RFC #1682 by @bluejekyll
    • (all) Included githubactions in the dependabot config #1681 by @naveensrinivasan
    • (proto) deprecated edns methods on request and replaced with extensions and better scemantics #1675 by @leshow
    Source code(tar.gz)
    Source code(zip)
  • v0.21.2(Mar 30, 2022)

    0.21.2

    Added

    • (proto) add PartialEq+Hash derives, #1661 by @leshow

    Fixed

    • (server) fix panic when tcp connect goes away before handling, #1668
    • (server) crates/server, InMemoryStore: Use a RwLock instead of a Mutex to manage inner storage, #1665 by @erikh
    • (all) fix audit regex failure, #1658
    • (resolver) Stop searching for additional records when encountering a name already seen, #1657 by @Mossop
    • (proto) fix time txt parsing in SOA records, #1656

    Removed

    • (all) remove old crates (the ones moved into proto, tag v0.21.1 can get if needed for crates.io), #1655

    Changed

    • (resolver) keep any address records included in the response to an NS query, #1672 by @db48x
    • (resolver) force forwarder to preserve_intermediates, #1660 by @vlmutolo
    • (resolver) make constructors for AsyncResolver with custom providers public, #1654 by @Noah-Kennedy
    Source code(tar.gz)
    Source code(zip)
  • v0.21.1(Feb 28, 2022)

  • v0.21.0(Feb 26, 2022)

    0.21.0

    Added

    • (client) Parse DS records (@kmkaplan) #1635
    • (fuzz) Added fuzzing configuration (@saethlin) #1626
    • (resolver) Add resolver.clear_cache() sync and async (dns2utf8) #1611
    • (proto) Add CDS/CDNSKEY records from RFC7344 (frelon) #1595
    • (resolver) Configuration of outbound bind address for resolver (@surban) #1586
    • (proto) Add CSYNC record from RFC7477 (@frelon) #1583
    • (proto) trust_dns_proto::rr::Record now serializable (@mvforell) #1536
    • (client) new zone_transfer method for AXFR and IXFR use cases, client only (@trinity-1686a) #1478
    • (client) Flag for use_edns configuration on AsyncClient (@astro) #1492
    • (client) support for TSIG authentication (@trinity-1686a) #1459

    Changed

    • (util) openssl is no longer default enabled in trust-dns-utils, bins marked as required as necessary #1644
    • (proto) deprecate outdated dnssec algorithms #1640
    • (server) pass RequestInfo into Authority on search #1620
    • (proto) SSHFP: Ed448 is assigned algorithm 6 in RFC 8709 #1604
    • (resolver) Do not retry the same name server on a negative response (@peterthejohnston) #1589
    • (all) with-backtrace feature renamed to backtrace (@pinkisemils) #1577
    • (resolver) TCP for truncated message responses, but not for other failures on responses (switch for old behavior try_tcp_on_error) ( @peterthejohnston) #1562
    • (server) Multiple queries in a message will always result in a FormError now #1554
    • (server) ServerFuture and other Catalog related API changes #1554
    • (server) By default, the server will now only log a single log line based for a given request (debug will be needed for more details) #1554
    • (server) ResponseHandler now must return a ResponseInfo to allow for more consistent logging #1554
    • (resolver) Correct behavior around trust_nx_responses (@peterthejohnston) #1556
    • (server) ResponseHandler trait is now async_trait, requires all impls to be annotated with #[async_trait] #1550
    • (server) Authority impls required to be internally modifiable and Send + Sync #1550
    • (server) Most Authority methods changes to async fn rather than returning custom Future impls #1550
    • (server) Authority trait is now async_trait, requires all impls to be annotated with #[async_trait] #1550
    • (proto) Header now stores ResponseCode instead of just u8 #1537
    • (client) improved async client example documentation (@ErwanDL) #1539
    • (resolver) on REFUSED (and other negative) response(s), fall back to other nameservers (@peterthejohnston) #1513 #1526
    • (client) the feature dnssec is no longer enabled by default, use dnssec-ring or dnssec-openssl #1506
    • (server) dnssec functions of Authority moved into DnsSecAuthority #1506
    • (all) Most public enum types are now marked #[non_exaustive] #1426
    • (resolver) DnsRequestOptions and ResolverOpts now #[non_exaustive] #1426
    • (proto) all I/O Streams now use BufDnsStreamHandle rather than generic DnsStreamHandle #1433
    • (proto) DnsResponse response now contains only a single Response #1433
    • (proto) Name::append_name and Name::append_domain now properly fallible when name is too long #1448
    • (resolver) special handling of the onion. TLD added to static resolution with negative responses (@trinity-1686a) #1479
    • (proto) internal Futures converted to Streams to support multiple responses, e.g. AXFR (@trinity-1686a) #1478
    • (proto) renamed Signer to SigSigner to differentiate from TSigner #1498

    Removed

    • (all) removed structopt dependency #1644
    • (all) removed chrono dependency #1569
    • (client) Remove AsyncClientConnect and AsyncSecureClientConnect (future impls) in favor of async constructors (@ErwanDL) #1541
    • (proto) removed RecordType::DNSSEC and moved all variants of DNSSECRecordType into RecordType #1506
    • (proto) removed BufStreamHandle and StreamHandle #1433
    • (response) disabled mdns to work on a new solution #1433

    Fixed

    • (proto) fix CAA .to_string() crash and format (@hartshorne) #1631
    • (proto) fix DoubleEndedIterator impl for Name #1639
    • (client) Fix AsyncClient::clone always setting use_edns (@ecton) #1598
    • (resolver) Use stream connections if datagram connections are not available (@pinkisemils) #1592
    • (server) Release resources when a server future is dropped (@pinkisemils) #1587
    • (proto) Panic when name exceeds maximal domain name length during display #1447
    Source code(tar.gz)
    Source code(zip)
  • v0.21.0-alpha.5(Feb 8, 2022)

    0.21.0 (unreleased)

    Added

    • (fuzz) Added fuzzing configuration (@saethlin) #1626
    • (resolver) Add resolver.clear_cache() sync and async (dns2utf8) #1611
    • (proto) Add CDS/CDNSKEY records from RFC7344 (frelon) #1595
    • (resolver) Configuration of outbound bind address for resolver (@surban) #1586
    • (proto) Add CSYNC record from RFC7477 (@frelon) #1583
    • (proto) trust_dns_proto::rr::Record now serializable (@mvforell) #1536
    • (client) new zone_transfer method for AXFR and IXFR use cases, client only (@trinity-1686a) #1478
    • (client) Flag for use_edns configuration on AsyncClient (@astro) #1492
    • (client) support for TSIG authentication (@trinity-1686a) #1459

    Changed

    • (server) pass RequestInfo into Authority on search #1620
    • (proto) SSHFP: Ed448 is assigned algorithm 6 in RFC 8709 #1604
    • (resolver) Do not retry the same name server on a negative response (@peterthejohnston) #1589
    • (all) with-backtrace feature renamed to backtrace (@pinkisemils) #1577
    • (resolver) TCP for truncated message responses, but not for other failures on responses (switch for old behavior try_tcp_on_error) ( @peterthejohnston) #1562
    • (server) Multiple queries in a message will always result in a FormError now #1554
    • (server) ServerFuture and other Catalog related API changes #1554
    • (server) By default, the server will now only log a single log line based for a given request (debug will be needed for more details) #1554
    • (server) ResponseHandler now must return a ResponseInfo to allow for more consistent logging #1554
    • (resolver) Correct behavior around trust_nx_responses (@peterthejohnston) #1556
    • (server) ResponseHandler trait is now async_trait, requires all impls to be annotated with #[async_trait] #1550
    • (server) Authority impls required to be internally modifiable and Send + Sync #1550
    • (server) Most Authority methods changes to async fn rather than returning custom Future impls #1550
    • (server) Authority trait is now async_trait, requires all impls to be annotated with #[async_trait] #1550
    • (proto) Header now stores ResponseCode instead of just u8 #1537
    • (client) improved async client example documentation (@ErwanDL) #1539
    • (resolver) on REFUSED (and other negative) response(s), fall back to other nameservers (@peterthejohnston) #1513 #1526
    • (client) the feature dnssec is no longer enabled by default, use dnssec-ring or dnssec-openssl #1506
    • (server) dnssec functions of Authority moved into DnsSecAuthority #1506
    • (all) Most public enum types are now marked #[non_exaustive] #1426
    • (resolver) DnsRequestOptions and ResolverOpts now #[non_exaustive] #1426
    • (proto) all I/O Streams now use BufDnsStreamHandle rather than generic DnsStreamHandle #1433
    • (proto) DnsResponse response now contains only a single Response #1433
    • (proto) Name::append_name and Name::append_domain now properly fallible when name is too long #1448
    • (resolver) special handling of the onion. TLD added to static resolution with negative responses (@trinity-1686a) #1479
    • (proto) internal Futures converted to Streams to support multiple responses, e.g. AXFR (@trinity-1686a) #1478
    • (proto) renamed Signer to SigSigner to differentiate from TSigner #1498

    Removed

    • (all) removed chrono dependency #1569
    • (client) Remove AsyncClientConnect and AsyncSecureClientConnect (future impls) in favor of async constructors (@ErwanDL) #1541
    • (proto) removed RecordType::DNSSEC and moved all variants of DNSSECRecordType into RecordType #1506
    • (proto) removed BufStreamHandle and StreamHandle #1433
    • (response) disabled mdns to work on a new solution #1433

    Fixed

    • (clien) Fix AsyncClient::clone always setting use_edns (ecton) #1598
    • (resolver) Use stream connections if datagram connections are not available (@pinkisemils) #1592
    • (server) Release resources when a server future is dropped (@pinkisemils) #1587
    • (proto) Panic when name exceeds maximal domain name length during display #1447
    Source code(tar.gz)
    Source code(zip)
  • v0.20.4(Feb 2, 2022)

    0.20.4

    Fixed

    • (all) updated tokio dependencies to 1.16 #1623
    • (all) removed audit chrono due to rustsec audit failure (backport) #1623

    Changed

    • (all) Increased MSRV to 1.51
    Source code(tar.gz)
    Source code(zip)
  • v0.21.0-alpha.4(Oct 13, 2021)

    0.21.0 (unreleased)

    Added

    • (proto) trust_dns_proto::rr::Record now serializable (@mvforell) #1536
    • (client) new zone_transfer method for AXFR and IXFR use cases, client only (@trinity-1686a) #1478
    • (client) Flag for use_edns configuration on AsyncClient (@astro) #1492
    • (client) support for TSIG authentication (@trinity-1686a) #1459

    Changed

    • (resolver) TCP for truncated message responses, but not for other failures on responses (switch for old behavior try_tcp_on_error) ( @peterthejohnston) #1562
    • (server) Multiple queries in a message will always result in a FormError now #1554
    • (server) ServerFuture and other Catalog related API changes #1554
    • (server) By default, the server will now only log a single log line based for a given request (debug will be needed for more details) #1554
    • (server) ResponseHandler now must return a ResponseInfo to allow for more consistent logging #1554
    • (resolver) Correct behavior around trust_nx_responses (@peterthejohnston) #1556
    • (server) ResponseHandler trait is now async_trait, requires all impls to be annotated with #[async_trait] #1550
    • (server) Authority impls required to be internally modifiable and Send + Sync #1550
    • (server) Most Authority methods changes to async fn rather than returning custom Future impls #1550
    • (server) Authority trait is now async_trait, requires all impls to be annotated with #[async_trait] #1550
    • (proto) Header now stores ResponseCode instead of just u8 #1537
    • (client) improved async client example documentation (@ErwanDL) #1539
    • (resolver) on REFUSED (and other negative) response(s), fall back to other nameservers (@peterthejohnston) #1513 #1526
    • (client) the feature dnssec is no longer enabled by default, use dnssec-ring or dnssec-openssl #1506
    • (server) dnssec functions of Authority moved into DnsSecAuthority #1506
    • (all) Most public enum types are now marked #[non_exaustive] #1426
    • (resolver) DnsRequestOptions and ResolverOpts now #[non_exaustive] #1426
    • (proto) all I/O Streams now use BufDnsStreamHandle rather than generic DnsStreamHandle #1433
    • (proto) DnsResponse response now contains only a single Response #1433
    • (proto) Name::append_name and Name::append_domain now properly fallible when name is too long #1448
    • (resolver) special handling of the onion. TLD added to static resolution with negative responses (@trinity-1686a) #1479
    • (proto) internal Futures converted to Streams to support multiple responses, e.g. AXFR (@trinity-1686a) #1478
    • (proto) renamed Signer to SigSigner to differentiate from TSigner #1498

    Removed

    • (client) Remove AsyncClientConnect and AsyncSecureClientConnect (future impls) in favor of async constructors (@ErwanDL) #1541
    • (proto) removed RecordType::DNSSEC and moved all variants of DNSSECRecordType into RecordType #1506
    • (proto) removed BufStreamHandle and StreamHandle #1433
    • (response) disabled mdns to work on a new solution #1433

    Fixed

    • (proto) Panic when name exceeds maximal domain name length during display #1447
    Source code(tar.gz)
    Source code(zip)
  • v0.21.0-alpha.3(Sep 28, 2021)

    0.21.0 (unreleased)

    Added

    • (proto) trust_dns_proto::rr::Record now serializable (@mvforell) #1536
    • (client) new zone_transfer method for AXFR and IXFR use cases, client only (@trinity-1686a) #1478
    • (client) Flag for use_edns configuration on AsyncClient (@astro) #1492
    • (client) support for TSIG authentication (@trinity-1686a) #1459

    Changed

    • (resolver) Correct behavior around trust_nx_responses (@peterthejohnston) #1556
    • (server) ResponseHandler trait is now async_trait, requires all impls to be annotated with #[async_trait] #1550
    • (server) Authority impls required to be internally modifiable and Send + Sync #1550
    • (server) Most Authority methods changes to async fn rather than returning custom Future impls #1550
    • (server) Authority trait is now async_trait, requires all impls to be annotated with #[async_trait] #1550
    • (proto) Header now stores ResponseCode instead of just u8 #1537
    • (client) improved async client example documentation (@ErwanDL) #1539
    • (resolver) on REFUSED (and other negative) response(s), fall back to other nameservers (@peterthejohnston) #1513 #1526
    • (client) the feature dnssec is no longer enabled by default, use dnssec-ring or dnssec-openssl #1506
    • (server) dnssec functions of Authority moved into DnsSecAuthority #1506
    • (all) Most public enum types are now marked #[non_exaustive] #1426
    • (resolver) DnsRequestOptions and ResolverOpts now #[non_exaustive] #1426
    • (proto) all I/O Streams now use BufDnsStreamHandle rather than generic DnsStreamHandle #1433
    • (proto) DnsResponse response now contains only a single Response #1433
    • (proto) Name::append_name and Name::append_domain now properly fallible when name is too long #1448
    • (resolver) special handling of the onion. TLD added to static resolution with negative responses (@trinity-1686a) #1479
    • (proto) internal Futures converted to Streams to support multiple responses, e.g. AXFR (@trinity-1686a) #1478
    • (proto) renamed Signer to SigSigner to differentiate from TSigner #1498

    Removed

    • (client) Remove AsyncClientConnect and AsyncSecureClientConnect (future impls) in favor of async constructors (@ErwanDL) #1541
    • (proto) removed RecordType::DNSSEC and moved all variants of DNSSECRecordType into RecordType #1506
    • (proto) removed BufStreamHandle and StreamHandle #1433
    • (response) disabled mdns to work on a new solution #1433

    Fixed

    • (proto) Panic when name exceeds maximal domain name length during display #1447
    Source code(tar.gz)
    Source code(zip)
  • v0.21.0-alpha.2(Aug 30, 2021)

    0.21.0 (unreleased)

    Added

    • (proto) trust_dns_proto::rr::Record now serializable (@mvforell) #1536
    • (client) new zone_transfer method for AXFR and IXFR use cases, client only (@trinity-1686a) #1478
    • (client) Flag for use_edns configuration on AsyncClient (@astro) #1492
    • (client) support for TSIG authentication (@trinity-1686a) #1459

    Changed

    • (proto) Header now stores ResponseCode instead of just u8 #1537
    • (client) improved async client example documentation (@ErwanDL) #1539
    • (resolver) on REFUSED (and other negative) response(s), fall back to other nameservers (@peterthejohnston) #1513 #1526
    • (client) the feature dnssec is no longer enabled by default, use dnssec-ring or dnssec-openssl #1506
    • (server) dnssec functions of Authority moved into DnsSecAuthority #1506
    • (all) Most public enum types are now marked #[non_exaustive] #1426
    • (resolver) DnsRequestOptions and ResolverOpts now #[non_exaustive] #1426
    • (proto) all I/O Streams now use BufDnsStreamHandle rather than generic DnsStreamHandle #1433
    • (proto) DnsResponse response now contains only a single Response #1433
    • (proto) Name::append_name and Name::append_domain now properly fallible when name is too long #1448
    • (resolver) special handling of the onion. TLD added to static resolution with negative responses (@trinity-1686a) #1479
    • (proto) internal Futures converted to Streams to support multiple responses, e.g. AXFR (@trinity-1686a) #1478
    • (proto) renamed Signer to SigSigner to differentiate from TSigner #1498

    Removed

    • (client) Remove AsyncClientConnect and AsyncSecureClientConnect (future impls) in favor of async constructors (@ErwanDL) #1541
    • (proto) removed RecordType::DNSSEC and moved all variants of DNSSECRecordType into RecordType #1506
    • (proto) removed BufStreamHandle and StreamHandle #1433
    • (response) disabled mdns to work on a new solution #1433

    Fixed

    • (proto) Panic when name exceeds maximal domain name length during display #1447
    Source code(tar.gz)
    Source code(zip)
  • v0.21.0-alpha.1(Aug 10, 2021)

    0.21.0 (unreleased)

    Added

    • (client) new zone_transfer method for AXFR and IXFR use cases, client only (@trinity-1686a) #1478
    • (client) Flag for use_edns configuration on AsyncClient (@astro) #1492
    • (client) support for TSIG authentication (@trinity-1686a) #1459

    Changed

    • (resolver) on REFUSED (and other negative) response(s), fall back to other nameservers (@peterthejohnston) #1513 #1526
    • (client) the feature dnssec is no longer enabled by default, use dnssec-ring or dnssec-openssl #1506
    • (server) dnssec functions of Authority moved into DnsSecAuthority #1506
    • (all) Most public enum types are now marked #[non_exaustive] #1426
    • (resolver) DnsRequestOptions and ResolverOpts now #[non_exaustive] #1426
    • (proto) all I/O Streams now use BufDnsStreamHandle rather than generic DnsStreamHandle #1433
    • (proto) DnsResponse response now contains only a single Response #1433
    • (proto) Name::append_name and Name::append_domain now properly fallible when name is too long #1448
    • (resolver) special handling of the onion. TLD added to static resolution with negative responses (@trinity-1686a) #1479
    • (proto) internal Futures converted to Streams to support multiple responses, e.g. AXFR (@trinity-1686a) #1478
    • (proto) renamed Signer to SigSigner to differentiate from TSigner #1498

    Removed

    • (proto) removed RecordType::DNSSEC and moved all variants of DNSSECRecordType into RecordType #1506
    • (proto) removed BufStreamHandle and StreamHandle #1433
    • (response) disabled mdns to work on a new solution #1433

    Fixed

    • (proto) Panic when name exceeds maximal domain name length during display #1447
    Source code(tar.gz)
    Source code(zip)
  • v0.20.3(May 15, 2021)

  • v0.20.2(Apr 20, 2021)

  • v0.20.1(Mar 16, 2021)

    0.20.1

    Added

    • (proto) HINFO record type support (@vlad20012) #1361
    • (proto) proto: add into_parts methods (@leshow) #1397
    • (proto) new HTTPS and SVCB record types #1402
    • (resolver) predefined Quad9 HTTPS resolver configuration (@zonyitoo) #1413

    Fixed

    • (proto) Don't kill a DnsExchangeBackground if a receiver is gone (see #1276) (@djc) #1356
    • (proto) Take the current header truncated bit into account (@ilaidlaw) #1384

    Changed

    • (async-std-resolver) Re-export AsyncStdConnection(Provider) (@romanb) #1354
    • (proto) Mutate edns & remove edns options (@leshow) #1363
    • (proto) Change Edns set_* to -> &mut Self (@leshow) #1369
    • (resolver) Enable RuntimeProvider in DoT implementations (@chengyuhui) #1373
    • (proto) Optimize name parsing (@saethlin) #1388
    • (proto) Remove a lot of bounds checks in BinDecoder by tracking position with a second slice (@saethlin) #1399
    • (proto) Make errors/error reporting more lightweight (@saethlin) #1409
    Source code(tar.gz)
    Source code(zip)
  • v0.19.7(Mar 10, 2021)

  • v0.20.0(Dec 29, 2020)

    0.20.0

    Changed

    • (all) upgraded to Tokio 1.0 (@messense) #1330 (0.3 updates in #1262)
    • (proto) Add serde support for the RecordType in the proto crate (@LEXUGE) #1319
    • (https) dns_hostname args all are Arc<str> rather than Arc<String>, use Arc::from
    • (proto) Set TCP_NODELAY when building a TCP connection (@djc) #1249
    • (all) BREAKING The UdpSocket trait has grown an associated Time type.
    • (all) BREAKING The Connect trait has lost its Transport associated type, instead relying on the Self type.
    • (all) BREAKING Introduced a new DnsTcpStream trait, which is now a bound for implementing the Connect trait.
    • (resolver) BREAKING Move CachingClient from lookup_state to caching_client module
    • (resolver) BREAKING Move ResolverOpts::distrust_nx_responses to NameServerConfig::trust_nx_responses (@djc) #1212
    • (proto) data-encoding is now a required dependency #1208
    • (all) minimum rustc version now 1.45
    • (resolver) For all NxDomain and NoError/NoData responses, ResolveErrorKind::NoRecordsFound will be returned #1197
    • (server) Support for lowercase DNSClass and RecordType fields in zonefiles (@zhanif3) #1186
    • (resolver) Make EDNS optional for resolvers (@CtrlZvi) #1173
    • (all) Fully support ring for all DNSSEC operations. #1145
    • (all) No more master (branch, moved to main) slave, in honor of Juneteenth #1141
    • (all) Minimize futures dependencies (@JohnTitor) #1109
    • (proto) increases the UDP buffer size from 2048 to 4096 to allow larger payloads (@DevQps) #1096
    • (resolver) use IntoName trait on synchronous resolver interface (@krisztian-kovacs) #1095
    • (resolver) BREAKING removed async for AsyncResolver::new (@balboah) #1077 #1056
    • (server) BREAKING removed Runtime from ServerFuture::register_socket (@LucioFranco) #1088 #1087
    • (proto) Breaking Adjust the return value from ResponseCode::high from u16 to u8 #1202

    Fixed

    • (client) Support reading the root hints file (@mattias-p) #1261
    • (resolver) Fix Glue records resolving (@wavenator) #1188
    • (resolver) Only fall back on TCP if cons are available (@lukaspustina) #1181
    • (proto) fix empty option at end of edns (@jonasbb) #1143, #744
    • (resolver) Return REFUSED instead of NXDOMAIN when server is not an authority (@AnIrishDuck) #1137
    • (resolver) forwarder: return NXDomain on e.is_nx_domain() (@balboah) #1123
    • (resolver) Regards NXDomain and NoError empty responses as errors (continues searching for records), #1086 #933

    Added

    • (util) new Add resolve.rs as CLI for trust-dns-resolver #1208
    • (proto) Added proper zone display to all RData as an impl of Display #1208
    • (proto) xfer::dns_response::NegativeType and DnsResponse::negative_type to classify negative response type #1197
    • (proto) DnsResponse::contains_answer to determine if a response message has data related to the query #1197
    • (proto) RecordType::is_soa and RecordType::is_ns to easily check for these types #1197
    • (proto) Message::all_sections to allow iteration over all Records in all sections in a Message #1197
    • (proto) Message::take_queries to remove from a Message without requiring clone #1197
    • (proto) DnsHandle::Error associated type to support generic errors across trust-dns libraries #1197
    • (resolver) Add support for tlsa RRs in trust_dns_resolver (@smutt) #1189
    • (resolver) Support pointer ending label compression (@jacoblin1994) #1182
    • (proto) Keep OS error information on io::Error (@brunowonka) #1163
    • (proto) Support mDNS cache-flush bit (@fluxxu) #1144
    • (proto) Allow creating TXT Rdata with binary data (@bltavares) #1125
    • (proto) Add mutable access to Message fields (@leshow) #1118
    • (proto) Add Name.parse_ptr_name, to IP address (@Mygod) #1107
    • (resolver) Allow HTTPS to be generic over Runtime (@balboah) #1077 #1074
    Source code(tar.gz)
    Source code(zip)
  • 0.19.6(Nov 13, 2020)

  • v0.20.0-alpha.3(Oct 25, 2020)

    Changed

    • (proto) Set TCP_NODELAY when building a TCP connection (@djc) #1249
    • (all) BREAKING The UdpSocket trait has grown an associated Time type.
    • (all) BREAKING The Connect trait has lost its Transport associated type, instead relying on the Self type.
    • (all) BREAKING Introduced a new DnsTcpStream trait, which is now a bound for implementing the Connect trait.
    • (resolver) BREAKING Move CachingClient from lookup_state to caching_client module
    • (resolver) BREAKING Move ResolverOpts::distrust_nx_responses to NameServerConfig::trust_nx_responses (@djc) #1212
    • (proto) data-encoding is now a required dependency #1208

    Fixed

    • (client) Support reading the root hints file (@mattias-p) #1261

    Added

    • (util) new Add resolve.rs as CLI for trust-dns-resolver #1208
    • (proto) Added proper zone display to all RData as an impl of Display #1208
    Source code(tar.gz)
    Source code(zip)
  • v0.20.0-alpha.2(Sep 16, 2020)

    0.20.0 (unreleased) see previous release notes for all 0.20.0 changes

    Changed

    • (all) minimum rustc version now 1.42
    • (resolver) For all NxDomain and NoError/NoData responses, ResolveErrorKind::NoRecordsFound will be returned #1197
    • (proto) Breaking Adjust the return value from ResponseCode::high from u16 to u8 #1202

    Added

    • (proto) xfer::dns_response::NegativeType and DnsResponse::negative_type to classify negative response type #1197
    • (proto) DnsResponse::contains_answer to determine if a response message has data related to the query #1197
    • (proto) RecordType::is_soa and RecordType::is_ns to easily check for these types #1197
    • (proto) Message::all_sections to allow iteration over all Records in all sections in a Message #1197
    • (proto) Message::take_queries to remove from a Message without requiring clone #1197
    • (proto) DnsHandle::Error associated type to support generic errors across trust-dns libraries #1197
    Source code(tar.gz)
    Source code(zip)
  • v0.20.0-alpha.1(Aug 17, 2020)

    0.20.0 (unreleased)

    Changed

    • (server) Support for lowercase DNSClass and RecordType fields in zonefiles (@zhanif3) #1186
    • (resolver) Make EDNS optional for resolvers (@CtrlZvi) #1173
    • (all) Fully support ring for all DNSSEC operations. #1145
    • (all) No more master (branch, moved to main) slave, in honor of Juneteenth #1141
    • (all) Minimize futures dependencies (@JohnTitor) #1109
    • (proto) increases the UDP buffer size from 2048 to 4096 to allow larger payloads (@DevQps) #1096
    • (resolver) use IntoName trait on synchronous resolver interface (@krisztian-kovacs) #1095
    • (resolver) BREAKING removed async for AsyncResolver::new (@balboah) #1077 #1056
    • (server) BREAKING removed Runtime from ServerFuture::register_socket (@LucioFranco) #1088 #1087

    Fixed

    • (resolver) Fix Glue records resolving (@wavenator) #1188
    • (resolver) Only fall back on TCP if cons are available (@lukaspustina) #1181
    • (proto) fix empty option at end of edns (@jonasbb) #1143, #744
    • (resolver) Return REFUSED instead of NXDOMAIN when server is not an authority (@AnIrishDuck) #1137
    • (resolver) forwarder: return NXDomain on e.is_nx_domain() (@balboah) #1123
    • (resolver) Regards NXDomain and NoError empty responses as errors (continues searching for records), #1086 #933

    Added

    • (resolver) Add support for tlsa RRs in trust_dns_resolver (@smutt) #1189
    • (resolver) Support pointer ending label compression (@jacoblin1994) #1182
    • (proto) Keep OS error information on io::Error (@brunowonka) #1163
    • (proto) Support mDNS cache-flush bit (@fluxxu) #1144
    • (proto) Allow creating TXT Rdata with binary data (@bltavares) #1125
    • (proto) Add mutable access to Message fields (@leshow) #1118
    • (proto) Add Name.parse_ptr_name, to IP address (@Mygod) #1107
    • (resolver) Allow HTTPS to be generic over Runtime (@balboah) #1077 #1074
    Source code(tar.gz)
    Source code(zip)
  • 0.19.5(Apr 28, 2020)

  • 0.19.4(Apr 12, 2020)

    0.19.4

    Fixed

    • (resolver) properly reuse connections, for TCP, TLS, and HTTPS #1058

    Added

    • (resolver) option to include intermediate (CNAME) records in results (@balboah) #1028
    • (async-std-resolver) added implementation for async-std! woohoo! (@belak) #1067 #1051 #926
    • (server) add support for $INCLUDE in zone files (@kachayev) #1027
    • (proto) exposed LabelIter from Name (@avitex) #1064

    Changed

    • (all) updated rustls to 0.17
    • (all) updated tokio-rustls to 0.13
    • (all) min rustc compiler version now 1.40
    Source code(tar.gz)
    Source code(zip)
  • 0.19.3(Feb 15, 2020)

    0.19.3

    Changes

    • (all) update all dependencies
    • (all) minimize futures dependency to std features (@antonylsg) #1003
    • (all) cleanup clippy warnings for Rust v.1.41 #1008
    • (proto) make all fields public on ResolverOpts for ease of use (@ackintosh) #1009

    0.19.2

    Changes

    • (resolver) make system config loading optional to support fuchsia (@chunyingw) #996

    0.19.1

    Changes

    • (resolver) dependency on trust-dns-proto no is no-default-features (@chunyingw) #993
    Source code(tar.gz)
    Source code(zip)
  • 0.19.0(Jan 16, 2020)

    0.19.0

    Changes

    • (resolver) AsyncResolver abstract over RuntimeProvider (@chunyingw) #975
    • (resolver) TokioAsyncResolver implementation now has default methods that have a default Handle::current set TokioAsyncResolver::tokio

    Added

    • (resolver) testing module for generic tests across generic async runtime impls (@chunyingw) #979
    • (proto) support for building into WASM (@moshevds) #987 #990 #991

    Removed

    • (all) failure is no longer used for error types, std::Error impls only
    Source code(tar.gz)
    Source code(zip)
  • 0.18.1(Jan 5, 2020)

  • 0.18(Dec 22, 2019)

    0.18.0

    Changes

    • (all) CHANGELOG.md is now merged from the Resolver crate and the top-level. All notes from the Resolver CHANGELOG were merged into this changelog, with the format ## {version} (Resolver) and the existing notes from the top-level are formatted as ## {version} (Client/Server. This should make notes on releases easier. Going forward the scope of changes across crates will be captured as - ({crate}) {note} where all is used for across the board updates.
    • (all) After the 0.18 release, all crates will be versioned uniformally, and released at the same time, this will resolve some issues around consistency with releases. The final Resolver release before this was 0.12.
    • breaking Generally, any interface that took a 0.1 Future, now returns or consumes a std::future::Future
    • breaking (client) rebranded from trust-dns to trust-dns-client
    • breaking (named) moved from trust-dns-server to trust-dns, in bin/**
    • breaking (all) all internals updated to std::future and async/await (requires Rust 1.39 minimum)
    • breaking (client) AsyncClient now returns a connect future which resolves to the client and it's background.
    • breaking (resolver) AsyncResolver::new changed to AsyncResolver::connect, requires awaiting the returned future
    • (client) ClientFuture renamed to AsyncClient
    • (resolver) AsyncResolver now requires a ConnectionProvider type parameter, see TokioAsyncResolver as a predefined type without it
    • (resolver) Now returns a connect future to connect the start all background tasks
    • (proto, resolver) renamed the tokio-compat feature to tokio-runtime
    • (all) added cargo-make Makefile.toml to support all automation in Github workflow
    • (proto) renamed SecureDnsHandle to DnssecDnsHandle
    • (client) renamed SecureSyncClient to SyncDnssecClient
    • Abstractions around Tokio for generic Executors #960 (@chunyingw)
    • Enable early data on tokio-rustls #911 (@daareiza)

    Fixes

    • (proto) Removed deadlock from UDPSocket stream impl
    • (named) made tests a little more resilient to port stealing
    • (proto) Unknown ResponseCodes will no longer cause a panic

    Removed

    • (client) client::BasicClientHandle, ClientFuture no longer requires Background or the separate Handle, this can generally be replaced with just ClientFuture itself in most use cases.
    • breaking (resolver) Background type removed
    • (resolver) removed deprecated AsyncResolver::lookup_service, see AsyncResolver::lookup_srv
    • (client) removed all deprecated reexports from trust_dns_proto
    • (proto) removed unused xfer::BasicDnsHandle, xfer::MessageStreamHandle
    • (resolver) removed all unused custom LookupFuture types SrvLookupFuture, ReverseLookupFuture, Ipv4LookupFuture, Ipv6LookupFuture, MxLookupFuture, TxtLookupFuture, SoaLookupFuture, NsLookupFuture
    • (resolver) removed Background, BackgroundLookup, and BackgroundLookupIp
    • (resolver|client) DoH no longer sends User-Agent header #962 (@quininer)

    Added

    • (proto) proto now has a testing feature to allow dependencies that might want access to some of the testing harnesses. #936 (@chunyingw)
    Source code(tar.gz)
    Source code(zip)
  • 0.18.0.alpha.2(Dec 6, 2019)

  • r0.12_cs0.17(Oct 28, 2019)

    Resolver 0.12

    • Internal updates related to generification of executors

    Client/Server 0.17.0

    Added

    • (all) Licenses copied into all crates #832 (@divinerapier)
    • UdpSocket for compatibility with Tokio, when not using non-Tokio executors #824 (@chunyingw)
    • Connect for Tcp connection compatibility with Tokio, when not using non-Tokio executors #794 (@chunyingw)

    Changes

    • breaking (client) TcpClientConnect requires generic stream param #794 (@chunyingw)
    • breaking (client) UdpClientStream requires generic socket param #824 (@chunyingw)
    • breaking (proto) UdpStream and UdpClientStream requires generic socket #824 (@chunyingw)
    • breaking (proto) TcpStream and TcpClientStream require generic stream param #794 (@chunyingw)
    • Algorithm::from_u8 is now infallible #800 (@zackangelo)
    • Algorithm::hash_len now returns Option #800 (@zackangelo)

    Removed

    • byteorder dep dropped in favor of std implementations #844 (@lukaslueg)
    Source code(tar.gz)
    Source code(zip)
  • r0.11.1(May 29, 2019)

  • cs0.16.1(May 29, 2019)

  • r0.11(Apr 15, 2019)

    Fixed

    • Ignore UDP responses not from target src address #629 #630 #631 (@aep)
    • Improved NSEC validation of responses #697

    Added

    • New option to execute queries concurrently, default is 2 #615
    • Lookup::record_iter for listing all records returned in request #674
    • NAPTR record data (no additional record processing support) #731

    Changed

    • Added option to distrust Nameservers on SERVFAIL responses, continue resolution #613
    • breaking Record::from_rdata no longer requires RecordType parameter #674
    • LRU cache is now based on Query rather than just name #674
    Source code(tar.gz)
    Source code(zip)
Owner
Benjamin Fry
C/C++ and Java have led me to Rust
Benjamin Fry
DNS resolver for split-horizon scenarios

polyresolver is a resolver for split-horizon scenarios polyresolver is used to root domain names to different nameservers for the purposes of resolvin

Erik Hollensbe 7 Aug 23, 2022
DNS Server written in Rust for fun, see https://dev.to/xfbs/writing-a-dns-server-in-rust-1gpn

DNS Fun Ever wondered how you can write a DNS server in Rust? No? Well, too bad, I'm telling you anyways. But don't worry, this is going to be a fun o

Patrick Elsen 26 Jan 13, 2023
Obtain (wildcard) certificates from let's encrypt using dns-01 without the need for API access to your DNS provider.

Agnos Presentation Agnos is a single-binary program allowing you to easily obtain certificates (including wildcards) from Let's Encrypt using DNS-01 c

Arthur Carcano 246 Dec 20, 2022
RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust. 🦀

Information: RDE1 is an old personal project (end 2022) that I didn't continue development on. It's part of a list of projects that helped me to learn

Quentin Texier (g0h4n) 32 Oct 6, 2023
SOCKS5 implement library, with some useful utilities such as dns-query, socks5-server, dns2socks, udp-client, etc.

socks5-impl Fundamental abstractions and async read / write functions for SOCKS5 protocol and Relatively low-level asynchronized SOCKS5 server impleme

null 5 Aug 3, 2023
Minimal DNS server built in Rust with rule system and logging.

MinDNS MinDNS is a minimal DNS server written in Rust. It is intended to be used as a firewall, black-hole or proxy DNS server. ⚡ Features Fully async

Sammwy 142 Oct 23, 2023
Command-line DNS client using bitvec, nom and RFC 1035

Dingo Domain INformation Gatherer, Obviously. Installation Install cargo, see instructions on the Rust website Run ./install.sh (it just does cargo bu

Adam Chalmers 94 Oct 18, 2022
A primitive DNS server written in Rust for fun.

vòdo A primitive DNS server written in Rust for fun. @lucavallin ➜ /workspaces/vodo (main) $ ./target/debug/vodo -h A primitive DNS server written in

Luca Cavallin 3 Jul 27, 2023
Third party Google DNS client for rust.

google-dns-rs Documentation Install Add the following line to your Cargo.toml file: google-dns-rs = "0.3.0" Usage use google_dns_rs::api::{Dns, DoH, R

Eduardo Stuart 2 Nov 13, 2021
Resolved - a simple DNS server for home networks

resolved resolved (pronounced "resolved", not "resolved") is a simple DNS server for home networks. To that end, it supports: Recursive and non-recurs

Michael Walker 17 Sep 27, 2022
Dropping GFW DNS contaminated packets based on Rust + eBPF

Dropping GFW DNS contaminated packets based on Rust + eBPF

ihc童鞋@提不起劲 1k Jan 3, 2023
Userspace libpcap-based tool to mirror your dns traffic

DNS traffic mirroring tool (dns-mirror) Description Userspace libpcap-based tool. dns-mirror sniffs dns packets on the given interface and proxies it

Timofey 1 Mar 15, 2022
Dns subdomain finding tool, based off of the c application of the same name

dnsmap-rs Tool for brute-forcing/scanning for existing subdomains in a domain. Based on dnsmap c application that is packaged in kali linux. Can query

Tomás Alvarez 3 Oct 19, 2022
Acts as an IRC server and a nostr client. Connect with your IRC client using your nostr private key as the password.

nostr-irc Acts as an IRC server and a nostr client. Connect with your IRC client using your nostr private key as the password. Experimental code, use

null 11 Dec 26, 2022
QUIC proxy that allows to use QUIC to connect to an SSH server without needing to patch the client or the server.

quicssh-rs ?? quicssh-rs is a QUIC proxy that allows to use QUIC to connect to an SSH server without needing to patch the client or the server. quicss

Jun Ouyang 18 May 5, 2023
Library + CLI-Tool to measure the TTFB (time to first byte) of HTTP requests. Additionally, this crate measures the times of DNS lookup, TCP connect and TLS handshake.

TTFB: CLI + Lib to Measure the TTFB of HTTP/1.1 Requests Similar to the network tab in Google Chrome or Mozilla Firefox, this crate helps you find the

Philipp Schuster 24 Dec 1, 2022
Flexible DNS hijacking and proxy tool.

kungfu Flexible DNS hijacking and proxy tool. Features Flexible rules e.g. glob pattern domain, static routes, response CIDR Host file include /etc/ho

yinheli 30 Dec 22, 2022
Utility for working with reverse DNS

RDNS RDNS is a small Rust CLI utility for performing single and bulk reverse DNS (PTR) lookups. Usage RDNS 0.1.0 Joe Banks <[email protected]> Utilities for

Joe Banks 2 Sep 22, 2021
Implementation of algorithms for Domain Name System (DNS) Cookies construction

DNS Cookie RFC7873 left the construction of Server Cookies to the discretion of the DNS Server (implementer) which has resulted in a gallimaufry of di

Rushmore Mushambi 2 Feb 4, 2022