Hickory DNS
v0.25.0-alpha.2
v0.25.0-alpha.2
Aug 6 2024 at 15:25 UTC
0.25.0
Fixed
- (build) Suppress implicit features from optional dependencies #2337 by djc
- (recursor) Fix SOA referrals #2331 by marcus0x62
- (all) Update OpenSSL to fix security issue #2316 by justahero
- (recursor) fix DNSSEC validation of NS somedomain.com. #2300 by japaric
- (recursor) DnssecDnsHandle: do not recurse infinitely when query DS . fails #2271 by japaric
- (recursor) answer with SERVFAIL when DNSSEC validation fails #2286 by japaric
- (tests) Assert status for every NSEC3 test #2254 by pvdrz
- (tests) dns-test: make unit tests use the checked out version of this repo #2268 by japaric
- (tests) just: warn when the index is dirty and DNS_TEST_SUBJECT=hickory #2267 by japaric
- (recursor) strip dnssec records on cache hit #2245 by japaric
- (build) make just to compile bind #2248 by sabify
- (recursor) send DS queries to the parent zone #2203 by japaric
- (docs) add RFC2931 SIG(0) as supported #2216 by bluejekyll
- (recursor) respect DO bit in incoming queries #2196 by japaric
- (docs) doc: fix misc typos in md files #2198 by divagant-martian
- (test) update ip of example.com #2187 by situ2001
- (all) Update mio to 0.8.11 to fix RUSTSEC-2024-0019 #2166 by marcus0x62
- (proto) Fix formatting issue in crates/proto/src/op/message.rs #2165 by marcus0x62
- (proto) fix internal representation of OPT #2151 by esensar
- (proto) ECH service parameter key corrected from "echconfig" to "ech" #2183 by cpu
- (proto) SVCB/HTTPS record parsing fixes (quoted values, arbitrary numeric keys, lists containing delim) #2183 by cpu
Changed
- (resolver) only retry I/O errors over TCP #2336 by lrouquette
- (proto) Simplify TBS construction API #2335 by djc
- (recursor) take is_subzone() arguments as &Name #2334 by djc
- (proto) Use SerialNumber type for signature timestamps #2318 by justahero
- (recursor) Improve recursor logic by eliminating redundant NS requests and adding recursor support for NS referrals. #2325 by marcus0x62
- (resolver) Return error when no nameservers in resolv.conf #2327 by dav1do
- (resolver) Make QuicSocketBinder as public as RuntimeProvider #2328 by mokeyish
- (resolver) Make sure Lookup futures are Sync #2326 by djc
- (server) leave query/opt in truncated msg #2307 by leshow
- (tests) justfile: use --locked to stick with Cargo.lock dependencies #2323 by djc
- (proto) Allow to modify a RRSIG record before signing #2315 by justahero
- (all) Bump MSRV to 1.70 #2322 by djc
- (recursor) Adjust TTL of RRSIG + RR during validation #2311 by justahero
- (resolver) avoid moving self in read_hosts_conf(reading from multiple files)#2314 by mokeyish
- (tests) dns-test: cache target directory across docker build invocations #2305 by japaric
- (server) empty the answer section when DNSSEC validation fails #2304 by japaric
- (tests) Adjust timestamps to pass unbound validation result #2303 by justahero
- (recursor) validating recursor: return answer from cache #2297 by japaric
- (proto) DnssecDnsHandle: also update the RRSIG's proof #2293 by japaric
- (recursor) put tokio::test behind cfg attribute #2291 by japaric
- (resolver) Refactor start method in Resolver #2281 by justahero
- (server) improved server binary, added config validation and control over protocols #2247 by sabify
- (tests) dns-test: use non-deprecated algorithm (RSASHA256) #2258 by japaric
- (recursor) Recursor::resolve: reject queries with relative domain names #2246
- (tests) CI: also run hickory unit tests when only /conformance changes #2269 by japaric
- (all) Upgrade to rustls 0.23, quinn 0.11, etc #2217 by djc
- (proto) DnssecDnsHandle: check RRSIG validity as per RFC4035 #2213 by japaric
- (proto) NextRandomUdpSocket: fall back to port 0 if no port was found #2260 by Luap99
- (tests) dns-test: do not run docker network create in parallel #2265 by japaric
- (resolver) DnsLru: cache RRSIG records together with the record they cover #2239 by japaric
- (proto) dns-test: make NameServer's FQDN more stable #2235 by japaric
- (proto) refactor the Resource data structure #2231 by japaric
- (tests) Add just recipes to clean leftover containers and networks #2232 by pvdrz
- (tests) ci: pin nightly version #2224 by japaric
- (server) cargo: Enable LTO on release build #2141 by jpds
- (resolver) Retry tcp on udp io errors #2215 by bluejekyll
- (recursor) tweaks for security awareness #2208 by djc
- (all) address new clippy lint assigning-clones #2205 by divagant-martian
- (proto) error: wrap io::Error in Arc for clone #2181 by cpu
- (resolver) err for dns-over-rustls w/o roots #2179 by cpu
- (resolver) Forward hickory-dns's root cert features to hickory-resolver #2153 by hch12907
- (proto) Better DNSSEC proofs #2084 by bluejekyll
- (proto) update version for http/h2/h3 #2138 by zh-jq
- (server) Use cargo environment variables for path to executable #2130 by sjbronner
- (proto) Only DNSKEY zone keys are allowed to match DS RR #2131 by justahero
- (docs) Fix a typo in crate description #2132 by wiktor-k
- (all) Gate tests on required features #2114 by alexanderkjall
- (resolver) Fixup lookup docs #2123 by bluejekyll
- (proto) when comparing IP addresses for UDP, only check IP and Port #2124 by bluejekyll
- (recursor) Recursor: make nameserver and record cache sizes configurable #2117 by marcus0x62
- (proto) Validate response query section #2118 by marcus0x62
- (proto) Increase source port entropy in UDP client #2116 by marcus0x62
- (all) get(0) to first() and zerocopy package updates to fix clippy and cargo audit errors #2121 by marcus0x62
- (resolver) Add getters for resolver config and options #2093 by hoxxep
- (client) updated h2_client_connection and web-pki-roots config #2088 by marcbrevoort-cyberhive
- (proto) EchConfig renamed to EchConfigList to match content #2183 by cpu
- (proto) EchConfigList updated to wrap TLS presentation language encoding of content #2183 by cpu
Added
- (tests) Add information on cargo ws plugin #2319 by justahero
- (recursor) Add support for PTR query #2308 by mokeyish
- (tests) add regression test for #2306, #2309 by japaric
- (tests) Add method to capture expected number of packets #2278 by justahero
- (tests) test that answer section is empty on failed DNSSEC validation #2302 by japaric
- (tests) Test invalid signature timestamps in DNSSEC validation #2298 by justahero
- (tests) test caching of chain of trust link #2289 by japaric
- (tests) test that DO=1 does not change the outcome of DNSSEC validation #2287 by japaric
- (tests) Add test to check cache hit with DO bit #2280 by justahero
- (tests) test caching of DNSSEC validation and of DNSSEC records #2244 by japaric
- (recursor) add DNSSEC validation to the recursive resolver #2253
- (proto) add a trust anchor file parser #2257 by japaric
- (tests) just: document conformance-* tasks #2266 by japaric
- (tests) Add conformance tests for NSEC3 #2238 by pvdrz
- (tests) import DNSSEC conformance test suite repository #2222 by japaric
- (client) Adds deref call in assertion for hickory-client README example #2173 by akappel
- (proto) Make hickory_proto::h3::H3ClientStream Clonable #2182 by 0xffffharry
- (proto) Make hickory_proto::quic::QuicClientStream Clonable #2176 by 0xffffharry
- (proto) feat: add setter methods for Message struct to improve configurability #2147 by situ2001
- (proto) add getter/setter methods to ClientSubnet #2146 by leshow
- (server) Add option to specify a restricted set of networks capable of accessing the Hickory DNS server #2126 by bluejekyll
- (recursor) Bailiwick checking for the recursor #2119 by marcus0x62
- (proto) Support getting and setting the EDNS Z flags #2111 by mattias-p
Removed
- (all) Remove broken mtls code to fix CI #2218 by djc
- (proto) Remove generic Error from DnsHandle #2094 by bluejekyll
0.24.1
Fixed
- (proto) Break when socket is unexpectedly shut down #2171 by dlon