Check out our GitHub!

Hickory DNS

v0.25.0-alpha.2

v0.25.0-alpha.2 Aug 6 2024 at 15:25 UTC

0.25.0

Fixed

  • (build) Suppress implicit features from optional dependencies #2337 by djc
  • (recursor) Fix SOA referrals #2331 by marcus0x62
  • (all) Update OpenSSL to fix security issue #2316 by justahero
  • (recursor) fix DNSSEC validation of NS somedomain.com. #2300 by japaric
  • (recursor) DnssecDnsHandle: do not recurse infinitely when query DS . fails #2271 by japaric
  • (recursor) answer with SERVFAIL when DNSSEC validation fails #2286 by japaric
  • (tests) Assert status for every NSEC3 test #2254 by pvdrz
  • (tests) dns-test: make unit tests use the checked out version of this repo #2268 by japaric
  • (tests) just: warn when the index is dirty and DNS_TEST_SUBJECT=hickory #2267 by japaric
  • (recursor) strip dnssec records on cache hit #2245 by japaric
  • (build) make just to compile bind #2248 by sabify
  • (recursor) send DS queries to the parent zone #2203 by japaric
  • (docs) add RFC2931 SIG(0) as supported #2216 by bluejekyll
  • (recursor) respect DO bit in incoming queries #2196 by japaric
  • (docs) doc: fix misc typos in md files #2198 by divagant-martian
  • (test) update ip of example.com #2187 by situ2001
  • (all) Update mio to 0.8.11 to fix RUSTSEC-2024-0019 #2166 by marcus0x62
  • (proto) Fix formatting issue in crates/proto/src/op/message.rs #2165 by marcus0x62
  • (proto) fix internal representation of OPT #2151 by esensar
  • (proto) ECH service parameter key corrected from "echconfig" to "ech" #2183 by cpu
  • (proto) SVCB/HTTPS record parsing fixes (quoted values, arbitrary numeric keys, lists containing delim) #2183 by cpu

Changed

  • (resolver) only retry I/O errors over TCP #2336 by lrouquette
  • (proto) Simplify TBS construction API #2335 by djc
  • (recursor) take is_subzone() arguments as &Name #2334 by djc
  • (proto) Use SerialNumber type for signature timestamps #2318 by justahero
  • (recursor) Improve recursor logic by eliminating redundant NS requests and adding recursor support for NS referrals. #2325 by marcus0x62
  • (resolver) Return error when no nameservers in resolv.conf #2327 by dav1do
  • (resolver) Make QuicSocketBinder as public as RuntimeProvider #2328 by mokeyish
  • (resolver) Make sure Lookup futures are Sync #2326 by djc
  • (server) leave query/opt in truncated msg #2307 by leshow
  • (tests) justfile: use --locked to stick with Cargo.lock dependencies #2323 by djc
  • (proto) Allow to modify a RRSIG record before signing #2315 by justahero
  • (all) Bump MSRV to 1.70 #2322 by djc
  • (recursor) Adjust TTL of RRSIG + RR during validation #2311 by justahero
  • (resolver) avoid moving self in read_hosts_conf(reading from multiple files)#2314 by mokeyish
  • (tests) dns-test: cache target directory across docker build invocations #2305 by japaric
  • (server) empty the answer section when DNSSEC validation fails #2304 by japaric
  • (tests) Adjust timestamps to pass unbound validation result #2303 by justahero
  • (recursor) validating recursor: return answer from cache #2297 by japaric
  • (proto) DnssecDnsHandle: also update the RRSIG's proof #2293 by japaric
  • (recursor) put tokio::test behind cfg attribute #2291 by japaric
  • (resolver) Refactor start method in Resolver #2281 by justahero
  • (server) improved server binary, added config validation and control over protocols #2247 by sabify
  • (tests) dns-test: use non-deprecated algorithm (RSASHA256) #2258 by japaric
  • (recursor) Recursor::resolve: reject queries with relative domain names #2246
  • (tests) CI: also run hickory unit tests when only /conformance changes #2269 by japaric
  • (all) Upgrade to rustls 0.23, quinn 0.11, etc #2217 by djc
  • (proto) DnssecDnsHandle: check RRSIG validity as per RFC4035 #2213 by japaric
  • (proto) NextRandomUdpSocket: fall back to port 0 if no port was found #2260 by Luap99
  • (tests) dns-test: do not run docker network create in parallel #2265 by japaric
  • (resolver) DnsLru: cache RRSIG records together with the record they cover #2239 by japaric
  • (proto) dns-test: make NameServer's FQDN more stable #2235 by japaric
  • (proto) refactor the Resource data structure #2231 by japaric
  • (tests) Add just recipes to clean leftover containers and networks #2232 by pvdrz
  • (tests) ci: pin nightly version #2224 by japaric
  • (server) cargo: Enable LTO on release build #2141 by jpds
  • (resolver) Retry tcp on udp io errors #2215 by bluejekyll
  • (recursor) tweaks for security awareness #2208 by djc
  • (all) address new clippy lint assigning-clones #2205 by divagant-martian
  • (proto) error: wrap io::Error in Arc for clone #2181 by cpu
  • (resolver) err for dns-over-rustls w/o roots #2179 by cpu
  • (resolver) Forward hickory-dns's root cert features to hickory-resolver #2153 by hch12907
  • (proto) Better DNSSEC proofs #2084 by bluejekyll
  • (proto) update version for http/h2/h3 #2138 by zh-jq
  • (server) Use cargo environment variables for path to executable #2130 by sjbronner
  • (proto) Only DNSKEY zone keys are allowed to match DS RR #2131 by justahero
  • (docs) Fix a typo in crate description #2132 by wiktor-k
  • (all) Gate tests on required features #2114 by alexanderkjall
  • (resolver) Fixup lookup docs #2123 by bluejekyll
  • (proto) when comparing IP addresses for UDP, only check IP and Port #2124 by bluejekyll
  • (recursor) Recursor: make nameserver and record cache sizes configurable #2117 by marcus0x62
  • (proto) Validate response query section #2118 by marcus0x62
  • (proto) Increase source port entropy in UDP client #2116 by marcus0x62
  • (all) get(0) to first() and zerocopy package updates to fix clippy and cargo audit errors #2121 by marcus0x62
  • (resolver) Add getters for resolver config and options #2093 by hoxxep
  • (client) updated h2_client_connection and web-pki-roots config #2088 by marcbrevoort-cyberhive
  • (proto) EchConfig renamed to EchConfigList to match content #2183 by cpu
  • (proto) EchConfigList updated to wrap TLS presentation language encoding of content #2183 by cpu

Added

  • (tests) Add information on cargo ws plugin #2319 by justahero
  • (recursor) Add support for PTR query #2308 by mokeyish
  • (tests) add regression test for #2306, #2309 by japaric
  • (tests) Add method to capture expected number of packets #2278 by justahero
  • (tests) test that answer section is empty on failed DNSSEC validation #2302 by japaric
  • (tests) Test invalid signature timestamps in DNSSEC validation #2298 by justahero
  • (tests) test caching of chain of trust link #2289 by japaric
  • (tests) test that DO=1 does not change the outcome of DNSSEC validation #2287 by japaric
  • (tests) Add test to check cache hit with DO bit #2280 by justahero
  • (tests) test caching of DNSSEC validation and of DNSSEC records #2244 by japaric
  • (recursor) add DNSSEC validation to the recursive resolver #2253
  • (proto) add a trust anchor file parser #2257 by japaric
  • (tests) just: document conformance-* tasks #2266 by japaric
  • (tests) Add conformance tests for NSEC3 #2238 by pvdrz
  • (tests) import DNSSEC conformance test suite repository #2222 by japaric
  • (client) Adds deref call in assertion for hickory-client README example #2173 by akappel
  • (proto) Make hickory_proto::h3::H3ClientStream Clonable #2182 by 0xffffharry
  • (proto) Make hickory_proto::quic::QuicClientStream Clonable #2176 by 0xffffharry
  • (proto) feat: add setter methods for Message struct to improve configurability #2147 by situ2001
  • (proto) add getter/setter methods to ClientSubnet #2146 by leshow
  • (server) Add option to specify a restricted set of networks capable of accessing the Hickory DNS server #2126 by bluejekyll
  • (recursor) Bailiwick checking for the recursor #2119 by marcus0x62
  • (proto) Support getting and setting the EDNS Z flags #2111 by mattias-p

Removed

  • (all) Remove broken mtls code to fix CI #2218 by djc
  • (proto) Remove generic Error from DnsHandle #2094 by bluejekyll

0.24.1

Fixed

  • (proto) Break when socket is unexpectedly shut down #2171 by dlon