colin/hickory-dns
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

give trust-dns a logo

Browse Source
This commit is contained in:
Benjamin Fry 2019-01-27 13:09:04 -08:00
parent 182acc682d
commit 24f2ab6baf
44 changed files with 189 additions and 101 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CHANGELOG.md
View File

@ -1,4 +1,4 @@
# Change Log: TRust-DNS
# Change Log: Trust-DNS
All notable changes to this project will be documented in this file.
This project adheres to [Semantic Versioning](http://semver.org/).
@ -87,8 +87,8 @@ This project adheres to [Semantic Versioning](http://semver.org/).
### Added
- TRust-DNS Proto crate to separate server management from base operations #222
- TRust-DNS Util crate for dnssec management tools (@briansmith)
- Trust-DNS Proto crate to separate server management from base operations #222
- Trust-DNS Util crate for dnssec management tools (@briansmith)
- Integration tests for Server to validate all supported DNSSec key types
- *breaking* Common features `dnssec-ring`, `dnssec-openssl`, and `dnssec` across all crates (replaces `openssl` and `ring` features)
- Clarified `tls` feature with `tls-openssl`, and `tls` in server (in preperation for `tls-rustls`)

24
README.md
View File

@ -5,22 +5,24 @@
[![License: Apache 2.0](https://img.shields.io/badge/license-Apache_2.0-blue.svg)](LICENSE-APACHE)
[![Dependabot Status](https://api.dependabot.com/badges/status?host=github&repo=bluejekyll/trust-dns)](https://dependabot.com)
# trust-dns
![Trust-DNS](logo.svg)
A Rust based DNS client and server, built to be safe and secure from the
# Trust-DNS
A Rust based DNS client, server, and Resolver, built to be safe and secure from the
ground up.
This repo consists of multiple crates:
| Library | Status | Description |
|---------|--------|-------------|
| **Proto** | [![](http://meritbadge.herokuapp.com/trust-dns-proto)](https://crates.io/crates/trust-dns-proto) [![trust-dns-proto](https://docs.rs/trust-dns-proto/badge.svg)](https://docs.rs/trust-dns-proto) | Raw DNS library, exposes an unstable API and only for use by the other Trust-DNS libraries, not intended for end-user use. |
| **Client** | [![](http://meritbadge.herokuapp.com/trust-dns)](https://crates.io/crates/trust-dns) [![trust-dns](https://docs.rs/trust-dns/badge.svg)](https://docs.rs/trust-dns) | Used for sending `query`, `update`, and `notify` messages directly to a DNS server. |
| **Server** | [![](http://meritbadge.herokuapp.com/trust-dns-server)](https://crates.io/crates/trust-dns-server) [![trust-dns-server](https://docs.rs/trust-dns-server/badge.svg)](https://docs.rs/trust-dns-server) | Use to host DNS records, this also has a `named` binary for running in a daemon form. |
| **Resolver** | [![](http://meritbadge.herokuapp.com/trust-dns-resolver)](https://crates.io/crates/trust-dns-resolver) [![trust-dns-resolver](https://docs.rs/trust-dns-resolver/badge.svg)](https://docs.rs/trust-dns-resolver) | Utilizes the client library to perform DNS resolution. Can be used in place of the standard OS resolution facilities. |
| **Rustls** | [![](http://meritbadge.herokuapp.com/trust-dns-rustls)](https://crates.io/crates/trust_dns_rustls) [![trust-dns-rustls](https://docs.rs/trust-dns-rustls/badge.svg)](https://docs.rs/trust-dns-rustls) | Implementation of DNS over TLS protocol using the rustls and ring libraries. |
| **NativeTls** | [![](http://meritbadge.herokuapp.com/trust-dns-native-tls)](https://crates.io/crates/trust_dns_native_tls) [![trust-dns-native-tls](https://docs.rs/trust-dns-native-tls/badge.svg)](https://docs.rs/trust-dns-native-tls) | Implementation of DNS over TLS protocol using the Host OS' provided default TLS libraries |
| **OpenSsl** | [![](http://meritbadge.herokuapp.com/trust-dns-openssl)](https://crates.io/crates/trust_dns_openssl) [![trust-dns-openssl](https://docs.rs/trust-dns-openssl/badge.svg)](https://docs.rs/trust-dns-openssl) | Implementation of DNS over TLS protocol using OpenSSL |
| Library | Description |
|---------|-------------|
| **Proto** | [![](http://meritbadge.herokuapp.com/trust-dns-proto)](https://crates.io/crates/trust-dns-proto) [![trust-dns-proto](https://docs.rs/trust-dns-proto/badge.svg)](https://docs.rs/trust-dns-proto) Raw DNS library, exposes an unstable API and only for use by the other Trust-DNS libraries, not intended for end-user use. |
| **Client** | [![](http://meritbadge.herokuapp.com/trust-dns)](https://crates.io/crates/trust-dns) [![trust-dns](https://docs.rs/trust-dns/badge.svg)](https://docs.rs/trust-dns) Used for sending `query`, `update`, and `notify` messages directly to a DNS server. |
| **Server** | [![](http://meritbadge.herokuapp.com/trust-dns-server)](https://crates.io/crates/trust-dns-server) [![trust-dns-server](https://docs.rs/trust-dns-server/badge.svg)](https://docs.rs/trust-dns-server) Use to host DNS records, this also has a `named` binary for running in a daemon form. |
| **Resolver** | [![](http://meritbadge.herokuapp.com/trust-dns-resolver)](https://crates.io/crates/trust-dns-resolver) [![trust-dns-resolver](https://docs.rs/trust-dns-resolver/badge.svg)](https://docs.rs/trust-dns-resolver) Utilizes the client library to perform DNS resolution. Can be used in place of the standard OS resolution facilities. |
| **Rustls** | [![](http://meritbadge.herokuapp.com/trust-dns-rustls)](https://crates.io/crates/trust_dns_rustls) [![trust-dns-rustls](https://docs.rs/trust-dns-rustls/badge.svg)](https://docs.rs/trust-dns-rustls) Implementation of DNS over TLS protocol using the rustls and ring libraries. |
| **NativeTls** | [![](http://meritbadge.herokuapp.com/trust-dns-native-tls)](https://crates.io/crates/trust_dns_native_tls) [![trust-dns-native-tls](https://docs.rs/trust-dns-native-tls/badge.svg)](https://docs.rs/trust-dns-native-tls) Implementation of DNS over TLS protocol using the Host OS' provided default TLS libraries |
| **OpenSsl** | [![](http://meritbadge.herokuapp.com/trust-dns-openssl)](https://crates.io/crates/trust_dns_openssl) [![trust-dns-openssl](https://docs.rs/trust-dns-openssl/badge.svg)](https://docs.rs/trust-dns-openssl) Implementation of DNS over TLS protocol using OpenSSL |
# Goals

4
crates/client/Cargo.toml
View File

@ -6,10 +6,10 @@ authors = ["Benjamin Fry <benjaminfry@me.com>"]
# A short blurb about the package. This is not rendered in any format when
# uploaded to crates.io (aka this is not markdown)
description = """
TRust-DNS is a safe and secure DNS library. This is the Client library with DNSec support.
Trust-DNS is a safe and secure DNS library. This is the Client library with DNSec support.
DNSSec with NSEC validation for negative records, is complete. The client supports
dynamic DNS with SIG0 authenticated requests, implementing easy to use high level
funtions. TRust-DNS is based on the Tokio and Futures libraries, which means
funtions. Trust-DNS is based on the Tokio and Futures libraries, which means
it should be easily integrated into other software that also use those
libraries.
"""

6
crates/client/README.md
View File

@ -1,8 +1,8 @@
# Overview
TRust-DNS is a library which implements the DNS protocol and client side functions.
Trust-DNS is a library which implements the DNS protocol and client side functions.
This library contains basic implementations for DNS record serialization, and communication. It is capable of performing `query`, `update`, and `notify` operations. `update` has been proven to be compatible with `BIND9` and `SIG0` signed records for updates. It is built on top of the [tokio](https://tokio.rs) async-io project, this allows it to be integrated into other systems using the tokio and futures libraries. The TRust-DNS [project](https://github.com/bluejekyll/trust-dns) contains other libraries for DNS: a [resolver library](https://crates.io/crates/trust-dns-resolver) for lookups, a [server library](https://crates.io/crates/trust-dns-server) for hosting zones, and variations on the TLS implementation over [rustls](https://crates.io/crates/trust-dns-rustls) and [native-tls](https://crates.io/crates/trust-dns-native-tls).
This library contains basic implementations for DNS record serialization, and communication. It is capable of performing `query`, `update`, and `notify` operations. `update` has been proven to be compatible with `BIND9` and `SIG0` signed records for updates. It is built on top of the [tokio](https://tokio.rs) async-io project, this allows it to be integrated into other systems using the tokio and futures libraries. The Trust-DNS [project](https://github.com/bluejekyll/trust-dns) contains other libraries for DNS: a [resolver library](https://crates.io/crates/trust-dns-resolver) for lookups, a [server library](https://crates.io/crates/trust-dns-server) for hosting zones, and variations on the TLS implementation over [rustls](https://crates.io/crates/trust-dns-rustls) and [native-tls](https://crates.io/crates/trust-dns-native-tls).
## Features
@ -56,4 +56,4 @@ if let &RData::A(ref ip) = answers[0].rdata() {
## Versioning
TRust-DNS does it's best job to follow semver. TRust-DNS will be promoted to 1.0 upon stabilization of the publicly exposed APIs. This does not mean that TRust-DNS will necessarily break on upgrades between 0.x updates. Whenever possible, old APIs will be deprecated with notes on what replaced those deprecations. TRust-DNS will make a best effort to never break software which depends on it due to API changes, though this can not be guaranteed. Deprecated interfaces will be maintained for at minimum one major release after that in which they were deprecated (where possible), with the exception of the upgrade to 1.0 where all deprecated interfaces will be planned to be removed.
Trust-DNS does it's best job to follow semver. Trust-DNS will be promoted to 1.0 upon stabilization of the publicly exposed APIs. This does not mean that Trust-DNS will necessarily break on upgrades between 0.x updates. Whenever possible, old APIs will be deprecated with notes on what replaced those deprecations. Trust-DNS will make a best effort to never break software which depends on it due to API changes, though this can not be guaranteed. Deprecated interfaces will be maintained for at minimum one major release after that in which they were deprecated (where possible), with the exception of the upgrade to 1.0 where all deprecated interfaces will be planned to be removed.

8
crates/client/src/lib.rs
View File

@ -61,7 +61,7 @@
//!
//! There are two variations of implementations of the Client. The `SyncClient`, a synchronous client, and the `ClientFuture`, a Tokio async client. `SyncClient` is an implementation of the `Client` trait, there is another implementation, `SecureSyncClient`, which validates DNSSec records. For these basic examples we'll only look at the `SyncClient`
//!
//! First we must decide on the type of connection, there are three supported by TRust-DNS today, UDP, TCP and TLS. TLS requires OpenSSL by default, see also [trust-dns-native-tls](https://docs.rs/trust-dns-native-tls) and [trust-dns-rustls](https://docs.rs/trust-dns-rustls) for other TLS options.
//! First we must decide on the type of connection, there are three supported by Trust-DNS today, UDP, TCP and TLS. TLS requires OpenSSL by default, see also [trust-dns-native-tls](https://docs.rs/trust-dns-native-tls) and [trust-dns-rustls](https://docs.rs/trust-dns-rustls) for other TLS options.
//!
//! ## Setup a connection
//!
@ -152,7 +152,7 @@
//! # let conn = UdpClientConnection::new(address).unwrap();
//!
//! // The format of the key is dependent on the KeyPair type, in this example we're using RSA
//! // if the key was generated with BIND, the binary in TRust-DNS client lib `dnskey-to-pem`
//! // if the key was generated with BIND, the binary in Trust-DNS client lib `dnskey-to-pem`
//! // can be used to convert this to a pem file
//! let mut pem = File::open("my_private_key.pem").unwrap();
//! let mut pem_buf = Vec::<u8>::new();
@ -173,7 +173,7 @@
//! Algorithm::RSASHA256,
//! key.to_public_bytes().unwrap());
//!
//! // Create the TRust-DNS SIG(0) signing facility. Generally the signer_name is the label
//! // Create the Trust-DNS SIG(0) signing facility. Generally the signer_name is the label
//! // associated with KEY record in the server.
//! let signer = Signer::sig0(sig0key,
//! key,
@ -202,7 +202,7 @@
//! # }
//! ```
//!
//! *Note*: The dynamic DNS functions defined by TRust-DNS are expressed as atomic operations, but this depends on support of the remote server. For example, the `create` operation shown above, should only succeed if there is no `RecordSet` of the specified type at the specified label. The other update operations are `append`, `compare_and_swap`, `delete_by_rdata`, `delete_rrset`, and `delete_all`. See the documentation for each of these methods on the `Client` trait.
//! *Note*: The dynamic DNS functions defined by Trust-DNS are expressed as atomic operations, but this depends on support of the remote server. For example, the `create` operation shown above, should only succeed if there is no `RecordSet` of the specified type at the specified label. The other update operations are `append`, `compare_and_swap`, `delete_by_rdata`, `delete_rrset`, and `delete_all`. See the documentation for each of these methods on the `Client` trait.
//!
//!
//! ## Async usage

2
crates/client/src/rr/dnssec/keypair.rs
View File

@ -40,7 +40,7 @@ use rr::Name;
/// A public and private key pair, the private portion is not required.
///
/// This supports all the various public/private keys which TRust-DNS is capable of using. Given
/// This supports all the various public/private keys which Trust-DNS is capable of using. Given
/// differing features, some key types may not be available. The `openssl` feature will enable RSA and EC
/// (P256 and P384). The `ring` feature enables ED25519, in the future, Ring will also be used for other keys.
pub enum KeyPair<K> {

4
crates/client/src/serialize/txt/parse_rdata.rs
View File

@ -78,11 +78,11 @@ impl RDataParser for RData {
panic!("RRSIG should be dynamically generated")
} // valid panic, never should happen
RecordType::DNSSEC(DNSSECRecordType::Unknown(code)) => {
panic!("Unknown dnssec record type, if you want to support this type, please file an issue against TRust-DNS: {}", code)
panic!("Unknown dnssec record type, if you want to support this type, please file an issue against Trust-DNS: {}", code)
} // valid panic, never should happen
RecordType::Unknown(code) => {
// TODO: add a way to associate generic record types to the zone
panic!("Unknown record type, if you want to support this type, please file an issue against TRust-DNS: {}", code)
panic!("Unknown record type, if you want to support this type, please file an issue against Trust-DNS: {}", code)
}
RecordType::ZERO => RData::ZERO,
};

2
crates/https/Cargo.toml
View File

@ -6,7 +6,7 @@ authors = ["Benjamin Fry <benjaminfry@me.com>"]
# A short blurb about the package. This is not rendered in any format when
# uploaded to crates.io (aka this is not markdown)
description = """
TRust-DNS is a safe and secure DNS library. This is an extension for the TRust-DNS client to use DNS over HTTPS.
Trust-DNS is a safe and secure DNS library. This is an extension for the Trust-DNS client to use DNS over HTTPS.
"""
# These URLs point to more information about the repository

6
crates/https/README.md
View File

@ -1,9 +1,9 @@
# Overview
TRust-DNS Rustls is a library which implements the DNS over HTTPS protocol and client side functions.
Trust-DNS Rustls is a library which implements the DNS over HTTPS protocol and client side functions.
This library allows for HTTPS connections to be established to remote DNS servers. It can replace the standard `ClientConnection` in the TRust-DNS library. This uses the rustls and h2 libraries for HTTPS communications.
This library allows for HTTPS connections to be established to remote DNS servers. It can replace the standard `ClientConnection` in the Trust-DNS library. This uses the rustls and h2 libraries for HTTPS communications.
## Versioning
TRust-DNS does it's best job to follow semver. TRust-DNS will be promoted to 1.0 upon stabilization of the publicly exposed APIs. This does not mean that TRust-DNS will necessarily break on upgrades between 0.x updates. Whenever possible, old APIs will be deprecated with notes on what replaced those deprecations. TRust-DNS will make a best effort to never break software which depends on it due to API changes, though this can not be guaranteed. Deprecated interfaces will be maintained for at minimum one major release after that in which they were deprecated (where possible), with the exception of the upgrade to 1.0 where all deprecated interfaces will be planned to be removed.
Trust-DNS does it's best job to follow semver. Trust-DNS will be promoted to 1.0 upon stabilization of the publicly exposed APIs. This does not mean that Trust-DNS will necessarily break on upgrades between 0.x updates. Whenever possible, old APIs will be deprecated with notes on what replaced those deprecations. Trust-DNS will make a best effort to never break software which depends on it due to API changes, though this can not be guaranteed. Deprecated interfaces will be maintained for at minimum one major release after that in which they were deprecated (where possible), with the exception of the upgrade to 1.0 where all deprecated interfaces will be planned to be removed.

2
crates/native-tls/Cargo.toml
View File

@ -6,7 +6,7 @@ authors = ["Benjamin Fry <benjaminfry@me.com>"]
# A short blurb about the package. This is not rendered in any format when
# uploaded to crates.io (aka this is not markdown)
description = """
TRust-DNS is a safe and secure DNS library. This is an extension for the TRust-DNS client to use native-tls for TLS.
Trust-DNS is a safe and secure DNS library. This is an extension for the Trust-DNS client to use native-tls for TLS.
"""
# These URLs point to more information about the repository

6
crates/native-tls/README.md
View File

@ -1,9 +1,9 @@
# Overview
TRust-DNS Native-TLS is a library which implements the DNS over TLS protocol and client side functions.
Trust-DNS Native-TLS is a library which implements the DNS over TLS protocol and client side functions.
This library allows for TLS connections to be established to remote DNS servers. It can replace the standard `ClientConnection` in the TRust-DNS library. This allows the host default TLS library to be used for handling TLS communications.
This library allows for TLS connections to be established to remote DNS servers. It can replace the standard `ClientConnection` in the Trust-DNS library. This allows the host default TLS library to be used for handling TLS communications.
## Versioning
TRust-DNS does it's best job to follow semver. TRust-DNS will be promoted to 1.0 upon stabilization of the publicly exposed APIs. This does not mean that TRust-DNS will necessarily break on upgrades between 0.x updates. Whenever possible, old APIs will be deprecated with notes on what replaced those deprecations. TRust-DNS will make a best effort to never break software which depends on it due to API changes, though this can not be guaranteed. Deprecated interfaces will be maintained for at minimum one major release after that in which they were deprecated (where possible), with the exception of the upgrade to 1.0 where all deprecated interfaces will be planned to be removed.
Trust-DNS does it's best job to follow semver. Trust-DNS will be promoted to 1.0 upon stabilization of the publicly exposed APIs. This does not mean that Trust-DNS will necessarily break on upgrades between 0.x updates. Whenever possible, old APIs will be deprecated with notes on what replaced those deprecations. Trust-DNS will make a best effort to never break software which depends on it due to API changes, though this can not be guaranteed. Deprecated interfaces will be maintained for at minimum one major release after that in which they were deprecated (where possible), with the exception of the upgrade to 1.0 where all deprecated interfaces will be planned to be removed.

2
crates/openssl/Cargo.toml
View File

@ -6,7 +6,7 @@ authors = ["Benjamin Fry <benjaminfry@me.com>"]
# A short blurb about the package. This is not rendered in any format when
# uploaded to crates.io (aka this is not markdown)
description = """
TRust-DNS is a safe and secure DNS library. This is an extension for the TRust-DNS client to use tokio-openssl for TLS.
Trust-DNS is a safe and secure DNS library. This is an extension for the Trust-DNS client to use tokio-openssl for TLS.
"""
# These URLs point to more information about the repository

6
crates/openssl/README.md
View File

@ -1,9 +1,9 @@
# Overview
TRust-DNS OpenSSL is a library which implements the DNS over TLS protocol and client side functions.
Trust-DNS OpenSSL is a library which implements the DNS over TLS protocol and client side functions.
This library allows for TLS connections to be established to remote DNS servers. It can replace the standard `ClientConnection` in the TRust-DNS library. This uses OpenSSL library for all TLS communications.
This library allows for TLS connections to be established to remote DNS servers. It can replace the standard `ClientConnection` in the Trust-DNS library. This uses OpenSSL library for all TLS communications.
## Versioning
TRust-DNS does it's best job to follow semver. TRust-DNS will be promoted to 1.0 upon stabilization of the publicly exposed APIs. This does not mean that TRust-DNS will necessarily break on upgrades between 0.x updates. Whenever possible, old APIs will be deprecated with notes on what replaced those deprecations. TRust-DNS will make a best effort to never break software which depends on it due to API changes, though this can not be guaranteed. Deprecated interfaces will be maintained for at minimum one major release after that in which they were deprecated (where possible), with the exception of the upgrade to 1.0 where all deprecated interfaces will be planned to be removed.
Trust-DNS does it's best job to follow semver. Trust-DNS will be promoted to 1.0 upon stabilization of the publicly exposed APIs. This does not mean that Trust-DNS will necessarily break on upgrades between 0.x updates. Whenever possible, old APIs will be deprecated with notes on what replaced those deprecations. Trust-DNS will make a best effort to never break software which depends on it due to API changes, though this can not be guaranteed. Deprecated interfaces will be maintained for at minimum one major release after that in which they were deprecated (where possible), with the exception of the upgrade to 1.0 where all deprecated interfaces will be planned to be removed.

2
crates/proto/Cargo.toml
View File

@ -6,7 +6,7 @@ authors = ["Benjamin Fry <benjaminfry@me.com>"]
# A short blurb about the package. This is not rendered in any format when
# uploaded to crates.io (aka this is not markdown)
description = """
TRust-DNS is a safe and secure DNS library. This is the foundational DNS protocol library for all TRust-DNS projects.
Trust-DNS is a safe and secure DNS library. This is the foundational DNS protocol library for all Trust-DNS projects.
"""
# These URLs point to more information about the repository

6
crates/proto/README.md
View File

@ -1,9 +1,9 @@
# Overview
TRust-DNS Proto is the foundational DNS protocol library and implementation for TRust-DNS. It is not expected to be used directly. Please see TRust-DNS [Resolver](https://crates.io/crates/trust-dns-resolver), [Client](https://crates.io/crates/trust-dns), or [Server](https://crates.io/crates/trust-dns-server) for higher level interfaces.
Trust-DNS Proto is the foundational DNS protocol library and implementation for Trust-DNS. It is not expected to be used directly. Please see Trust-DNS [Resolver](https://crates.io/crates/trust-dns-resolver), [Client](https://crates.io/crates/trust-dns), or [Server](https://crates.io/crates/trust-dns-server) for higher level interfaces.
*WARNING* The Proto crate is designed as an internal layer in the TRust-DNS ecosystem, it will change potentially in breaking ways, and should not generally be used directly. Please see the Resolver, Client or Server for more stable interfaces.
*WARNING* The Proto crate is designed as an internal layer in the Trust-DNS ecosystem, it will change potentially in breaking ways, and should not generally be used directly. Please see the Resolver, Client or Server for more stable interfaces.
## Versioning
TRust-DNS does it's best job to follow semver. TRust-DNS will be promoted to 1.0 upon stabilization of the publicly exposed APIs. This does not mean that TRust-DNS will necessarily break on upgrades between 0.x updates. Whenever possible, old APIs will be deprecated with notes on what replaced those deprecations. TRust-DNS will make a best effort to never break software which depends on it due to API changes, though this can not be guaranteed. Deprecated interfaces will be maintained for at minimum one major release after that in which they were deprecated (where possible), with the exception of the upgrade to 1.0 where all deprecated interfaces will be planned to be removed.
Trust-DNS does it's best job to follow semver. Trust-DNS will be promoted to 1.0 upon stabilization of the publicly exposed APIs. This does not mean that Trust-DNS will necessarily break on upgrades between 0.x updates. Whenever possible, old APIs will be deprecated with notes on what replaced those deprecations. Trust-DNS will make a best effort to never break software which depends on it due to API changes, though this can not be guaranteed. Deprecated interfaces will be maintained for at minimum one major release after that in which they were deprecated (where possible), with the exception of the upgrade to 1.0 where all deprecated interfaces will be planned to be removed.

2
crates/proto/src/lib.rs
View File

@ -9,7 +9,7 @@
#![warn(missing_docs)]
#![recursion_limit = "2048"]
//! TRust-DNS Protocol library
//! Trust-DNS Protocol library
extern crate byteorder;
#[cfg(feature = "dnssec")]

2
crates/proto/src/rr/dnssec/rdata/key.rs
View File

@ -588,7 +588,7 @@ pub enum Protocol {
/// Reserved for use with email
#[deprecated = "Deprecated by RFC3445"]
Email,
/// Reserved for use with DNSSec (TRust-DNS only supports DNSKEY with DNSSec)
/// Reserved for use with DNSSec (Trust-DNS only supports DNSKEY with DNSSec)
DNSSec,
/// Reserved to refer to the Oakley/IPSEC
#[deprecated = "Deprecated by RFC3445"]

20
crates/proto/src/rr/rdata/caa.rs
View File

@ -234,7 +234,7 @@ pub enum Property {
/// policy violation. The Incident Object Description Exchange Format
/// (IODEF) format is used [RFC5070].
Iodef,
/// Unknown format to TRust-DNS
/// Unknown format to Trust-DNS
Unknown(String),
}
@ -275,7 +275,7 @@ impl Property {
}
}
/// true if the property is not known to TRust-DNS
/// true if the property is not known to Trust-DNS
pub fn is_unknown(&self) -> bool {
if let Property::Unknown(_) = *self {
true
@ -314,7 +314,7 @@ pub enum Value {
Issuer(Option<Name>, Vec<KeyValue>),
/// Url to which to send CA errors
Url(Url),
/// Unrecognized tag and value by TRust-DNS
/// Unrecognized tag and value by Trust-DNS
Unknown(Vec<u8>),
}
@ -605,7 +605,7 @@ pub fn read_issuer(bytes: &[u8]) -> ProtoResult<(Option<Name>, Vec<KeyValue>)> {
key_values
}
ParseNameKeyPairState::Key { key, .. } => {
return Err(format!("key missing value: {}", key).into())
return Err(format!("key missing value: {}", key).into());
}
};
@ -780,7 +780,8 @@ fn read_tag(decoder: &mut BinDecoder, len: Restrict<u8>) -> ProtoResult<String>
.verify_unwrap(|ch| match ch {
'a'...'z' | 'A'...'Z' | '0'...'9' => true,
_ => false,
}).map_err(|_| ProtoError::from("CAA tag character(s) out of bounds"))?;
})
.map_err(|_| ProtoError::from("CAA tag character(s) out of bounds"))?;
tag.push(ch);
}
@ -802,7 +803,8 @@ fn emit_tag(buf: &mut [u8], tag: &Property) -> ProtoResult<u8> {
"insufficient capacity in CAA buffer: {} for tag: {}",
buf.len(),
len
).into());
)
.into());
}
// copy into the buffer
@ -1030,11 +1032,7 @@ mod tests {
fn test_encode_non_fqdn() {
let name_bytes: &[u8] = b"issueexample.com";
let header: &[u8] = &[128, 5];
let encoded: Vec<u8> = header
.iter()
.chain(name_bytes.iter())
.cloned()
.collect();
let encoded: Vec<u8> = header.iter().chain(name_bytes.iter()).cloned().collect();
test_encode(
CAA::new_issue(

2
crates/proto/src/rr/record_data.rs
View File

@ -456,7 +456,7 @@ pub enum RData {
#[cfg(feature = "dnssec")]
DNSSEC(DNSSECRData),
/// Unknown RecordData is for record types not supported by TRust-DNS
/// Unknown RecordData is for record types not supported by Trust-DNS
Unknown {
/// RecordType code
code: u16,

4
crates/resolver/CHANGELOG.md
View File

@ -1,4 +1,4 @@
# Change Log: TRust-DNS Resolver
# Change Log: Trust-DNS Resolver
All notable changes to this project will be documented in this file.
This project adheres to [Semantic Versioning](http://semver.org/).
@ -223,4 +223,4 @@ This project adheres to [Semantic Versioning](http://semver.org/).
### Added
- Initial release of the TRust-DNS Resolver
- Initial release of the Trust-DNS Resolver

2
crates/resolver/Cargo.toml
View File

@ -6,7 +6,7 @@ authors = ["Benjamin Fry <benjaminfry@me.com>"]
# A short blurb about the package. This is not rendered in any format when
# uploaded to crates.io (aka this is not markdown)
description = """
TRust-DNS is a safe and secure DNS library. This Resolver library uses the Client library to perform all DNS queries. The Resolver is intended to be a high-level library for any DNS record resolution see Resolver and ResolverFuture for supported resolution types. The Client can be used for other queries.
Trust-DNS is a safe and secure DNS library. This Resolver library uses the Client library to perform all DNS queries. The Resolver is intended to be a high-level library for any DNS record resolution see Resolver and ResolverFuture for supported resolution types. The Client can be used for other queries.
"""
# These URLs point to more information about the repository

10
crates/resolver/README.md
View File

@ -1,8 +1,8 @@
# Overview
TRust-DNS Resolver is a library which implements the DNS resolver using the TRust-DNS Proto library.
Trust-DNS Resolver is a library which implements the DNS resolver using the Trust-DNS Proto library.
This library contains implementations for IPv4 (A) and IPv6 (AAAA) resolution, more features are in the works. It is built on top of the [tokio](https://tokio.rs) async-io project, this allows it to be integrated into other systems using the tokio and futures libraries. The TRust-DNS [project](https://github.com/bluejekyll/trust-dns) contains other libraries for DNS: a [client library](https://crates.io/crates/trust-dns) for raw protocol usage, a [server library](https://crates.io/crates/trust-dns-server) for hosting zones, and variations on the TLS implementation over [rustls](https://crates.io/crates/trust-dns-rustls) and [native-tls](https://crates.io/crates/trust-dns-native-tls).
This library contains implementations for IPv4 (A) and IPv6 (AAAA) resolution, more features are in the works. It is built on top of the [tokio](https://tokio.rs) async-io project, this allows it to be integrated into other systems using the tokio and futures libraries. The Trust-DNS [project](https://github.com/bluejekyll/trust-dns) contains other libraries for DNS: a [client library](https://crates.io/crates/trust-dns) for raw protocol usage, a [server library](https://crates.io/crates/trust-dns-server) for hosting zones, and variations on the TLS implementation over [rustls](https://crates.io/crates/trust-dns-rustls) and [native-tls](https://crates.io/crates/trust-dns-native-tls).
## Features
@ -46,9 +46,9 @@ if address.is_ipv4() {
## Enabling DNS-over-TLS and DNS-over-HTTPS
**DNS-over-TLS**, DoT, the underlying implementations have been available as addon libraries to the Client and Server, but the configuration is experimental in TRust-DNS Resolver. *WARNING* The author makes no claims on the security and/or privacy guarantees of this implementation.
**DNS-over-TLS**, DoT, the underlying implementations have been available as addon libraries to the Client and Server, but the configuration is experimental in Trust-DNS Resolver. *WARNING* The author makes no claims on the security and/or privacy guarantees of this implementation.
To use you must compile in support with one of the `dns-over-tls` features. There are three: `dns-over-openssl`, `dns-over-native-tls`, and `dns-over-rustls`. The reason for each is to make the TRust-DNS libraries flexible for different deployments, and/or security concerns. The easiest to use will generally be `dns-over-rustls` which utilizes the native Rust library (a rework of the `boringssl` project), this should compile and be usable on most ARM and x86 platforms. `dns-over-native-tls` will utilize the hosts TLS implementation where available or fallback to `openssl` where not. `dns-over-openssl` will specify that `openssl` should be used (which is a perfect fine option if required). If more than one is specified, the presidence will be in this order (i.e. only one can be used at a time) `dns-over-rustls`, `dns-over-native-tls`, and then `dns-over-openssl`. *NOTICE* the author is not responsible for any choice of library that does not meet security requirements.
To use you must compile in support with one of the `dns-over-tls` features. There are three: `dns-over-openssl`, `dns-over-native-tls`, and `dns-over-rustls`. The reason for each is to make the Trust-DNS libraries flexible for different deployments, and/or security concerns. The easiest to use will generally be `dns-over-rustls` which utilizes the native Rust library (a rework of the `boringssl` project), this should compile and be usable on most ARM and x86 platforms. `dns-over-native-tls` will utilize the hosts TLS implementation where available or fallback to `openssl` where not. `dns-over-openssl` will specify that `openssl` should be used (which is a perfect fine option if required). If more than one is specified, the presidence will be in this order (i.e. only one can be used at a time) `dns-over-rustls`, `dns-over-native-tls`, and then `dns-over-openssl`. *NOTICE* the author is not responsible for any choice of library that does not meet security requirements.
**DNS-over-HTTPS**, DoH, currently the only supported TLS library is `rustls`. To enable, us the feature `dns-over-https-rustls`.
@ -71,4 +71,4 @@ let mut resolver = Resolver::new(ResolverConfig::cloudflare_tls(), ResolverOpts:
## Versioning
TRust-DNS does its best job to follow semver. TRust-DNS will be promoted to 1.0 upon stabilization of the publicly exposed APIs. This does not mean that TRust-DNS will necessarily break on upgrades between 0.x updates. Whenever possible, old APIs will be deprecated with notes on what replaced those deprecations. TRust-DNS will make a best effort to never break software which depends on it due to API changes, though this can not be guaranteed. Deprecated interfaces will be maintained for at minimum one major release after that in which they were deprecated (where possible), with the exception of the upgrade to 1.0 where all deprecated interfaces will be planned to be removed.
Trust-DNS does its best job to follow semver. Trust-DNS will be promoted to 1.0 upon stabilization of the publicly exposed APIs. This does not mean that Trust-DNS will necessarily break on upgrades between 0.x updates. Whenever possible, old APIs will be deprecated with notes on what replaced those deprecations. Trust-DNS will make a best effort to never break software which depends on it due to API changes, though this can not be guaranteed. Deprecated interfaces will be maintained for at minimum one major release after that in which they were deprecated (where possible), with the exception of the upgrade to 1.0 where all deprecated interfaces will be planned to be removed.

6
crates/resolver/src/lib.rs
View File

@ -143,9 +143,9 @@
//!
//! ## DNS-over-TLS
//!
//! DNS over TLS is experimental in the TRust-DNS Resolver library. The underlying implementations have been available as addon libraries to the Client and Server, but the configuration is experimental in TRust-DNS Resolver. *WARNING* The trust-dns developers make no claims on the security and/or privacy guarantees of this implementation.
//! DNS over TLS is experimental in the Trust-DNS Resolver library. The underlying implementations have been available as addon libraries to the Client and Server, but the configuration is experimental in Trust-DNS Resolver. *WARNING* The trust-dns developers make no claims on the security and/or privacy guarantees of this implementation.
//!
//! To use you must compile in support with one of the `dns-over-tls` features. There are three: `dns-over-openssl`, `dns-over-native-tls`, and `dns-over-rustls`. The reason for each is to make the TRust-DNS libraries flexible for different deployments, and/or security concerns. The easiest to use will generally be `dns-over-rustls` which utilizes the native Rust library (a rework of the `boringssl` project), this should compile and be usable on most ARM and x86 platforms. `dns-over-native-tls` will utilize the hosts TLS implementation where available or fallback to `openssl` where not. `dns-over-openssl` will specify that `openssl` should be used (which is a perfect fine option if required). If more than one is specified, the presidence will be in this order (i.e. only one can be used at a time) `dns-over-rustls`, `dns-over-native-tls`, and then `dns-over-openssl`. *NOTICE* thetrust-dns developers are not responsible for any choice of library that does not meet required security requirements.
//! To use you must compile in support with one of the `dns-over-tls` features. There are three: `dns-over-openssl`, `dns-over-native-tls`, and `dns-over-rustls`. The reason for each is to make the Trust-DNS libraries flexible for different deployments, and/or security concerns. The easiest to use will generally be `dns-over-rustls` which utilizes the native Rust library (a rework of the `boringssl` project), this should compile and be usable on most ARM and x86 platforms. `dns-over-native-tls` will utilize the hosts TLS implementation where available or fallback to `openssl` where not. `dns-over-openssl` will specify that `openssl` should be used (which is a perfect fine option if required). If more than one is specified, the presidence will be in this order (i.e. only one can be used at a time) `dns-over-rustls`, `dns-over-native-tls`, and then `dns-over-openssl`. *NOTICE* thetrust-dns developers are not responsible for any choice of library that does not meet required security requirements.
//!
//! ### Example
//!
@ -176,7 +176,7 @@
//!
//! ## mDNS (multicast DNS)
//!
//! Multicast DNS is an experimental feature in TRust-DNS at the moment. It's support on different platforms is not yet ideal. Initial support is only for IPv4 mDNS, as there are some complexities to figure out with IPv6. Once enabled, an mDNS `NameServer` will automatically be added to the `Resolver` and used for any lookups performed in the `.local.` zone.
//! Multicast DNS is an experimental feature in Trust-DNS at the moment. It's support on different platforms is not yet ideal. Initial support is only for IPv4 mDNS, as there are some complexities to figure out with IPv6. Once enabled, an mDNS `NameServer` will automatically be added to the `Resolver` and used for any lookups performed in the `.local.` zone.
#![warn(missing_docs)]
#![recursion_limit = "128"]

2
crates/resolver/src/lookup.rs
View File

@ -30,7 +30,7 @@ use lookup_ip::LookupIpIter;
use lookup_state::CachingClient;
use name_server::{ConnectionHandle, ConnectionProvider, NameServerPool, StandardConnection};
/// Result of a DNS query when querying for any record type supported by the TRust-DNS Proto library.
/// Result of a DNS query when querying for any record type supported by the Trust-DNS Proto library.
///
/// For IP resolution see LookupIp, as it has more features for A and AAAA lookups.
#[derive(Clone, Debug, Eq, PartialEq)]

2
crates/resolver/src/resolver.rs
View File

@ -24,7 +24,7 @@ use AsyncResolver;
///
/// For forward (A) lookups, hostname -> IP address, see: `Resolver::lookup_ip`
///
/// Special note about resource consumption. The Resolver and all TRust-DNS software is built around the Tokio async-io library. This synchronous Resolver is intended to be a simpler wrapper for of the [`trust_dns_resolver::ResolverFuture`]. To allow the Resolver to be [`Send`] + [`Sync`], the construction of the `ResolverFuture` is lazy, this means some of the features of the `ResolverFuture`, like performance based resolution via the most efficient `NameServer` will be lost (the lookup cache is shared across invocations of the `Resolver`). If these other features of the TRust-DNS Resolver are desired, please use the tokio based `ResolverFuture`.
/// Special note about resource consumption. The Resolver and all Trust-DNS software is built around the Tokio async-io library. This synchronous Resolver is intended to be a simpler wrapper for of the [`trust_dns_resolver::ResolverFuture`]. To allow the Resolver to be [`Send`] + [`Sync`], the construction of the `ResolverFuture` is lazy, this means some of the features of the `ResolverFuture`, like performance based resolution via the most efficient `NameServer` will be lost (the lookup cache is shared across invocations of the `Resolver`). If these other features of the Trust-DNS Resolver are desired, please use the tokio based `ResolverFuture`.
///
/// *Note: Threaded/Sync usage*: In multithreaded scenarios, the internal Tokio Runtime will block on an internal Mutex for the tokio Runtime in use. For higher performance, it's recommended to use the `AsyncResolver`.
pub struct Resolver {

4
crates/resolver/tests/resolv.conf-linux
View File

@ -1,4 +1,4 @@
# Not all of these are supported by TRust-DNS
# Not all of these are supported by Trust-DNS
# They are testing that they don't break parsing
options ndots:8 timeout:8 attempts:8
@ -10,7 +10,7 @@ nameserver 2001:4860:4860::8844
nameserver 8.8.8.8
nameserver 8.8.4.4
# some options not supported by TRust-DNS
# some options not supported by Trust-DNS
options rotate
options inet6 no-tld-query

2
crates/rustls/Cargo.toml
View File

@ -6,7 +6,7 @@ authors = ["Benjamin Fry <benjaminfry@me.com>"]
# A short blurb about the package. This is not rendered in any format when
# uploaded to crates.io (aka this is not markdown)
description = """
TRust-DNS is a safe and secure DNS library. This is an extension for the TRust-DNS client to use rustls for TLS.
Trust-DNS is a safe and secure DNS library. This is an extension for the Trust-DNS client to use rustls for TLS.
"""
# These URLs point to more information about the repository

6
crates/rustls/README.md
View File

@ -1,9 +1,9 @@
# Overview
TRust-DNS Rustls is a library which implements the DNS over TLS protocol and client side functions.
Trust-DNS Rustls is a library which implements the DNS over TLS protocol and client side functions.
This library allows for TLS connections to be established to remote DNS servers. It can replace the standard `ClientConnection` in the TRust-DNS library. This uses the rustls TLS library for all TLS communications.
This library allows for TLS connections to be established to remote DNS servers. It can replace the standard `ClientConnection` in the Trust-DNS library. This uses the rustls TLS library for all TLS communications.
## Versioning
TRust-DNS does it's best job to follow semver. TRust-DNS will be promoted to 1.0 upon stabilization of the publicly exposed APIs. This does not mean that TRust-DNS will necessarily break on upgrades between 0.x updates. Whenever possible, old APIs will be deprecated with notes on what replaced those deprecations. TRust-DNS will make a best effort to never break software which depends on it due to API changes, though this can not be guaranteed. Deprecated interfaces will be maintained for at minimum one major release after that in which they were deprecated (where possible), with the exception of the upgrade to 1.0 where all deprecated interfaces will be planned to be removed.
Trust-DNS does it's best job to follow semver. Trust-DNS will be promoted to 1.0 upon stabilization of the publicly exposed APIs. This does not mean that Trust-DNS will necessarily break on upgrades between 0.x updates. Whenever possible, old APIs will be deprecated with notes on what replaced those deprecations. Trust-DNS will make a best effort to never break software which depends on it due to API changes, though this can not be guaranteed. Deprecated interfaces will be maintained for at minimum one major release after that in which they were deprecated (where possible), with the exception of the upgrade to 1.0 where all deprecated interfaces will be planned to be removed.

4
crates/server/Cargo.toml
View File

@ -6,11 +6,11 @@ authors = ["Benjamin Fry <benjaminfry@me.com>"]
# A short blurb about the package. This is not rendered in any format when
# uploaded to crates.io (aka this is not markdown)
description = """
TRust-DNS is a safe and secure DNS server with DNSec support.
Trust-DNS is a safe and secure DNS server with DNSec support.
Eventually this could be a replacement for BIND9. The DNSSec support allows
for live signing of all records, in it does not currently support
records signed offline. The server supports dynamic DNS with SIG0 authenticated
requests. TRust-DNS is based on the Tokio and Futures libraries, which means
requests. Trust-DNS is based on the Tokio and Futures libraries, which means
it should be easily integrated into other software that also use those
libraries.
"""

4
crates/server/README.md
View File

@ -1,9 +1,9 @@
# Overview
TRust-DNS Server is a library which implements the zone authoritory functionality.
Trust-DNS Server is a library which implements the zone authoritory functionality.
This library contains basic implementations for DNS zone hosting. It is capable of performing signing all records in the zone for server DNSSec RRSIG records associated with all records in a zone. There is also a `named` binary that can be generated from the library with `cargo install trust-dns-server`. Dynamic updates are supported via `SIG0` (an mTLS authentication method is under development).
## Versioning
TRust-DNS does it's best job to follow semver. TRust-DNS will be promoted to 1.0 upon stabilization of the publicly exposed APIs. This does not mean that TRust-DNS will necessarily break on upgrades between 0.x updates. Whenever possible, old APIs will be deprecated with notes on what replaced those deprecations. TRust-DNS will make a best effort to never break software which depends on it due to API changes, though this can not be guaranteed. Deprecated interfaces will be maintained for at minimum one major release after that in which they were deprecated (where possible), with the exception of the upgrade to 1.0 where all deprecated interfaces will be planned to be removed.
Trust-DNS does it's best job to follow semver. Trust-DNS will be promoted to 1.0 upon stabilization of the publicly exposed APIs. This does not mean that Trust-DNS will necessarily break on upgrades between 0.x updates. Whenever possible, old APIs will be deprecated with notes on what replaced those deprecations. Trust-DNS will make a best effort to never break software which depends on it due to API changes, though this can not be guaranteed. Deprecated interfaces will be maintained for at minimum one major release after that in which they were deprecated (where possible), with the exception of the upgrade to 1.0 where all deprecated interfaces will be planned to be removed.

2
crates/server/benches/comparison_benches.rs
View File

@ -218,7 +218,7 @@ fn bind_process() -> (NamedProcess, u16) {
.stderr(Stdio::piped())
.arg("-c").arg("../../server/benches/bind_conf/example.conf")
//.arg("-d").arg("0")
.arg("-D").arg("TRust-DNS cmp bench")
.arg("-D").arg("Trust-DNS cmp bench")
.arg("-g")
.arg("-p").arg(&format!("{}", test_port))
.spawn()

2
crates/server/src/config/dnssec.rs
View File

@ -230,7 +230,7 @@ impl TlsCertConfig {
/// set of DNSSEC algorithms to use to sign the zone. enable_dnssec must be true.
/// these will be lookedup by $file.{key_name}.pem, for backward compatability
/// with previous versions of TRust-DNS, if enable_dnssec is enabled but
/// with previous versions of Trust-DNS, if enable_dnssec is enabled but
/// supported_algorithms is not specified, it will default to "RSASHA256" and
/// look for the $file.pem for the key. To control key length, or other options
/// keys of the specified formats can be generated in PEM format. Instructions

2
crates/server/src/lib.rs
View File

@ -75,7 +75,7 @@ pub mod store;
pub use self::server::ServerFuture;
/// Returns the current version of TRust-DNS
/// Returns the current version of Trust-DNS
pub fn version() -> &'static str {
env!("CARGO_PKG_VERSION")
}

8
crates/server/tests/named_test_configs/example.toml
View File

@ -1,11 +1,11 @@
##
## This is an example configuration file for the TRust-DNS named server.
## This is an example configuration file for the Trust-DNS named server.
##
## The format is in TOML: https://github.com/toml-lang/toml which was chosen
## as the configuration format for TRust-DNS. While Trust-DNS is inteaded to
## as the configuration format for Trust-DNS. While Trust-DNS is inteaded to
## be a drop-in replacement for BIND9, it will not support the named.conf files
## directly. At some point, there will be a binary tool for converting the
## BIND9 configuration files over to TRust-DNS TOML.
## BIND9 configuration files over to Trust-DNS TOML.
##
## Many of these options are available as both command line options and
## configuration options in these files. In that case, the command line option
@ -93,7 +93,7 @@ file = "example.com.zone"
## set of DNSSEC algorithms to use to sign the zone. enable_dnssec must be true.
## these will be lookedup by $file.{key_name}.pem, for backward compatability
## with previous versions of TRust-DNS, if enable_dnssec is enabled but
## with previous versions of Trust-DNS, if enable_dnssec is enabled but
## supported_algorithms is not specified, it will default to "RSASHA256" and
## look for the $file.pem for the key. To control key length, or other options
## keys of the specified formats can be generated in PEM format. Instructions

2
crates/server/tests/named_test_configs/sec/gen-keys.sh
View File

@ -24,7 +24,7 @@ echo "====> generating cert"
${OPENSSL:?} req -new -x509 -days 365 -sha256 \
-key ${KEY_FILE:?} -keyform der \
-out ${CRT_FILE:?} -outform der \
-subj '/O=TRust-DNS/CN=ns.example.com' \
-subj '/O=Trust-DNS/CN=ns.example.com' \
-config <(cat /etc/ssl/openssl.cnf <(printf "\n[x509v3]\nsubjectAltName=critical,DNS:ns.example.com\nkeyUsage=critical,digitalSignature,keyAgreement,keyCertSign\nextendedKeyUsage=critical,serverAuth,clientAuth\nbasicConstraints=critical,pathlen:0")) \
-extensions x509v3 \
-reqexts x509v3

88
logo.svg Normal file
View File

@ -0,0 +1,88 @@
<svg version="1.1" viewBox="0.0 0.0 927.511811023622 273.997375328084" fill="none" stroke="none" stroke-linecap="square" stroke-miterlimit="10"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns="http://www.w3.org/2000/svg">
<clipPath id="p.0">
<path d="m0 0l927.51184 0l0 273.99738l-927.51184 0l0 -273.99738z" clip-rule="nonzero"/>
</clipPath>
<g clip-path="url(#p.0)">
<path fill="#000000" fill-opacity="0.0" d="m0 0l927.51184 0l0 273.99738l-927.51184 0z" fill-rule="evenodd"/>
<path fill="#000000" fill-opacity="0.0" d="m714.0827 112.72179l24.0 -47.999977l62.8031 0l24.0 47.999977l-24.0 47.99997l-62.8031 0z" fill-rule="evenodd"/>
<path stroke="#b7b7b7" stroke-width="2.0" stroke-linejoin="round" stroke-linecap="butt" d="m714.0827 112.72179l24.0 -47.999977l62.8031 0l24.0 47.999977l-24.0 47.99997l-62.8031 0z" fill-rule="evenodd"/>
<path fill="#000000" fill-opacity="0.0" d="m800.4921 160.22572l24.0 -47.999977l62.80316 0l24.0 47.999977l-24.0 47.99997l-62.80316 0z" fill-rule="evenodd"/>
<path stroke="#b7b7b7" stroke-width="2.0" stroke-linejoin="round" stroke-linecap="butt" d="m800.4921 160.22572l24.0 -47.999977l62.80316 0l24.0 47.999977l-24.0 47.99997l-62.80316 0z" fill-rule="evenodd"/>
<path fill="#000000" fill-opacity="0.0" d="m713.68896 208.72179l24.0 -47.999985l62.80316 0l24.0 47.999985l-24.0 47.999985l-62.80316 0z" fill-rule="evenodd"/>
<path stroke="#b7b7b7" stroke-width="2.0" stroke-linejoin="round" stroke-linecap="butt" d="m713.68896 208.72179l24.0 -47.999985l62.80316 0l24.0 47.999985l-24.0 47.999985l-62.80316 0z" fill-rule="evenodd"/>
<path fill="#000000" fill-opacity="0.0" d="m539.2953 208.72179l24.0 -47.999985l62.80316 0l24.0 47.999985l-24.0 47.999985l-62.80316 0z" fill-rule="evenodd"/>
<path stroke="#b7b7b7" stroke-width="2.0" stroke-linejoin="round" stroke-linecap="butt" d="m539.2953 208.72179l24.0 -47.999985l62.80316 0l24.0 47.999985l-24.0 47.999985l-62.80316 0z" fill-rule="evenodd"/>
<path fill="#000000" fill-opacity="0.0" d="m16.704725 112.22572l23.999998 -47.999977l62.80315 0l24.0 47.999977l-24.0 47.99997l-62.80315 0z" fill-rule="evenodd"/>
<path stroke="#b7b7b7" stroke-width="2.0" stroke-linejoin="round" stroke-linecap="butt" d="m16.704725 112.22572l23.999998 -47.999977l62.80315 0l24.0 47.999977l-24.0 47.99997l-62.80315 0z" fill-rule="evenodd"/>
<path fill="#000000" fill-opacity="0.0" d="m103.70473 160.22572l24.0 -47.999977l62.803146 0l24.0 47.999977l-24.0 47.99997l-62.803146 0z" fill-rule="evenodd"/>
<path stroke="#b7b7b7" stroke-width="2.0" stroke-linejoin="round" stroke-linecap="butt" d="m103.70473 160.22572l24.0 -47.999977l62.803146 0l24.0 47.999977l-24.0 47.99997l-62.803146 0z" fill-rule="evenodd"/>
<path fill="#000000" fill-opacity="0.0" d="m103.70473 64.22572l24.0 -47.999977l62.803146 0l24.0 47.999977l-24.0 47.999977l-62.803146 0z" fill-rule="evenodd"/>
<path stroke="#b7b7b7" stroke-width="2.0" stroke-linejoin="round" stroke-linecap="butt" d="m103.70473 64.22572l24.0 -47.999977l62.803146 0l24.0 47.999977l-24.0 47.999977l-62.803146 0z" fill-rule="evenodd"/>
<path fill="#000000" fill-opacity="0.0" d="m189.70473 112.22572l24.0 -47.999977l62.803146 0l24.0 47.999977l-24.0 47.99997l-62.803146 0z" fill-rule="evenodd"/>
<path stroke="#b7b7b7" stroke-width="2.0" stroke-linejoin="round" stroke-linecap="butt" d="m189.70473 112.22572l24.0 -47.999977l62.803146 0l24.0 47.999977l-24.0 47.99997l-62.803146 0z" fill-rule="evenodd"/>
<path fill="#000000" fill-opacity="0.0" d="m189.70473 208.22572l24.0 -47.999985l62.803146 0l24.0 47.999985l-24.0 47.999985l-62.803146 0z" fill-rule="evenodd"/>
<path stroke="#b7b7b7" stroke-width="2.0" stroke-linejoin="round" stroke-linecap="butt" d="m189.70473 208.22572l24.0 -47.999985l62.803146 0l24.0 47.999985l-24.0 47.999985l-62.803146 0z" fill-rule="evenodd"/>
<path fill="#000000" fill-opacity="0.0" d="m277.7047 160.22572l24.0 -47.999977l62.80316 0l24.0 47.999977l-24.0 47.99997l-62.80316 0z" fill-rule="evenodd"/>
<path stroke="#b7b7b7" stroke-width="2.0" stroke-linejoin="round" stroke-linecap="butt" d="m277.7047 160.22572l24.0 -47.999977l62.80316 0l24.0 47.999977l-24.0 47.99997l-62.80316 0z" fill-rule="evenodd"/>
<path fill="#000000" fill-opacity="0.0" d="m364.90158 112.22572l24.0 -47.999977l62.80313 0l24.0 47.999977l-24.0 47.99997l-62.80313 0z" fill-rule="evenodd"/>
<path stroke="#b7b7b7" stroke-width="2.0" stroke-linejoin="round" stroke-linecap="butt" d="m364.90158 112.22572l24.0 -47.999977l62.80313 0l24.0 47.999977l-24.0 47.99997l-62.80313 0z" fill-rule="evenodd"/>
<path fill="#000000" fill-opacity="0.0" d="m452.09842 160.22572l24.0 -47.999977l62.80313 0l24.0 47.999977l-24.0 47.99997l-62.80313 0z" fill-rule="evenodd"/>
<path stroke="#b7b7b7" stroke-width="2.0" stroke-linejoin="round" stroke-linecap="butt" d="m452.09842 160.22572l24.0 -47.999977l62.80313 0l24.0 47.999977l-24.0 47.99997l-62.80313 0z" fill-rule="evenodd"/>
<path fill="#000000" fill-opacity="0.0" d="m538.90155 112.72179l24.0 -47.999977l62.80316 0l24.0 47.999977l-24.0 47.99997l-62.80316 0z" fill-rule="evenodd"/>
<path stroke="#b7b7b7" stroke-width="2.0" stroke-linejoin="round" stroke-linecap="butt" d="m538.90155 112.72179l24.0 -47.999977l62.80316 0l24.0 47.999977l-24.0 47.99997l-62.80316 0z" fill-rule="evenodd"/>
<path fill="#000000" fill-opacity="0.0" d="m626.4921 160.22572l24.0 -47.999977l62.80316 0l24.0 47.999977l-24.0 47.99997l-62.80316 0z" fill-rule="evenodd"/>
<path stroke="#b7b7b7" stroke-width="2.0" stroke-linejoin="round" stroke-linecap="butt" d="m626.4921 160.22572l24.0 -47.999977l62.80316 0l24.0 47.999977l-24.0 47.99997l-62.80316 0z" fill-rule="evenodd"/>
<path fill="#000000" fill-opacity="0.0" d="m127.70473 112.22572l-24.0 48.0" fill-rule="evenodd"/>
<path stroke="#0000ff" stroke-width="4.0" stroke-linejoin="round" stroke-linecap="butt" d="m127.70473 112.22572l-24.0 48.0" fill-rule="evenodd"/>
<path fill="#000000" fill-opacity="0.0" d="m127.70473 112.2257l30.015747 0" fill-rule="evenodd"/>
<path stroke="#0000ff" stroke-width="4.0" stroke-linejoin="round" stroke-linecap="butt" d="m127.70473 112.2257l30.015747 0" fill-rule="evenodd"/>
<path fill="#000000" fill-opacity="0.0" d="m189.70473 112.22572l24.0 48.0" fill-rule="evenodd"/>
<path stroke="#0000ff" stroke-width="4.0" stroke-linejoin="round" stroke-linecap="butt" d="m189.70473 112.22572l24.0 48.0" fill-rule="evenodd"/>
<path fill="#000000" fill-opacity="0.0" d="m213.70473 160.22574l63.999985 0" fill-rule="evenodd"/>
<path stroke="#0000ff" stroke-width="4.0" stroke-linejoin="round" stroke-linecap="butt" d="m213.70473 160.22574l63.999985 0" fill-rule="evenodd"/>
<path fill="#000000" fill-opacity="0.0" d="m277.7047 160.22572l24.0 -48.0" fill-rule="evenodd"/>
<path stroke="#0000ff" stroke-width="4.0" stroke-linejoin="round" stroke-linecap="butt" d="m277.7047 160.22572l24.0 -48.0" fill-rule="evenodd"/>
<path fill="#000000" fill-opacity="0.0" d="m364.90158 112.225746l13.669281 -26.803154" fill-rule="evenodd"/>
<path stroke="#0000ff" stroke-width="4.0" stroke-linejoin="round" stroke-linecap="butt" d="m364.90158 112.225746l13.669281 -26.803154" fill-rule="evenodd"/>
<path fill="#000000" fill-opacity="0.0" d="m364.90158 112.22572l24.0 48.0" fill-rule="evenodd"/>
<path stroke="#0000ff" stroke-width="4.0" stroke-linejoin="round" stroke-linecap="butt" d="m364.90158 112.22572l24.0 48.0" fill-rule="evenodd"/>
<path fill="#000000" fill-opacity="0.0" d="m40.1063 64.225746l64.0 0" fill-rule="evenodd"/>
<path stroke="#0000ff" stroke-width="4.0" stroke-linejoin="round" stroke-linecap="butt" d="m40.1063 64.225746l64.0 0" fill-rule="evenodd"/>
<path fill="#000000" fill-opacity="0.0" d="m71.70473 65.22572l0 94.99213" fill-rule="evenodd"/>
<path stroke="#0000ff" stroke-width="4.0" stroke-linejoin="round" stroke-linecap="butt" d="m71.70473 65.22572l0 94.99213" fill-rule="evenodd"/>
<path fill="#000000" fill-opacity="0.0" d="m452.09842 160.22572l24.0 -48.0" fill-rule="evenodd"/>
<path stroke="#0000ff" stroke-width="4.0" stroke-linejoin="round" stroke-linecap="butt" d="m452.09842 160.22572l24.0 -48.0" fill-rule="evenodd"/>
<path fill="#000000" fill-opacity="0.0" d="m508.7349 112.27034l0 97.6378" fill-rule="evenodd"/>
<path stroke="#ff0000" stroke-width="4.0" stroke-linejoin="round" stroke-linecap="butt" d="m508.7349 112.27034l0 97.6378" fill-rule="evenodd"/>
<path fill="#000000" fill-opacity="0.0" d="m507.94095 112.72179l30.960602 0" fill-rule="evenodd"/>
<path stroke="#ff0000" stroke-width="4.0" stroke-linejoin="round" stroke-linecap="butt" d="m507.94095 112.72179l30.960602 0" fill-rule="evenodd"/>
<path fill="#000000" fill-opacity="0.0" d="m507.5 208.22572l31.181091 0" fill-rule="evenodd"/>
<path stroke="#ff0000" stroke-width="4.0" stroke-linejoin="round" stroke-linecap="butt" d="m507.5 208.22572l31.181091 0" fill-rule="evenodd"/>
<path fill="#000000" fill-opacity="0.0" d="m538.90155 112.22572l24.0 48.0" fill-rule="evenodd"/>
<path stroke="#ff0000" stroke-width="4.0" stroke-linejoin="round" stroke-linecap="butt" d="m538.90155 112.22572l24.0 48.0" fill-rule="evenodd"/>
<path fill="#000000" fill-opacity="0.0" d="m539.2953 208.22572l24.0 -48.0" fill-rule="evenodd"/>
<path stroke="#ff0000" stroke-width="4.0" stroke-linejoin="round" stroke-linecap="butt" d="m539.2953 208.22572l24.0 -48.0" fill-rule="evenodd"/>
<path fill="#000000" fill-opacity="0.0" d="m800.4921 160.22572l24.0 -48.0" fill-rule="evenodd"/>
<path stroke="#ff0000" stroke-width="4.0" stroke-linejoin="round" stroke-linecap="butt" d="m800.4921 160.22572l24.0 -48.0" fill-rule="evenodd"/>
<path fill="#000000" fill-opacity="0.0" d="m800.4921 160.22572l24.0 48.0" fill-rule="evenodd"/>
<path stroke="#ff0000" stroke-width="4.0" stroke-linejoin="round" stroke-linecap="butt" d="m800.4921 160.22572l24.0 48.0" fill-rule="evenodd"/>
<path fill="#000000" fill-opacity="0.0" d="m800.4921 255.72179l24.0 -48.0" fill-rule="evenodd"/>
<path stroke="#ff0000" stroke-width="4.0" stroke-linejoin="round" stroke-linecap="butt" d="m800.4921 255.72179l24.0 -48.0" fill-rule="evenodd"/>
<path fill="#000000" fill-opacity="0.0" d="m460.7047 112.2257l30.015747 0" fill-rule="evenodd"/>
<path stroke="#0000ff" stroke-width="4.0" stroke-linejoin="round" stroke-linecap="butt" d="m460.7047 112.2257l30.015747 0" fill-rule="evenodd"/>
<path fill="#000000" fill-opacity="0.0" d="m626.4921 160.22572l24.0 -48.0" fill-rule="evenodd"/>
<path stroke="#ff0000" stroke-width="4.0" stroke-linejoin="round" stroke-linecap="butt" d="m626.4921 160.22572l24.0 -48.0" fill-rule="evenodd"/>
<path fill="#000000" fill-opacity="0.0" d="m625.7047 160.22572l24.0 48.0" fill-rule="evenodd"/>
<path stroke="#ff0000" stroke-width="4.0" stroke-linejoin="round" stroke-linecap="butt" d="m625.7047 160.22572l24.0 48.0" fill-rule="evenodd"/>
<path fill="#000000" fill-opacity="0.0" d="m649.8937 111.225746l64.0 0" fill-rule="evenodd"/>
<path stroke="#ff0000" stroke-width="4.0" stroke-linejoin="round" stroke-linecap="butt" d="m649.8937 111.225746l64.0 0" fill-rule="evenodd"/>
<path fill="#000000" fill-opacity="0.0" d="m713.4921 112.22572l24.0 48.0" fill-rule="evenodd"/>
<path stroke="#ff0000" stroke-width="4.0" stroke-linejoin="round" stroke-linecap="butt" d="m713.4921 112.22572l24.0 48.0" fill-rule="evenodd"/>
<path fill="#000000" fill-opacity="0.0" d="m713.09845 208.22572l24.0 -48.0" fill-rule="evenodd"/>
<path stroke="#ff0000" stroke-width="4.0" stroke-linejoin="round" stroke-linecap="butt" d="m713.09845 208.22572l24.0 -48.0" fill-rule="evenodd"/>
<path fill="#000000" fill-opacity="0.0" d="m374.49213 188.7218l14.803162 -28.0" fill-rule="evenodd"/>
<path stroke="#0000ff" stroke-width="4.0" stroke-linejoin="round" stroke-linecap="butt" d="m374.49213 188.7218l14.803162 -28.0" fill-rule="evenodd"/>
</g>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 12 KiB

4
scripts/gen_certs.sh
View File

@ -25,7 +25,7 @@ distinguished_name = dn
C = US
ST = California
L = San Francisco
O = TRust-DNS
O = Trust-DNS
CN = root.example.com
[req_ext]
@ -53,7 +53,7 @@ distinguished_name = dn
C = US
ST = California
L = San Francisco
O = TRust-DNS
O = Trust-DNS
CN = ns.example.com
[req_ext]

2
tests/compatibility-tests/Cargo.toml
View File

@ -6,7 +6,7 @@ authors = ["Benjamin Fry <benjaminfry@me.com>"]
# A short blurb about the package. This is not rendered in any format when
# uploaded to crates.io (aka this is not markdown)
description = """
TRust-DNS compatability testing library.
Trust-DNS compatability testing library.
"""
# These URLs point to more information about the repository

2
tests/compatibility-tests/src/bind.rs
View File

@ -37,7 +37,7 @@ pub fn named_process() -> (NamedProcess, u16) {
// from the root target directory...
.arg("-c").arg("../../tests/compatibility-tests/tests/conf/bind-example.conf")
//.arg("-d").arg("0") // uncomment for debugging information
.arg("-D").arg("TRust-DNS compatibility")
.arg("-D").arg("Trust-DNS compatibility")
.arg("-g")
.arg("-p").arg(&format!("{}", test_port))
.spawn()

2
tests/integration-tests/Cargo.toml
View File

@ -6,7 +6,7 @@ authors = ["Benjamin Fry <benjaminfry@me.com>"]
# A short blurb about the package. This is not rendered in any format when
# uploaded to crates.io (aka this is not markdown)
description = """
TRust-DNS integration testing library.
Trust-DNS integration testing library.
"""
# These URLs point to more information about the repository

2
util/Cargo.toml
View File

@ -6,7 +6,7 @@ authors = ["Benjamin Fry <benjaminfry@me.com>"]
# A short blurb about the package. This is not rendered in any format when
# uploaded to crates.io (aka this is not markdown)
description = """
Utilities that complement TRust-DNS.
Utilities that complement Trust-DNS.
"""
# These URLs point to more information about the repository

10
util/README.md
View File

@ -1,6 +1,6 @@
# Overview
TRust-DNS Util is a support library for the TRust-DNS libraries.
Trust-DNS Util is a support library for the Trust-DNS libraries.
## dnskey-to-pem
@ -8,7 +8,7 @@ This will take a private DNSKEY as generated by BIND9 and output an OpenSSL comp
```console
$ cargo run --bin pem-to-public-dnskey -- --help
TRust-DNS dnskey-to-pem 0.11.3
Trust-DNS dnskey-to-pem 0.11.3
Benjamin Fry <benjaminfry@me.com>
Converts a dnskey, as generated from BIND's dnssec-keygen, into pem format
@ -29,11 +29,11 @@ ARGS:
## pem-to-public-dnskey
This utility can be used to output raw bytes in the DNSKEY RDATA format. This is useful for associating custom public keys with the TrustAnchor facility in TRust-DNS.
This utility can be used to output raw bytes in the DNSKEY RDATA format. This is useful for associating custom public keys with the TrustAnchor facility in Trust-DNS.
```console
$ cargo run --bin pem-to-public-dnskey -- --help
TRust-DNS pem-to-public-dnskey 0.11.3
Trust-DNS pem-to-public-dnskey 0.11.3
Benjamin Fry <benjaminfry@me.com>
Converts a PEM formatted pubblic key into a raw public dnskey (this is not the inverse of bind_dnskey_to_pem). This can be used to create a dnskey in the TrustAnchor internal
format.
@ -54,4 +54,4 @@ ARGS:
## Versioning
TRust-DNS does it's best job to follow semver. TRust-DNS will be promoted to 1.0 upon stabilization of the publicly exposed APIs. This does not mean that TRust-DNS will necessarily break on upgrades between 0.x updates. Whenever possible, old APIs will be deprecated with notes on what replaced those deprecations. TRust-DNS will make a best effort to never break software which depends on it due to API changes, though this can not be guaranteed. Deprecated interfaces will be maintained for at minimum one major release after that in which they were deprecated (where possible), with the exception of the upgrade to 1.0 where all deprecated interfaces will be planned to be removed.
Trust-DNS does it's best job to follow semver. Trust-DNS will be promoted to 1.0 upon stabilization of the publicly exposed APIs. This does not mean that Trust-DNS will necessarily break on upgrades between 0.x updates. Whenever possible, old APIs will be deprecated with notes on what replaced those deprecations. Trust-DNS will make a best effort to never break software which depends on it due to API changes, though this can not be guaranteed. Deprecated interfaces will be maintained for at minimum one major release after that in which they were deprecated (where possible), with the exception of the upgrade to 1.0 where all deprecated interfaces will be planned to be removed.

2
util/src/bind_dnskey_to_pem.rs
View File

@ -25,7 +25,7 @@ use openssl::rsa::Rsa;
use trust_dns::rr::dnssec::Algorithm;
fn args<'a>() -> ArgMatches<'a> {
App::new("TRust-DNS dnskey-to-pem")
App::new("Trust-DNS dnskey-to-pem")
.version(trust_dns::version())
.author("Benjamin Fry <benjaminfry@me.com>")
.about("Converts a dnskey, as generated from BIND's dnssec-keygen, into pem format")

4
util/src/pem_to_public_dnskey.rs
View File

@ -20,11 +20,11 @@ use openssl::pkey::PKey;
use trust_dns::rr::dnssec::{KeyPair, Public};
fn args<'a>() -> ArgMatches<'a> {
App::new("TRust-DNS pem-to-public-dnskey")
App::new("Trust-DNS pem-to-public-dnskey")
.version(trust_dns::version())
.author("Benjamin Fry <benjaminfry@me.com>")
.about(
"Converts a PEM formatted public key into a raw public dnskey (not the inverse of dnskey-to-pem). This can be used to create a dnskey in the TrustAnchor internal format in TRust-DNS.",
"Converts a PEM formatted public key into a raw public dnskey (not the inverse of dnskey-to-pem). This can be used to create a dnskey in the TrustAnchor internal format in Trust-DNS.",
)
.arg(
Arg::with_name("key")