move named to trust-dns bin crate

Cargo.lock

@@ -1367,6 +1367,48 @@ dependencies = [
  "spin 0.5.2 (registry+https://github.com/rust-lang/crates.io-index)",
 ]
 
+[[package]]
+name = "trust-dns"
+version = "0.18.0-alpha.1"
+dependencies = [
+ "backtrace 0.3.40 (registry+https://github.com/rust-lang/crates.io-index)",
+ "bytes 0.4.12 (registry+https://github.com/rust-lang/crates.io-index)",
+ "chrono 0.4.9 (registry+https://github.com/rust-lang/crates.io-index)",
+ "clap 2.33.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "enum-as-inner 0.3.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "env_logger 0.7.1 (registry+https://github.com/rust-lang/crates.io-index)",
+ "failure 0.1.6 (registry+https://github.com/rust-lang/crates.io-index)",
+ "futures-preview 0.3.0-alpha.19 (registry+https://github.com/rust-lang/crates.io-index)",
+ "h2 0.2.0-alpha.3 (registry+https://github.com/rust-lang/crates.io-index)",
+ "http 0.1.19 (registry+https://github.com/rust-lang/crates.io-index)",
+ "lazy_static 1.4.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "log 0.4.8 (registry+https://github.com/rust-lang/crates.io-index)",
+ "native-tls 0.2.3 (registry+https://github.com/rust-lang/crates.io-index)",
+ "openssl 0.10.25 (registry+https://github.com/rust-lang/crates.io-index)",
+ "rand 0.7.2 (registry+https://github.com/rust-lang/crates.io-index)",
+ "rusqlite 0.20.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "rustls 0.16.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "serde 1.0.101 (registry+https://github.com/rust-lang/crates.io-index)",
+ "time 0.1.42 (registry+https://github.com/rust-lang/crates.io-index)",
+ "tokio 0.2.0-alpha.6 (registry+https://github.com/rust-lang/crates.io-index)",
+ "tokio-executor 0.2.0-alpha.6 (registry+https://github.com/rust-lang/crates.io-index)",
+ "tokio-io 0.2.0-alpha.6 (registry+https://github.com/rust-lang/crates.io-index)",
+ "tokio-net 0.2.0-alpha.6 (registry+https://github.com/rust-lang/crates.io-index)",
+ "tokio-openssl 0.4.0-alpha.6 (registry+https://github.com/rust-lang/crates.io-index)",
+ "tokio-rustls 0.12.0-alpha.4 (registry+https://github.com/rust-lang/crates.io-index)",
+ "tokio-timer 0.3.0-alpha.6 (registry+https://github.com/rust-lang/crates.io-index)",
+ "tokio-tls 0.3.0-alpha.6 (registry+https://github.com/rust-lang/crates.io-index)",
+ "toml 0.5.3 (registry+https://github.com/rust-lang/crates.io-index)",
+ "trust-dns-client 0.18.0-alpha.1",
+ "trust-dns-https 0.18.0-alpha.1",
+ "trust-dns-native-tls 0.18.0-alpha.1",
+ "trust-dns-openssl 0.18.0-alpha.1",
+ "trust-dns-proto 0.18.0-alpha.1",
+ "trust-dns-resolver 0.18.0-alpha.1",
+ "trust-dns-rustls 0.18.0-alpha.1",
+ "trust-dns-server 0.18.0-alpha.1",
+]
+
 [[package]]
 name = "trust-dns-client"
 version = "0.18.0-alpha.1"

Cargo.toml

@@ -9,4 +9,5 @@ members = ["crates/client",
            "crates/server",
            "tests/compatibility-tests",
            "tests/integration-tests",
+           "bin",
            "util"]

README.md

@@ -97,7 +97,7 @@ Zone signing support is complete, to insert a key store a pem encoded rsa file
 
 ### DNS over TLS on the Server
 
-Support of TLS on the Server is managed through a pkcs12 der file. The documentation is captured in the example test config file, [example.toml](https://github.com/bluejekyll/trust-dns/blob/master/crates/server/tests/named_test_configs/example.toml). A registered certificate to the server can be pinned to the Client with the `add_ca()` method. Alternatively, as the client uses the rust-native-tls library, it should work with certificate signed by any standard CA.
+Support of TLS on the Server is managed through a pkcs12 der file. The documentation is captured in the example test config file, [example.toml](https://github.com/bluejekyll/trust-dns/blob/master/crates/server/tests/test-data/named_test_configs/example.toml). A registered certificate to the server can be pinned to the Client with the `add_ca()` method. Alternatively, as the client uses the rust-native-tls library, it should work with certificate signed by any standard CA.
 
 ## DNSSec status
 
@@ -244,7 +244,7 @@ so this should allow it to work with most internal loads.
 
 ```
   $ cd server
-  $ ../target/release/named -c ./tests/named_test_configs/example.toml -z ./tests/named_test_configs/ -p 24141
+  $ ../target/release/named -c ./tests/test-data/named_test_configs/example.toml -z ./tests/test-data/named_test_configs/ -p 24141
 ```
 
 -   Query the just launched server with `dig`

bin/Cargo.toml

@@ -0,0 +1,111 @@
+[package]
+name = "trust-dns"
+version = "0.18.0-alpha.1"
+authors = ["Benjamin Fry <benjaminfry@me.com>"]
+edition = "2018"
+
+# A short blurb about the package. This is not rendered in any format when
+# uploaded to crates.io (aka this is not markdown)
+description = """
+Trust-DNS is a safe and secure DNS server with DNSec support.
+ Eventually this could be a replacement for BIND9. The DNSSec support allows
+ for live signing of all records, in it does not currently support
+ records signed offline. The server supports dynamic DNS with SIG0 authenticated
+ requests. Trust-DNS is based on the Tokio and Futures libraries, which means
+ it should be easily integrated into other software that also use those
+ libraries.
+"""
+
+# These URLs point to more information about the repository
+documentation = "https://docs.rs/trust-dns-server"
+homepage = "http://www.trust-dns.org/index.html"
+repository = "https://github.com/bluejekyll/trust-dns"
+
+# This points to a file in the repository (relative to this Cargo.toml). The
+# contents of this file are stored and indexed in the registry.
+readme = "README.md"
+
+# This is a small list of keywords used to categorize and search for this
+# package.
+keywords = ["DNS", "BIND", "dig", "named", "dnssec"]
+categories = ["network-programming"]
+
+# This is a string description of the license for this package. Currently
+# crates.io will validate the license provided against a whitelist of known
+# license identifiers from http://spdx.org/licenses/. Multiple licenses can
+# be separated with a `/`
+license = "MIT/Apache-2.0"
+
+[badges]
+travis-ci = { repository = "bluejekyll/trust-dns" }
+appveyor = { repository = "bluejekyll/trust-dns", branch = "master", service = "github" }
+codecov = { repository = "bluejekyll/trust-dns", branch = "master", service = "github" }
+
+[features]
+#default = ["sqlite", "resolver"]
+dnssec-openssl = ["dnssec", "openssl", "trust-dns-client/dnssec-openssl", "trust-dns-proto/dnssec-openssl", "trust-dns-resolver/dnssec-openssl", "trust-dns-server/dnssec-openssl"]
+dnssec-ring = ["dnssec", "trust-dns-client/dnssec-ring", "trust-dns-proto/dnssec-ring", "trust-dns-resolver/dnssec-ring", "trust-dns-server/dnssec-ring"]
+dnssec = []
+resolver = ["trust-dns-resolver", "trust-dns-server/resolver"]
+sqlite = ["rusqlite", "trust-dns-server/sqlite"]
+
+# TODO: Need to figure out how to be consistent with ring/openssl usage...
+# dns-over-https-openssl = ["dns-over-openssl", "trust-dns-client/dns-over-https-openssl", "dns-over-https"]
+dns-over-https-rustls = ["dns-over-https", "dns-over-rustls", "trust-dns-client/dns-over-https-rustls", "trust-dns-resolver/dns-over-https-rustls", "trust-dns-server/dns-over-https-rustls", "tokio-rustls"]
+dns-over-https = ["h2", "http", "trust-dns-https", "trust-dns-server/dns-over-https"]
+
+# TODO: migrate all tls and tls-openssl features to dns-over-tls, et al
+dns-over-openssl = ["dns-over-tls", "dnssec-openssl", "trust-dns-openssl", "tokio-openssl", "trust-dns-client/dns-over-openssl", "trust-dns-resolver/dns-over-openssl", "trust-dns-server/dns-over-openssl"]
+dns-over-rustls = ["dns-over-tls", "dnssec-ring", "trust-dns-rustls", "rustls", "trust-dns-client/dns-over-rustls", "trust-dns-resolver/dns-over-rustls", "trust-dns-server/dns-over-rustls", "tokio-rustls"]
+dns-over-tls = []
+
+# This is a deprecated feature...
+tls-openssl = ["dns-over-openssl"]
+tls = ["dns-over-openssl"]
+
+# WARNING: there is a bug in the mutual tls auth code at the moment see issue #100
+# mtls = ["trust-dns-client/mtls"]
+
+[[bin]]
+name = "named"
+path = "src/named.rs"
+
+[dependencies]
+backtrace = "0.3"
+bytes = "0.4.9"
+chrono = "0.4"
+clap = "2.33"
+enum-as-inner = "0.3"
+env_logger = "0.7"
+failure = "0.1"
+futures-preview = "0.3.0-alpha"
+h2 = { version = "0.2.0-alpha", optional = true }
+http = { version = "0.1", optional = true }
+lazy_static = "1.0"
+log = "0.4.8"
+openssl = { version = "0.10", features = ["v102", "v110"], optional = true }
+rand = "0.7"
+rusqlite = { version = "0.20.0", features = ["bundled"], optional = true }
+rustls = { version = "0.16", optional = true }
+serde = { version = "1.0.100", features = ["derive"] }
+time = "0.1"
+tokio = "0.2.0-alpha"
+tokio-executor = "0.2.0-alpha"
+tokio-io = "0.2.0-alpha"
+tokio-net = "0.2.0-alpha"
+tokio-openssl = { version = "0.4.0-alpha", optional = true }
+tokio-rustls = { version = "0.12.0-alpha", optional = true }
+tokio-timer = "0.3.0-alpha"
+toml = "0.5"
+trust-dns-client= { version = "0.18.0-alpha", path = "../crates/client" }
+trust-dns-https = { version = "0.18.0-alpha", path = "../crates/https", optional = true }
+trust-dns-proto = { version = "0.18.0-alpha", path = "../crates/proto" }
+trust-dns-openssl = { version = "0.18.0-alpha", path = "../crates/openssl", optional = true }
+trust-dns-resolver = { version = "0.18.0-alpha", path = "../crates/resolver", features = ["serde-config"], optional = true }
+trust-dns-rustls = { version = "0.18.0-alpha", path = "../crates/rustls", optional = true }
+trust-dns-server = { version = "0.18.0-alpha", path = "../crates/server" }
+
+[dev-dependencies]
+native-tls = "0.2"
+trust-dns-native-tls = { version = "0.18.0-alpha", path = "../crates/native-tls" }
+tokio-tls = "0.3.0-alpha"

bin/README.md

@@ -0,0 +1,31 @@
+# Overview
+
+Trust-DNS provides a binary for hosting or forwarding DNS zones.
+
+This a named implementation for DNS zone hosting. It is capable of performing signing all records in the zone for server DNSSec RRSIG records associated with all records in a zone. There is also a `named` binary that can be generated from the library with `cargo install trust-dns`. Dynamic updates are supported via `SIG0` (an mTLS authentication method is under development).
+
+## Features 
+
+- Dynamic Update with sqlite journaling backend (SIG0)
+- DNSSEC online signing (NSEC not NSEC3)
+- DNS over TLS (DoT)
+- DNS over HTTPS (DoH)
+- Forwarding stub resolver
+- ANAME resolution, for zone mapping aliass to A and AAAA records
+- Additionals section generation for aliasing record types
+
+## Future goals
+
+- Distributed dynamic DNS updates, with consensus
+- mTLS based authorization for Dynamic Updates
+- Online NSEC creation for queries
+- Full hint based resolving
+- Maybe NSEC3 and/or NSEC5 support
+
+## Minimum Rust Version
+
+The current minimum rustc version for this project is `1.39`
+
+## Versioning
+
+Trust-DNS does it's best job to follow semver. Trust-DNS will be promoted to 1.0 upon stabilization of the publicly exposed APIs. This does not mean that Trust-DNS will necessarily break on upgrades between 0.x updates. Whenever possible, old APIs will be deprecated with notes on what replaced those deprecations. Trust-DNS will make a best effort to never break software which depends on it due to API changes, though this can not be guaranteed. Deprecated interfaces will be maintained for at minimum one major release after that in which they were deprecated (where possible), with the exception of the upgrade to 1.0 where all deprecated interfaces will be planned to be removed.

bin/benches/bind_conf/example.conf

@@ -1,7 +1,7 @@
 /*
    Trust-DNS bench setup:
       this is meant to mimic the trust-dns-server config
-      which is in tests/named_test_configs/example.toml
+      which is in tests/test-data/named_test_configs/example.toml
  */
 
 controls { /* empty */ };
@@ -15,30 +15,30 @@ options {
 
 zone "localhost" {
   type master;
-  file "../../server/tests/named_test_configs/default/localhost.zone";
+  file "../../../tests/test-data/named_test_configs/default/localhost.zone";
 };
 
 zone "0.0.127.in-addr.arpa" {
   type master;
-  file "../../server/tests/named_test_configs/default/127.0.0.1.zone";
+  file "../../../tests/test-data/named_test_configs/default/127.0.0.1.zone";
 };
 
 zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" {
   type master;
-  file "../../server/tests/named_test_configs/default/ipv6_1.zone";
+  file "../../../tests/test-data/named_test_configs/default/ipv6_1.zone";
 };
 
 zone "255.in-addr.arpa" {
   type master;
-  file "../../server/tests/named_test_configs/default/255.zone";
+  file "../../../tests/test-data/named_test_configs/default/255.zone";
 };
 
 zone "0.in-addr.arpa" {
   type master;
-  file "../../server/tests/named_test_configs/default/0.zone";
+  file "../../../tests/test-data/named_test_configs/default/0.zone";
 };
 
 zone "example.com" {
   type master;
-  file "../../server/tests/named_test_configs/example.com.zone";
+  file "../../../tests/test-data/named_test_configs/example.com.zone";
 };

bin/benches/comparison_benches.rs

@@ -96,11 +96,11 @@ fn trust_dns_process() -> (NamedProcess, u16) {
         .stdout(Stdio::null())
         .arg("-q") // TODO: need to rethink this one...
         .arg(&format!(
-            "--config={}/tests/named_test_configs/example.toml",
+            "--config={}/tests/test-data/named_test_configs/example.toml",
             server_path
         ))
         .arg(&format!(
-            "--zonedir={}/tests/named_test_configs",
+            "--zonedir={}/tests/test-data/named_test_configs",
             server_path
         ))
         .arg(&format!("--port={}", test_port))

bin/src/named.rs

@@ -56,7 +56,7 @@ use tokio_net::udp::UdpSocket;
 use trust_dns_client::rr::rdata::key::KeyUsage;
 use trust_dns_client::rr::Name;
 use trust_dns_server::authority::{AuthorityObject, Catalog, ZoneType};
-#[cfg(any(feature = "dns-over-tls", feature = "dnssec"))]
+#[cfg(feature = "dns-over-tls")]
 use trust_dns_server::config::dnssec::{self, TlsCertConfig};
 use trust_dns_server::config::{Config, ZoneConfig};
 use trust_dns_server::logger;
@@ -81,6 +81,7 @@ fn load_zone(
     let zone_path: Option<String> = zone_config.file.clone();
     let zone_type: ZoneType = zone_config.get_zone_type();
     let is_axfr_allowed = zone_config.is_axfr_allowed();
+    #[allow(unused_variables)]
     let is_dnssec_enabled = zone_config.is_dnssec_enabled();
 
     if zone_config.is_update_allowed() {

bin/tests/server_harness/mod.rs

@@ -52,17 +52,17 @@ where
     let server_path = env::var("TDNS_SERVER_SRC_ROOT").unwrap_or_else(|_| ".".to_owned());
     println!("using server src path: {}", server_path);
 
-    let mut named = Command::new(&format!("{}/../../target/debug/named", server_path))
+    let mut named = Command::new(&format!("{}/../target/debug/named", server_path))
         .stdout(Stdio::piped())
         .env(
             "RUST_LOG",
             "trust_dns_client=debug,trust_dns_https=debug,trust_dns_proto=debug,trust_dns_resolver=debug,trust_dns_server=debug",
         ).arg("-d")
         .arg(&format!(
-            "--config={}/tests/named_test_configs/{}",
+            "--config={}/../tests/test-data/named_test_configs/{}",
             server_path, toml
         )).arg(&format!(
-            "--zonedir={}/tests/named_test_configs",
+            "--zonedir={}/../tests/test-data/named_test_configs",
             server_path
         )).arg(&format!("--port={}", test_port))
         .arg(&format!("--tls-port={}", test_tls_port))

bin/tests/z_named_https_tests.rs

@@ -45,7 +45,7 @@ fn test_example_https_toml_startup() {
         println!("using server src path: {}", server_path);
 
         File::open(&format!(
-            "{}/tests/named_test_configs/sec/example.cert",
+            "{}/../tests/test-data/named_test_configs/sec/example.cert",
             server_path
         ))
         .expect("failed to open cert")

bin/tests/z_named_openssl_tests.rs

@@ -54,7 +54,7 @@ fn test_startup(toml: &'static str) {
         println!("using server src path: {}", server_path);
 
         File::open(&format!(
-            "{}/tests/named_test_configs/sec/example.cert",
+            "{}/../tests/test-data/named_test_configs/sec/example.cert",
             server_path
         ))
         .expect("failed to open cert")

bin/tests/z_named_rustls_tests.rs

@@ -46,7 +46,7 @@ fn test_example_tls_toml_startup() {
             println!("using server src path: {}", server_path);
 
             File::open(&format!(
-                "{}/tests/named_test_configs/sec/example.cert",
+                "{}/../tests/test-data/named_test_configs/sec/example.cert",
                 server_path
             ))
             .expect("failed to open cert")

bin/tests/z_named_test_rsa_dnssec.rs

@@ -120,7 +120,7 @@ fn generic_test(config_toml: &str, key_path: &str, key_format: KeyFormat, algori
 fn test_rsa_sha256() {
     generic_test(
         confg_toml(),
-        "tests/named_test_configs/dnssec/rsa_2048.pem",
+        "../tests/test-data/named_test_configs/dnssec/rsa_2048.pem",
         KeyFormat::Pem,
         Algorithm::RSASHA256,
     );
@@ -131,7 +131,7 @@ fn test_rsa_sha256() {
 fn test_rsa_sha512() {
     generic_test(
         confg_toml(),
-        "tests/named_test_configs/dnssec/rsa_2048.pem",
+        "../tests/test-data/named_test_configs/dnssec/rsa_2048.pem",
         KeyFormat::Pem,
         Algorithm::RSASHA512,
     );
@@ -142,7 +142,7 @@ fn test_rsa_sha512() {
 fn test_ecdsa_p256() {
     generic_test(
         confg_toml(),
-        "tests/named_test_configs/dnssec/ecdsa_p256.pem",
+        "../tests/test-data/named_test_configs/dnssec/ecdsa_p256.pem",
         KeyFormat::Pem,
         Algorithm::ECDSAP256SHA256,
     );
@@ -153,7 +153,7 @@ fn test_ecdsa_p256() {
 fn test_ecdsa_p256_pkcs8() {
     generic_test(
         confg_toml(),
-        "tests/named_test_configs/dnssec/ecdsa_p256.pk8",
+        "../tests/test-data/named_test_configs/dnssec/ecdsa_p256.pk8",
         KeyFormat::Pkcs8,
         Algorithm::ECDSAP256SHA256,
     );
@@ -164,7 +164,7 @@ fn test_ecdsa_p256_pkcs8() {
 fn test_ecdsa_p384() {
     generic_test(
         confg_toml(),
-        "tests/named_test_configs/dnssec/ecdsa_p384.pem",
+        "../tests/test-data/named_test_configs/dnssec/ecdsa_p384.pem",
         KeyFormat::Pem,
         Algorithm::ECDSAP384SHA384,
     );
@@ -175,7 +175,7 @@ fn test_ecdsa_p384() {
 fn test_ecdsa_p384_pkcs8() {
     generic_test(
         confg_toml(),
-        "tests/named_test_configs/dnssec/ecdsa_p384.pk8",
+        "../tests/test-data/named_test_configs/dnssec/ecdsa_p384.pk8",
         KeyFormat::Pkcs8,
         Algorithm::ECDSAP384SHA384,
     );
@@ -186,7 +186,7 @@ fn test_ecdsa_p384_pkcs8() {
 fn test_ed25519() {
     generic_test(
         confg_toml(),
-        "tests/named_test_configs/dnssec/ed25519.pk8",
+        "../tests/test-data/named_test_configs/dnssec/ed25519.pk8",
         KeyFormat::Pkcs8,
         Algorithm::ED25519,
     );
@@ -197,24 +197,26 @@ fn test_ed25519() {
 fn test_rsa_sha1_fails() {
     generic_test(
         confg_toml(),
-        "tests/named_test_configs/dnssec/rsa_2048.pem",
+        "../tests/test-data/named_test_configs/dnssec/rsa_2048.pem",
         KeyFormat::Pem,
         Algorithm::RSASHA1,
     );
 }
 
 #[cfg(feature = "dnssec-openssl")]
+#[cfg(feature = "sqlite")]
 #[test]
 fn test_dnssec_restart_with_update_journal() {
     // TODO: make journal path configurable, it should be in target/tests/...
     let server_path = env::var("TDNS_SERVER_SRC_ROOT").unwrap_or_else(|_| ".".to_owned());
     let server_path = Path::new(&server_path);
-    let journal = server_path.join("tests/named_test_configs/example.com_dnsec_update.jrnl");
+    let journal =
+        server_path.join("../tests/test-data/named_test_configs/example.com_dnsec_update.jrnl");
     std::fs::remove_file(&journal).ok();
 
     generic_test(
         "dnssec_with_update.toml",
-        "tests/named_test_configs/dnssec/rsa_2048.pem",
+        "../tests/test-data/named_test_configs/dnssec/rsa_2048.pem",
         KeyFormat::Pem,
         Algorithm::RSASHA256,
     );
@@ -225,7 +227,7 @@ fn test_dnssec_restart_with_update_journal() {
     // and all dnssec tests should still pass
     generic_test(
         "dnssec_with_update.toml",
-        "tests/named_test_configs/dnssec/rsa_2048.pem",
+        "../tests/test-data/named_test_configs/dnssec/rsa_2048.pem",
         KeyFormat::Pem,
         Algorithm::RSASHA256,
     );
@@ -239,17 +241,18 @@ fn test_dnssec_restart_with_update_journal() {
 }
 
 #[cfg(feature = "dnssec-openssl")]
+#[cfg(feature = "sqlite")]
 #[test]
 fn test_dnssec_restart_with_update_journal_dep() {
     // TODO: make journal path configurable, it should be in target/tests/...
     let server_path = env::var("TDNS_SERVER_SRC_ROOT").unwrap_or_else(|_| ".".to_owned());
     let server_path = Path::new(&server_path);
-    let journal = server_path.join("tests/named_test_configs/example.com.jrnl");
+    let journal = server_path.join("../tests/test-data/named_test_configs/example.com.jrnl");
     std::fs::remove_file(&journal).ok();
 
     generic_test(
         "dnssec_with_update_deprecated.toml",
-        "tests/named_test_configs/dnssec/rsa_2048.pem",
+        "../tests/test-data/named_test_configs/dnssec/rsa_2048.pem",
         KeyFormat::Pem,
         Algorithm::RSASHA256,
     );
@@ -260,7 +263,7 @@ fn test_dnssec_restart_with_update_journal_dep() {
     // and all dnssec tests should still pass
     generic_test(
         "dnssec_with_update_deprecated.toml",
-        "tests/named_test_configs/dnssec/rsa_2048.pem",
+        "../tests/test-data/named_test_configs/dnssec/rsa_2048.pem",
         KeyFormat::Pem,
         Algorithm::RSASHA256,
     );

crates/native-tls/src/tests.rs

@@ -82,14 +82,14 @@ fn tls_client_stream_test(server_addr: IpAddr, mtls: bool) {
         })
         .unwrap();
 
-    let server_path = env::var("TDNS_SERVER_SRC_ROOT").unwrap_or_else(|_| "../server".to_owned());
+    let server_path = env::var("TDNS_SERVER_SRC_ROOT").unwrap_or_else(|_| "../../bin".to_owned());
     println!("using server src path: {}", server_path);
 
-    let root_cert_der = read_file(&format!("{}/../../tests/test-data/ca.der", server_path));
+    let root_cert_der = read_file(&format!("{}/../tests/test-data/ca.der", server_path));
 
     // Generate X509 certificate
     let dns_name = "ns.example.com";
-    let server_pkcs12_der = read_file(&format!("{}/../../tests/test-data/cert.p12", server_path));
+    let server_pkcs12_der = read_file(&format!("{}/../tests/test-data/cert.p12", server_path));
 
     // TODO: need a timeout on listen
     let server = std::net::TcpListener::bind(SocketAddr::new(server_addr, 0)).unwrap();

crates/proto/src/rr/dnssec/rdata/dnskey.rs

@@ -415,7 +415,7 @@ mod tests {
         let mut decoder: BinDecoder = BinDecoder::new(bytes);
         let read_rdata = read(&mut decoder, Restrict::new(bytes.len() as u16));
         let read_rdata = read_rdata.expect("error decoding");
-        
+
         assert_eq!(rdata, read_rdata);
         assert!(rdata
             .to_digest(

crates/rustls/src/tests.rs

@@ -87,15 +87,15 @@ fn tls_client_stream_test(server_addr: IpAddr, mtls: bool) {
         })
         .unwrap();
 
-    let server_path = env::var("TDNS_SERVER_SRC_ROOT").unwrap_or_else(|_| "../server".to_owned());
+    let server_path = env::var("TDNS_SERVER_SRC_ROOT").unwrap_or_else(|_| "../../bin".to_owned());
     println!("using server src path: {}", server_path);
 
-    let root_cert_der = read_file(&format!("{}/../../tests/test-data/ca.der", server_path));
+    let root_cert_der = read_file(&format!("{}/../tests/test-data/ca.der", server_path));
     let root_cert_der_copy = root_cert_der.clone();
 
     // Generate X509 certificate
     let dns_name = "ns.example.com";
-    let server_pkcs12_der = read_file(&format!("{}/../../tests/test-data/cert.p12", server_path));
+    let server_pkcs12_der = read_file(&format!("{}/../tests/test-data/cert.p12", server_path));
 
     // TODO: need a timeout on listen
     let server = std::net::TcpListener::bind(SocketAddr::new(server_addr, 0)).unwrap();

crates/server/Cargo.toml

@@ -42,10 +42,10 @@ appveyor = { repository = "bluejekyll/trust-dns", branch = "master", service = "
 codecov = { repository = "bluejekyll/trust-dns", branch = "master", service = "github" }
 
 [features]
-default = ["sqlite", "trust-dns-resolver"]
-dnssec-openssl = ["dnssec", "openssl", "trust-dns-client/dnssec-openssl", "trust-dns-proto/dnssec-openssl"]
-dnssec-ring = ["dnssec", "trust-dns-client/dnssec-ring", "trust-dns-proto/dnssec-ring"]
+dnssec-openssl = ["dnssec", "openssl", "trust-dns-client/dnssec-openssl", "trust-dns-proto/dnssec-openssl", "trust-dns-resolver/dnssec-openssl"]
+dnssec-ring = ["dnssec", "trust-dns-client/dnssec-ring", "trust-dns-proto/dnssec-ring", "trust-dns-resolver/dnssec-ring"]
 dnssec = []
+resolver = ["trust-dns-resolver"]
 sqlite = ["rusqlite"]
 
 # TODO: Need to figure out how to be consistent with ring/openssl usage...
@@ -69,10 +69,6 @@ tls = ["dns-over-openssl"]
 name = "trust_dns_server"
 path = "src/lib.rs"
 
-[[bin]]
-name = "named"
-path = "src/named.rs"
-
 [dependencies]
 backtrace = "0.3"
 bytes = "0.4.9"

crates/server/README.md

@@ -2,7 +2,7 @@
 
 Trust-DNS Server is a library which implements the zone authoritory functionality.
 
-This library contains basic implementations for DNS zone hosting. It is capable of performing signing all records in the zone for server DNSSec RRSIG records associated with all records in a zone. There is also a `named` binary that can be generated from the library with `cargo install trust-dns-server`. Dynamic updates are supported via `SIG0` (an mTLS authentication method is under development).
+This library contains basic implementations for DNS zone hosting. It is capable of performing signing all records in the zone for server DNSSec RRSIG records associated with all records in a zone. There is also a `named` binary that can be generated from the library with `cargo install trust-dns`. Dynamic updates are supported via `SIG0` (an mTLS authentication method is under development).
 
 ## Features 
 

crates/server/src/store/file/authority.rs

@@ -258,7 +258,7 @@ mod tests {
     #[test]
     fn test_load_zone() {
         let config = FileConfig {
-            zone_file_path: "tests/named_test_configs/example.com.zone".to_string(),
+            zone_file_path: "../../tests/test-data/named_test_configs/example.com.zone".to_string(),
         };
         let authority = FileAuthority::try_from_config(
             Name::from_str("example.com.").unwrap(),

crates/server/src/store/in_memory/authority.rs

@@ -21,7 +21,9 @@ use trust_dns_client::rr::rdata::key::KEY;
 use trust_dns_client::rr::rdata::DNSSECRData;
 use trust_dns_client::rr::rdata::DNSSECRecordType;
 use trust_dns_client::rr::rdata::SOA;
-use trust_dns_client::rr::{DNSClass, LowerName, Name, RData, Record, RecordSet, RecordType, RrKey};
+use trust_dns_client::rr::{
+    DNSClass, LowerName, Name, RData, Record, RecordSet, RecordType, RrKey,
+};
 
 use crate::authority::{
     AnyRecords, AuthLookup, Authority, LookupError, LookupRecords, LookupResult, MessageRequest,
@@ -310,7 +312,7 @@ impl InMemoryAuthority {
         }
     }
 
-    #[cfg(feature = "sqlite")]
+    #[cfg(any(feature = "dnssec", feature = "sqlite"))]
     pub(crate) fn increment_soa_serial(&mut self) -> u32 {
         // we'll remove the SOA and then replace it
         let rr_key = RrKey::new(self.origin.clone(), RecordType::SOA);

crates/server/src/store/sqlite/authority.rs

@@ -18,7 +18,9 @@ use trust_dns_client::op::LowerQuery;
 use trust_dns_client::op::ResponseCode;
 use trust_dns_client::proto::rr::dnssec::rdata::key::KEY;
 use trust_dns_client::rr::dnssec::{DnsSecResult, Signer, SupportedAlgorithms};
-use trust_dns_client::rr::{DNSClass, LowerName, Name, RData, Record, RecordSet, RecordType, RrKey};
+use trust_dns_client::rr::{
+    DNSClass, LowerName, Name, RData, Record, RecordSet, RecordType, RrKey,
+};
 
 #[cfg(feature = "dnssec")]
 use crate::authority::UpdateRequest;

crates/server/tests/authority_battery/basic.rs

@@ -563,7 +563,7 @@ macro_rules! define_basic_test {
         $(
             #[test]
             fn $f () {
-                let authority = crate::$new("tests/named_test_configs/example.com.zone", module_path!(), stringify!($f));
+                let authority = crate::$new("../../tests/test-data/named_test_configs/example.com.zone", module_path!(), stringify!($f));
                 crate::authority_battery::basic::$f(authority);
             }
         )*

crates/server/tests/authority_battery/dnssec.rs

@@ -331,7 +331,7 @@ pub fn add_signers<A: Authority<Lookup = AuthLookup>>(authority: &mut A) -> Vec<
     // rsa
     {
         let key_config = KeyConfig {
-            key_path: "tests/named_test_configs/dnssec/rsa_2048.pem".to_string(),
+            key_path: "../../tests/test-data/named_test_configs/dnssec/rsa_2048.pem".to_string(),
             password: Some("123456".to_string()),
             algorithm: Algorithm::RSASHA512.to_string(),
             signer_name: Some(signer_name.clone().to_string()),
@@ -353,7 +353,7 @@ pub fn add_signers<A: Authority<Lookup = AuthLookup>>(authority: &mut A) -> Vec<
     // // ecdsa_p256
     // {
     //     let key_config = KeyConfig {
-    //         key_path: "tests/named_test_configs/dnssec/ecdsa_p256.pem".to_string(),
+    //         key_path: "../../tests/test-data/named_test_configs/dnssec/ecdsa_p256.pem".to_string(),
     //         password: None,
     //         algorithm: Algorithm::ECDSAP256SHA256.to_string(),
     //         signer_name: Some(signer_name.clone().to_string()),
@@ -370,7 +370,7 @@ pub fn add_signers<A: Authority<Lookup = AuthLookup>>(authority: &mut A) -> Vec<
     // // ecdsa_p384
     // {
     //     let key_config = KeyConfig {
-    //         key_path: "tests/named_test_configs/dnssec/ecdsa_p384.pem".to_string(),
+    //         key_path: "../../tests/test-data/named_test_configs/dnssec/ecdsa_p384.pem".to_string(),
     //         password: None,
     //         algorithm: Algorithm::ECDSAP384SHA384.to_string(),
     //         signer_name: Some(signer_name.clone().to_string()),
@@ -388,7 +388,7 @@ pub fn add_signers<A: Authority<Lookup = AuthLookup>>(authority: &mut A) -> Vec<
     #[cfg(feature = "dnssec-ring")]
     {
         let key_config = KeyConfig {
-            key_path: "tests/named_test_configs/dnssec/ed25519.pk8".to_string(),
+            key_path: "../../tests/test-data/named_test_configs/dnssec/ed25519.pk8".to_string(),
             password: None,
             algorithm: Algorithm::ED25519.to_string(),
             signer_name: Some(signer_name.clone().to_string()),
@@ -414,7 +414,7 @@ macro_rules! define_dnssec_test {
         $(
             #[test]
             fn $f () {
-                let mut authority = crate::$new("tests/named_test_configs/example.com.zone", module_path!(), stringify!($f));
+                let mut authority = crate::$new("../../tests/test-data/named_test_configs/example.com.zone", module_path!(), stringify!($f));
                 let keys = crate::authority_battery::dnssec::add_signers(&mut authority);
                 crate::authority_battery::dnssec::$f(authority, &keys);
             }

crates/server/tests/authority_battery/dynamic_update.rs

@@ -616,7 +616,7 @@ pub fn add_auth<A: Authority<Lookup = AuthLookup>>(authority: &mut A) -> Vec<Sig
     #[cfg(feature = "dnssec-openssl")]
     {
         let key_config = KeyConfig {
-            key_path: "tests/named_test_configs/dnssec/rsa_2048.pem".to_string(),
+            key_path: "../../tests/test-data/named_test_configs/dnssec/rsa_2048.pem".to_string(),
             password: Some("123456".to_string()),
             algorithm: Algorithm::RSASHA512.to_string(),
             signer_name: Some(update_name.clone().to_string()),
@@ -642,7 +642,7 @@ pub fn add_auth<A: Authority<Lookup = AuthLookup>>(authority: &mut A) -> Vec<Sig
     // // ecdsa_p256
     // {
     //     let key_config = KeyConfig {
-    //         key_path: "tests/named_test_configs/dnssec/ecdsa_p256.pem".to_string(),
+    //         key_path: "tests/test-data/named_test_configs/dnssec/ecdsa_p256.pem".to_string(),
     //         password: None,
     //         algorithm: Algorithm::ECDSAP256SHA256.to_string(),
     //         signer_name: Some(signer_name.clone().to_string()),
@@ -659,7 +659,7 @@ pub fn add_auth<A: Authority<Lookup = AuthLookup>>(authority: &mut A) -> Vec<Sig
     // // ecdsa_p384
     // {
     //     let key_config = KeyConfig {
-    //         key_path: "tests/named_test_configs/dnssec/ecdsa_p384.pem".to_string(),
+    //         key_path: "../../tests/test-data/named_test_configs/dnssec/ecdsa_p384.pem".to_string(),
     //         password: None,
     //         algorithm: Algorithm::ECDSAP384SHA384.to_string(),
     //         signer_name: Some(signer_name.clone().to_string()),
@@ -677,7 +677,7 @@ pub fn add_auth<A: Authority<Lookup = AuthLookup>>(authority: &mut A) -> Vec<Sig
     #[cfg(feature = "dnssec-ring")]
     {
         let key_config = KeyConfig {
-            key_path: "tests/named_test_configs/dnssec/ed25519.pk8".to_string(),
+            key_path: "../../tests/test-data/named_test_configs/dnssec/ed25519.pk8".to_string(),
             password: None,
             algorithm: Algorithm::ED25519.to_string(),
             signer_name: Some(update_name.clone().to_string()),
@@ -707,7 +707,7 @@ macro_rules! define_update_test {
         $(
             #[test]
             fn $f () {
-                let mut authority = crate::$new("tests/named_test_configs/example.com.zone", module_path!(), stringify!($f));
+                let mut authority = crate::$new("../../tests/test-data/named_test_configs/example.com.zone", module_path!(), stringify!($f));
                 let keys = crate::authority_battery::dynamic_update::add_auth(&mut authority);
                 crate::authority_battery::dynamic_update::$f(authority, &keys);
             }

crates/server/tests/config_tests.rs

@@ -29,7 +29,8 @@ use trust_dns_server::config::*;
 #[test]
 fn test_read_config() {
     let server_path = env::var("TDNS_SERVER_SRC_ROOT").unwrap_or_else(|_| ".".to_owned());
-    let path: PathBuf = PathBuf::from(server_path).join("tests/named_test_configs/example.toml");
+    let path: PathBuf =
+        PathBuf::from(server_path).join("../../tests/test-data/named_test_configs/example.toml");
 
     if !path.exists() {
         panic!("can't locate example.toml and other configs: {:?}", path)
@@ -254,7 +255,7 @@ tls_listen_port = 8853
 }
 
 fn test_config(path: &str) {
-    let path = PathBuf::from("tests/named_test_configs")
+    let path = PathBuf::from("../../tests/test-data/named_test_configs")
         .join(path)
         .with_extension("toml");
     assert!(path.exists(), "does not exist: {}", path.display());

crates/server/tests/store_file_tests.rs

@@ -34,7 +34,8 @@ dnssec_battery!(file);
 #[test]
 fn test_all_lines_are_loaded() {
     let config = FileConfig {
-        zone_file_path: "tests/named_test_configs/default/nonewline.zone".to_string(),
+        zone_file_path: "../../tests/test-data/named_test_configs/default/nonewline.zone"
+            .to_string(),
     };
 
     let authority = FileAuthority::try_from_config(

scripts/cargo_publish.sh

@@ -5,7 +5,7 @@ set -x
 trust_dns_dir=$(dirname $0)/..
 cd ${trust_dns_dir:?}
 
-packages_ordered="proto openssl native-tls rustls https client resolver server"
+packages_ordered="crates/proto crates/openssl crates/native-tls crates/rustls crates/https crates/client crates/resolver crates/server bin util"
 
 ## dry-run
 cargo check
@@ -14,13 +14,9 @@ for p in ${packages_ordered:?} ; do
     cargo update -p trust-dns-proto
     cargo update -p trust-dns-client
     cargo update -p trust-dns-resolver
+    cargo update -p trust-dns-server
     echo "====> dry-run publish $p"
-    cargo publish --verbose --locked --dry-run --manifest-path crates/${p:?}/Cargo.toml
+    cargo publish --verbose --locked --dry-run --manifest-path ${p:?}/Cargo.toml
     echo "====> publishing $p"
-    cargo publish --verbose --locked --manifest-path crates/${p:?}/Cargo.toml
+    cargo publish --verbose --locked --manifest-path ${p:?}/Cargo.toml
 done
-
-echo "====> dry-run publish util"
-cargo publish --verbose --locked --dry-run --manifest-path util/Cargo.toml
-echo "====> publishing util"
-cargo publish --verbose --locked --manifest-path util/Cargo.toml

scripts/run_clippy.sh

@@ -16,6 +16,7 @@ $CARGO clean -p trust-dns-rustls
 $CARGO clean -p trust-dns-openssl
 $CARGO clean -p trust-dns-https
 $CARGO clean -p trust-dns-native-tls
+$CARGO clean -p trust-dns
 $CARGO clean -p trust-dns-compatibility
 $CARGO clean -p trust-dns-integration
 

scripts/run_kcov.sh

@@ -41,7 +41,7 @@ TEST_PATH=${PROJECT:?}/target/debug
 mkdir -p ${KCOV_TARGET:?}
 
 # needed to tell some config tests where the server root directory is
-export TDNS_SERVER_SRC_ROOT=${PROJECT:?}/crates/server
+export TDNS_SERVER_SRC_ROOT=${PROJECT:?}/bin
 export COVERALLS_PARALLEL=true
 
 SRC_PATHS=\
@@ -52,7 +52,8 @@ ${PROJECT:?}/crates/proto/src,\
 ${PROJECT:?}/crates/https/src,\
 ${PROJECT:?}/crates/resolver/src,\
 ${PROJECT:?}/crates/rustls/src,\
-${PROJECT:?}/crates/server/src
+${PROJECT:?}/crates/server/src,\
+${PROJECT:?}/bin/src
 
 EXCLUDE_PATHS=\
 ${PROJECT:?}/crates/client/src/error,\

scripts/test_all_features.sh

@@ -15,4 +15,5 @@ cargo test --manifest-path crates/rustls/Cargo.toml --all-features
 cargo test --manifest-path crates/https/Cargo.toml --all-features
 cargo test --manifest-path crates/resolver/Cargo.toml --all-features
 cargo test --manifest-path crates/server/Cargo.toml --all-features
+cargo test --manifest-path bin/Cargo.toml --all-features
 cargo test --manifest-path tests/integration-tests/Cargo.toml --all-features

scripts/test_default_features.sh

@@ -15,6 +15,7 @@ cargo test --manifest-path crates/rustls/Cargo.toml
 cargo test --manifest-path crates/https/Cargo.toml
 cargo test --manifest-path crates/resolver/Cargo.toml
 cargo test --manifest-path crates/server/Cargo.toml
+cargo test --manifest-path bin/Cargo.toml
 cargo test --manifest-path tests/integration-tests/Cargo.toml
 
 # All examples should go here

scripts/test_dns_over_openssl.sh

@@ -8,4 +8,5 @@ cd ${trust_dns_dir:?}
 # Build all tests
 cargo test --manifest-path crates/resolver/Cargo.toml --features dns-over-openssl
 cargo test --manifest-path crates/server/Cargo.toml --features dns-over-openssl
+cargo test --manifest-path bin/Cargo.toml --features dns-over-openssl
 cargo test --manifest-path tests/integration-tests/Cargo.toml --features dns-over-openssl

scripts/test_dns_over_rustls.sh

@@ -8,4 +8,5 @@ cd ${trust_dns_dir:?}
 # Build all tests
 cargo test --manifest-path crates/resolver/Cargo.toml --features dns-over-rustls,dns-over-https-rustls
 cargo test --manifest-path crates/server/Cargo.toml --features dns-over-https-rustls,dns-over-rustls
+cargo test --manifest-path bin/Cargo.toml --features dns-over-https-rustls,dns-over-rustls
 cargo test --manifest-path tests/integration-tests/Cargo.toml --features dns-over-https-rustls

scripts/test_dnssec_openssl.sh

@@ -10,4 +10,5 @@ cargo test --manifest-path crates/proto/Cargo.toml --features dnssec-openssl
 cargo test --manifest-path crates/client/Cargo.toml --features dnssec-openssl
 cargo test --manifest-path crates/resolver/Cargo.toml --features dnssec-openssl
 cargo test --manifest-path crates/server/Cargo.toml --features dnssec-openssl
+cargo test --manifest-path bin/Cargo.toml --features dnssec-openssl
 cargo test --manifest-path tests/integration-tests/Cargo.toml --features dnssec-openssl

scripts/test_dnssec_ring.sh

@@ -10,4 +10,5 @@ cargo test --manifest-path crates/proto/Cargo.toml --features dnssec-ring
 cargo test --manifest-path crates/client/Cargo.toml --features dnssec-ring
 cargo test --manifest-path crates/resolver/Cargo.toml --features dnssec-ring
 cargo test --manifest-path crates/server/Cargo.toml --features dnssec-ring
+cargo test --manifest-path bin/Cargo.toml --features dnssec-ring
 cargo test --manifest-path tests/integration-tests/Cargo.toml --features dnssec-ring

scripts/test_no_default_features.sh

@@ -15,4 +15,5 @@ cargo test --manifest-path crates/rustls/Cargo.toml --no-default-features
 cargo test --manifest-path crates/https/Cargo.toml --no-default-features
 cargo test --manifest-path crates/resolver/Cargo.toml --no-default-features --features tokio
 cargo test --manifest-path crates/server/Cargo.toml --no-default-features
+cargo test --manifest-path bin/Cargo.toml --no-default-features
 cargo test --manifest-path tests/integration-tests/Cargo.toml --no-default-features

scripts/test_windows.bat

@@ -13,6 +13,7 @@ if [%DEFAULT_SUITE%] EQU [1] (
     cargo test --manifest-path crates\server\Cargo.toml
     cargo test --manifest-path tests\integration-tests\Cargo.toml
     cargo run --manifest-path crates\resolver\Cargo.toml --example global_resolver
+    cargo run --manifest-path bin\Cargo.toml --example global_resolver
     cargo run --manifest-path crates\resolver\Cargo.toml --example multithreaded_runtime
 )
 
@@ -21,6 +22,7 @@ if [%ALL_FEATURES_SUITE%] EQU [1] (
     cargo test --manifest-path crates\client\Cargo.toml --all-features
     cargo test --manifest-path crates\resolver\Cargo.toml --all-features
     cargo test --manifest-path crates\server\Cargo.toml --all-features
+    cargo test --manifest-path bin\Cargo.toml --all-features
     cargo test --manifest-path tests\integration-tests\Cargo.toml --all-features
 )
 
@@ -29,6 +31,7 @@ if [%NO_DEFAULT_FEATURES_SUITE%] EQU [1] (
     cargo test --manifest-path crates\client\Cargo.toml --no-default-features
     cargo test --manifest-path crates\resolver\Cargo.toml --no-default-features --features tokio
     cargo test --manifest-path crates\server\Cargo.toml --no-default-features
+    cargo test --manifest-path bin\Cargo.toml --no-default-features
     cargo test --manifest-path tests\integration-tests\Cargo.toml --no-default-features
 )
 
@@ -37,6 +40,7 @@ if [%DNSSEC_OPENSSL_SUITE%] EQU [1] (
     cargo test --manifest-path crates\client\Cargo.toml --no-default-features --features=dnssec-openssl
     cargo test --manifest-path crates\resolver\Cargo.toml --no-default-features --features=dnssec-openssl
     cargo test --manifest-path crates\server\Cargo.toml --no-default-features --features=dnssec-openssl
+    cargo test --manifest-path bin\Cargo.toml --no-default-features --features=dnssec-openssl
     cargo test --manifest-path tests\integration-tests\Cargo.toml --no-default-features --features=dnssec-openssl
 )
 
@@ -45,6 +49,7 @@ if [%DNSSEC_RING_SUITE%] EQU [1] (
     cargo test --manifest-path crates\client\Cargo.toml --no-default-features --features=dnssec-ring
     cargo test --manifest-path crates\resolver\Cargo.toml --no-default-features --features=dnssec-ring
     cargo test --manifest-path crates\server\Cargo.toml --no-default-features --features=dnssec-ring
+    cargo test --manifest-path bin\Cargo.toml --no-default-features --features=dnssec-ring
     cargo test --manifest-path tests\integration-tests\Cargo.toml --no-default-features --features=dnssec-ring
 )
 
@@ -56,6 +61,7 @@ if [%DNS_OVER_TLS_SUITE%] EQU [1] (
     cargo test --manifest-path crates\resolver\Cargo.toml --features=dns-over-native-tls
     cargo test --manifest-path crates\resolver\Cargo.toml --features=dns-over-openssl
     cargo test --manifest-path crates\server\Cargo.toml --features=dns-over-openssl
+    cargo test --manifest-path bin\Cargo.toml --features=dns-over-openssl
     cargo test --manifest-path tests\integration-tests\Cargo.toml --features=dns-over-openssl
     cargo test --manifest-path crates\resolver\Cargo.toml --features=dns-over-rustls
 )

tests/compatibility-tests/tests/conf/bind-example.conf

@@ -1,7 +1,7 @@
 /*
    Trust-DNS bench setup:
       this is meant to mimic the trust-dns-server config
-      which is in tests/named_test_configs/example.toml
+      which is in tests/test-data/named_test_configs/example.toml
  */
 
 controls { /* empty */ };
@@ -17,27 +17,27 @@ options {
 
 zone "localhost" {
   type master;
-  file "../../crates/server/tests/named_test_configs/default/localhost.zone";
+  file "../../crates/server/tests/test-data/named_test_configs/default/localhost.zone";
 };
 
 zone "0.0.127.in-addr.arpa" {
   type master;
-  file "../../crates/server/tests/named_test_configs/default/127.0.0.1.zone";
+  file "../../crates/server/tests/test-data/named_test_configs/default/127.0.0.1.zone";
 };
 
 zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" {
   type master;
-  file "../../crates/server/tests/named_test_configs/default/ipv6_1.zone";
+  file "../../crates/server/tests/test-data/named_test_configs/default/ipv6_1.zone";
 };
 
 zone "255.in-addr.arpa" {
   type master;
-  file "../../crates/server/tests/named_test_configs/default/255.zone";
+  file "../../crates/server/tests/test-data/named_test_configs/default/255.zone";
 };
 
 zone "0.in-addr.arpa" {
   type master;
-  file "../../crates/server/tests/named_test_configs/default/0.zone";
+  file "../../crates/server/tests/test-data/named_test_configs/default/0.zone";
 };
 
 zone "example.com" {

tests/test-data/named_test_configs/all_supported_dnssec.toml

@@ -40,7 +40,7 @@ file = "example.com.zone"
 enable_dnssec = true
 
 [[zones.keys]]
-key_path = "./tests/named_test_configs/dnssec/rsa_2048.pem"
+key_path = "../tests/test-data/named_test_configs/dnssec/rsa_2048.pem"
 ## the password used to encrypt/decrypt the file (must be PEM), blank for none
 password = "123456"
 ## specify the algorithm
@@ -53,37 +53,37 @@ is_zone_signing_key = true
 # create_if_absent = false
 
 [[zones.keys]]
-key_path = "./tests/named_test_configs/dnssec/rsa_2048.pem"
+key_path = "../tests/test-data/named_test_configs/dnssec/rsa_2048.pem"
 password = "123456"
 algorithm = "RSASHA512"
 is_zone_signing_key = true
 
 [[zones.keys]]
-key_path = "./tests/named_test_configs/dnssec/ecdsa_p256.pem"
+key_path = "../tests/test-data/named_test_configs/dnssec/ecdsa_p256.pem"
 # password = "123456"
 algorithm = "ECDSAP256SHA256"
 is_zone_signing_key = true
 
 [[zones.keys]]
-key_path = "./tests/named_test_configs/dnssec/ecdsa_p384.pem"
+key_path = "../tests/test-data/named_test_configs/dnssec/ecdsa_p384.pem"
 # password = "123456"
 algorithm = "ECDSAP384SHA384"
 is_zone_signing_key = true
 
 [[zones.keys]]
 # Requires --features=ring
-key_path = "./tests/named_test_configs/dnssec/ecdsa_p256.pk8"
+key_path = "../tests/test-data/named_test_configs/dnssec/ecdsa_p256.pk8"
 algorithm = "ECDSAP256SHA256"
 is_zone_signing_key = true
 
 [[zones.keys]]
 # Requires --features=ring
-key_path = "./tests/named_test_configs/dnssec/ecdsa_p384.pk8"
+key_path = "../tests/test-data/named_test_configs/dnssec/ecdsa_p384.pk8"
 algorithm = "ECDSAP384SHA384"
 is_zone_signing_key = true
 
 [[zones.keys]]
 # Requires --features=ring
-key_path = "./tests/named_test_configs/dnssec/ed25519.pk8"
+key_path = "../tests/test-data/named_test_configs/dnssec/ed25519.pk8"
 algorithm = "ED25519"
 is_zone_signing_key = true

tests/test-data/named_test_configs/dnssec_with_update.toml

@@ -46,7 +46,7 @@ enable_dnssec = true
 stores = { type = "sqlite", zone_file_path = "example.com.zone", journal_file_path = "example.com_dnsec_update.jrnl", allow_update = true }
 
 [[zones.keys]]
-key_path = "./tests/named_test_configs/dnssec/rsa_2048.pem"
+key_path = "../tests/test-data/named_test_configs/dnssec/rsa_2048.pem"
 ## the password used to encrypt/decrypt the file (must be PEM), blank for none
 password = "123456"
 ## specify the algorithm
@@ -59,7 +59,7 @@ is_zone_signing_key = true
 # create_if_absent = false
 
 [[zones.keys]]
-key_path = "./tests/named_test_configs/dnssec/rsa_2048.pem"
+key_path = "../tests/test-data/named_test_configs/dnssec/rsa_2048.pem"
 password = "123456"
 algorithm = "RSASHA512"
 is_zone_signing_key = false

tests/test-data/named_test_configs/dnssec_with_update_deprecated.toml

@@ -51,7 +51,7 @@ allow_update = true
 enable_dnssec = true
 
 [[zones.keys]]
-key_path = "./tests/named_test_configs/dnssec/rsa_2048.pem"
+key_path = "../tests/test-data/named_test_configs/dnssec/rsa_2048.pem"
 ## the password used to encrypt/decrypt the file (must be PEM), blank for none
 password = "123456"
 ## specify the algorithm
@@ -64,7 +64,7 @@ is_zone_signing_key = true
 # create_if_absent = false
 
 [[zones.keys]]
-key_path = "./tests/named_test_configs/dnssec/rsa_2048.pem"
+key_path = "../tests/test-data/named_test_configs/dnssec/rsa_2048.pem"
 password = "123456"
 algorithm = "RSASHA512"
 is_zone_signing_key = false

tests/test-data/named_test_configs/openssl_dnssec.toml

@@ -40,7 +40,7 @@ file = "example.com.zone"
 enable_dnssec = true
 
 [[zones.keys]]
-key_path = "./tests/named_test_configs/dnssec/rsa_2048.pem"
+key_path = "../tests/test-data/named_test_configs/dnssec/rsa_2048.pem"
 ## the password used to encrypt/decrypt the file (must be PEM), blank for none
 password = "123456"
 ## specify the algorithm
@@ -53,19 +53,19 @@ is_zone_signing_key = true
 # create_if_absent = false
 
 [[zones.keys]]
-key_path = "./tests/named_test_configs/dnssec/rsa_2048.pem"
+key_path = "../tests/test-data/named_test_configs/dnssec/rsa_2048.pem"
 password = "123456"
 algorithm = "RSASHA512"
 is_zone_signing_key = true
 
 [[zones.keys]]
-key_path = "./tests/named_test_configs/dnssec/ecdsa_p256.pem"
+key_path = "../tests/test-data/named_test_configs/dnssec/ecdsa_p256.pem"
 # password = "123456"
 algorithm = "ECDSAP256SHA256"
 is_zone_signing_key = true
 
 [[zones.keys]]
-key_path = "./tests/named_test_configs/dnssec/ecdsa_p384.pem"
+key_path = "../tests/test-data/named_test_configs/dnssec/ecdsa_p384.pem"
 # password = "123456"
 algorithm = "ECDSAP384SHA384"
 is_zone_signing_key = true

tests/test-data/named_test_configs/ring_dnssec.toml

@@ -41,18 +41,18 @@ enable_dnssec = true
 
 [[zones.keys]]
 # Requires --features=ring
-key_path = "./tests/named_test_configs/dnssec/ecdsa_p256.pk8"
+key_path = "../tests/test-data/named_test_configs/dnssec/ecdsa_p256.pk8"
 algorithm = "ECDSAP256SHA256"
 is_zone_signing_key = true
 
 [[zones.keys]]
 # Requires --features=ring
-key_path = "./tests/named_test_configs/dnssec/ecdsa_p384.pk8"
+key_path = "../tests/test-data/named_test_configs/dnssec/ecdsa_p384.pk8"
 algorithm = "ECDSAP384SHA384"
 is_zone_signing_key = true
 
 [[zones.keys]]
 # Requires --features=ring
-key_path = "./tests/named_test_configs/dnssec/ed25519.pk8"
+key_path = "../tests/test-data/named_test_configs/dnssec/ed25519.pk8"
 algorithm = "ED25519"
 is_zone_signing_key = true