This is a project I started writing about 10 months ago, it was working on this project that I fell in love with Rust specifically because of the ease of writing finite state machines. I’m hoping to get trust-dns.org self hosting on it’s year birthday, but there’s a bunch of last mile stuff left to do that (mostly operations stuff). This represents the first release where I think I would stand by the Client being used.
The Client can be used to validate DNSSec with NSEC (I don’t plan to support NSEC3 at this time). It also supports some other high level operations around dynamic DNS, the coolest one is a compare_and_swap(). This release was rather large:
## 0.6.0 2016-06-01
### Added
- Documentation on all modules, and many standard RFC types
- Authority zone signing now complete, still need to load/save private keys
- DNSKEYs auto inserted for added private keys
- New mocked network client tests, to verify zone signing
- NSEC record creation for zone, with tests
- SIG0 validation for Authentication on for dynamic updates
- Client CQADDD operations, delete_by_rdata, delete_rrset, delete_all
- Client compare_and_swap operation... atomics are here!
### Fixed
- Added loop on TCP accept requests
- Added loop on UDP reads
- Upgraded to mio 0.5.1 for some bug fixes
- Not returning RRSIGs with SOA records on authoritative answers
### Changed
- Internal representation of record sets now a full data structure
- Better rrset keys for fewer clones
- Removed many excessive clones (should make requests even faster)
- Cleaned up authority upsert and lookup interfaces
- All authorities default to IN DNSCLASS now (none others currently supported)
- Cleaned up the Signer interface to support zone signing
- Simplified RData variant implementations
- Improved ENDS and SIG0 parsing on Message deserialization
Up next is support for TSIG (only SIG0 public/private key authentication is supported at the moment). Then on to persistence on the server (this is necessary for restart/crash survivability). After that I’ll start working on dynamic master/slave replication (possibly implementing Raft directly into the DNS protocols, which would be kinda cool). I’ve considered breaking apart the different pieces into three different crates, something that could be done upon request (to say make the Client package smaller for users), open an issue if this is something you’d like.
Anyway, I’d love feedback!