All notable changes to this project will be documented in this file. This project adheres to Semantic Versioning.
- Updated
trust-dns-prototo0.3, which brings in betterNameandLabelimpls - rusqlite updated to 0.13 #331 (@oherrala)
- Many serialization improvements #317
NameandLabelnow support idna, punycode, seeName::from_strtrust_dns::rr::ZoneUsagefor detecting restrictions onNames and their associated zones
- octal escapes fixed in
Nameparsing #330 NULLrecord type incorrectly valued at0to proper10#329 (@jannic)
- TRust-DNS Proto crate to separate server management from base operations #222
- TRust-DNS Util crate for dnssec management tools (@briansmith)
- Integration tests for Server to validate all supported DNSSec key types
- breaking Common features
dnssec-ring,dnssec-openssl, anddnssecacross all crates (replacesopensslandringfeatures) - Clarified
tlsfeature withtls-openssl, andtlsin server (in preperation fortls-rustls) - Support for rfc6844, CAA record type #234
- Support for rfc6698, TLSA record type #285
- Clippy validation in CI #288 (@little-dude)
- DNSKEY is now self-signed
- Internal API changes to
clientcalling intoprotofor actual implementations - Large refactoring of internal APIs to more cleanly support *ring* and OpenSSL features (@briansmith)
ClientHandle::sendmoved totrust_dns_proto::DnsHandle::send(internal API)- Many interfaces moved from
client::ClientStreamHandletotrust_dns_proto::DnsStreamHandle Message::signhas been renamed and change to the more general methodMessage::finalize- Some
io::Errors have been converted totrust_dns_proto::ProtoError SyncClientandSecureSyncClientare nowSend + Sync#245- Unknown RecordTypes and RDatas will no longer error #294
- Server: signing issues when loading from persistence
- Server: When SupportedAlgorithms (rfc6975) not supplied default to returning all signatures #215
- Proto: u16::from(DNSClass) now enforces OPT is greater than/or 512 per spec #303
- Improve usage of Rand for message ids and port assignment #291 & #292
- NxDomain and empty NoData responses to be compliant #286 (lots of help from @Darkspirit)
- Removed the
NativeTlsandOpenSSLClientConnectionvariants, use the Rustls impls or the tokio basedTlsClientStreaminstead. This was required forSyncClientbeingSend + Sync - Server: no longer auto-generate keys on startup #218
- All deprecated APIs removed from -proto #262
- Server: removed deprated RSA config loading options, see reference test cargo.tomls #276 (@briansmith)
- Server was not properly signing zone after fresh start
- RSA and ECDSA validation with ring for DNSSec, removes dependency on openssl (@briansmith)
lookuptoClientHandle, simpler form withQueryquerytoQueryfor ease of Query creation
- Large celanup of signing and verification paths in DNSSec (@briansmith)
- breaking changed
TrustAnchor::insert_trust_anchorto more safely consumePublicKeyrather thanVec<u8>
(README.md documentation changes for crates.io)
- Updates to
Name::is_fqdnfor more accuracy (@rushmorem)
- per project Readme.md for crates.io
Name::FromStrfor simpler parsing, specify trailing.for FQDNName::append_labelfor clearer usage while appending labels to a NameName::append_namefor clearer usage while appending one name to anotherName::append_domainalias for append_name and marking as FQDN
- breaking all
&mut selfmethods onNamedeprecated as unsafe, Name labels are now immutable. - breaking All
ClientHandletraits now take&Handleinstead ofHandle(@rushmorem) - warning
Namenow tracks if it is a fully qualified domain name, slightly changes name parsing rules, allowingwww.example.comwithout the trailing., which means that FQDN names are not enforced.
- deprecated
Name::with_labelsseeName::from_labels - deprecated
Name::appendwasn't clean, seeName::append_name - deprecated
Name::add_labelexposed internal data structure, seeName::append_label - deprecated
Name::labelunclear usage/name, seeName::append_label - deprecated
Name::prepend_labelexposed internal data structure, unclear usage no replacement - deprecated
Record::add_nameunclear usage no replacement
- Library documentation, examples for client query and update
- ServerFuture now Accepts generic RequestHandler (@Antti)
- Allow more options with Key and KeyUsage
- Initial Resolver implementation
- NSEC coverage bitmap overflow in nightly
- Name::zone_of panic (@SAPikachu)
- Proper TCP connection timeout
- Fixed signature format of ECDSA (@SAPikachu) #141
- Fixed format of ED25519 keys (@briansmith) #129
- Revamped signer and keypair to better deal with public key (possible breaking change)
- Upgraded ring to 0.9.x series, requires pkcs8 for key storage
- Dropped support for dangerous private key byte access (possible breaking change)
- Upgraded tokio-rustls and rustls dependencies to support ring updates
- PublicKey and Verifier for verifying with zero copy from KEY and DNSKEY (possible breaking change)
- Pkcs8 as a supported KeyFormat for storage (possible breaking change)
- Added
From<IpAddr>for Name (reverse DNS) #105 - AppVeyor support #103
- rustls client tls support (separate crate)
- full support for KEY RR in client
- compatibility tests with BIND for SIG0 updates
- Added full implementation of KEY type
- Updated TLS documentation, added more elsewhere, docs required; fixes #102
- Upgraded tokio-core and moved to tokio-io
- Important Some
Servertypes have been migrated to RFC#344 style.get_field()->field();field()->set_field() - Moved native-tls client impl to separate crate
- Defaulted to OpenSSL for tls implementation
- key_tag calculation for DNSKEY and KEY now correct #118 (@jannic)
- SIG0 signing fixed to match RFC and BIND #120 (@jannic)
- Important Possible breaking API change, the original Client has been renamed.
In an attempt to reduce the overhead of managing the project. The original
Client has now been revamped to essentially be a synchronous Client over the
ClientFuture implementation. The ClientFuture has proven to be a more stable
and reliable implementation. It was attempted to make the move seamless,
but two new types were introduced, SyncClient and SecureSyncClient, which
are both synchronous implementations of the old Client function interfaces.
Please read those docs on those new types and the Client trait.
- When EDNS option is present, return only the digest understood matching RRSETs
- All code reformatted with rustfmt
- Important breaking change, all
Recordand associated types have been migrated to RFC#344 style.get_field()->field();field()->set_field()
- Important The original Server implementation was removed entirely.
Please use the ServerFuture implementation from now on. Sorry for the inconvenience, but this is necessary to make sure that the software remains at a high quality and there is no easy way to migrate the original Server to use ServerFuture.
- Initial support for ECDSAP256SHA256, ECDSAP384SHA384 and ED25519 (client and server)
- additional config options for keys to named, see
tests/named_test_configs/example.toml - Added DNS over TLS support, RFC 7858, #38
- Added native-tls with support for macOS and Linux (DNS over TLS)
- matrixed tests for all features to Travis
- updated to rust-openssl 0.9.x series
- restructured dnssec code to better support alternate key formats
- mio_client is now an optional feature in favor of the futures-rs ClientFuture
- OpenSSL is now an optional feature for the client
- new ServerFuture tokio and futures based server, #61
- UdpStream & TcpSteam to support stream of messages with src address
- TimeoutStream to wrap TcpStreams to help guard against malicious clients
- Added Notify support to ClientFuture
- Added IntoRecordSet and conversion impls for RecordSet and Record
- Split Server and Client into separate crates, #43
- Moved many integration tests to
testsfromsrc, #52 - Migrated all handles to new futures::sync::mpsc impls
- Modified all requisite client methods for IntoRecordSet.
- All client methods now support multiple records per query, update, notify and delete
- Flush TcpStream after fully sending Message
- Recognize no bytes read as closed TcpStream
- Fix build on rustc 1.11, #66
- SecureClientHandle, for future based DNSSec validation.
- ClientFuture, futures based client implementation, #32
- Randomized ports for client connections and message ids, #23
- OpCode::From for u8 removed, added OpCode::from_u8(), #36
- Fix for named startup related to ipv6, #56
- Upgraded OpenSSL to 0.8.* #50
- Cleaned up the Server implementation to isolate connection handlers
- Deprecated old Client will possibly remove in the future
- Issue #27: label case sensitivity revisited for RRSIG signing, RFC 6840
- TCP reregister on would-block errors
- Issue #28: RRSIG validation of wildcards, label length > wildcard length
- Issue #27: remove implicit case conversion of labels (fixes NSEC validation)
- Added recovery from journal to named startup
- SQLite journal for dynamic update persistence
- Private Key generation during startup, for dnssec zones
- Read private key from filesystem during start and registers to zone
- Removed many of the unwraps in named binary
- Reworked all errors to use error-chain
- Adjusted interface for Signer to use duration
- All
#[cfg(ftest)]tests now#[ignore]
- TXT record case sensitivity
- Documentation on all modules, and many standard RFC types
- Authority zone signing now complete, still need to load/save private keys
- DNSKEYs auto inserted for added private keys
- New mocked network client tests, to verify zone signing
- NSEC record creation for zone, with tests
- SIG0 validation for Authentication on for dynamic updates
- Client CQADDD operations, delete_by_rdata, delete_rrset, delete_all
- Client compare_and_swap operation... atomics are here!
- Added loop on TCP accept requests
- Added loop on UDP reads
- Upgraded to mio 0.5.1 for some bug fixes
- Not returning RRSIGs with SOA records on authoritative answers
- Internal representation of record sets now a full data structure
- Better rrset keys for fewer clones
- Removed many excessive clones (should make requests even faster)
- Cleaned up authority upsert and lookup interfaces
- All authorities default to IN DNSCLASS now (none others currently supported)
- Cleaned up the Signer interface to support zone signing
- Simplified RData variant implementations
- Improved ENDS and SIG0 parsing on Message deserialization
- combined the TCP client and server handlers
- reusing buffer in TCP handler between send and receive (performance)
- updated mio to 0.5.0
- updated chrono to 0.2.21
- updated docopt to 0.6.78
- updated log to 0.3.5
- updated openssl to 0.7.8
- updated openssl-sys to 0.7.8
- updated rustc-serialize to 0.3.18
- updated toml to 0.1.28
- NSEC3 resolver validation
- data-ecoding as a dependency (base32hex)
- trust-dns banner on boot of server
- Changed the bin.rs to named.rs, more accurate, allow for other binaries
- Updated rust-openssl to 0.7.8 which include new RSA creation bindings
- NSEC resolver validation
- NSEC3 parsing support
- DNSSec validation of RRSIG and DNSKEY records back to root cert
- Integration with OpenSSL (depends on fork until rust-openssl 0.7.6+ is cut)
- Binary serialization and deserialization of all DNSSec RFC4034 record types
- EDNS support
- Coveralls support added
- Partial implementation of SIG0 support for dynamic update
- SRV record support
- Dual licensed with MIT (and Apache 2.0)
- Abstracted Client over TCP and UDP for common implementation of queries
- Binary Serialization and Deserialization of NSEC3
- AXFR SOA ordering
- Travis build failing
- See updated trust_dns::client::Client API
- Added AXFR support
- Dynamic update support
- Name pointer support
- Removed buffer clone during label pointer decoding (speed/memory)
- Removed a lot of unnecessary clones, heavier use of Rc
- Binary server bugs (fully functional)
- Master zone files support BIND time formats, e.g. #h#d
- Toml config file support (not compatible with BIND)
- Functional tests to verify against other DNS servers
- mio replaced std::net operators
- Server support with catalog and tests for example.com
- Parsing example rfc1035 master file
- new lexer for master zone files with simplified FSM
- Travis CI testing support
- Supported Client with operational query
- Writers for Record Data
- All RFC1035 fields parsing!
- label parsing with UTF8 support
- DNS Class and RecordType enums
- Crates.io keywords, etc.
- Cleaned up binary encoders and decoders with objects
- Started parsing resource records
- Initial Commit!