[PR #267] [MERGED] Don't do any DNSSEC record processing when DNSSEC is disabled at build-time. #1330

New issue

Closed

opened 2026-03-16 02:00:31 +03:00 by kerem · 0 comments

kerem commented

2026-03-16 02:00:31 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/hickory-dns/hickory-dns/pull/267
Author: @briansmith
Created: 10/25/2017
Status: ✅ Merged
Merged: 10/26/2017
Merged by: @bluejekyll

Base: master ← Head: separate-dnssec

📝 Commits (9)

bc6ad1d Move DNSSSEC-specific data structures to be under proto/src/rr/dnssec/.
bfeff5c Fix proto DNSSEC-enabled build.
913f688 Fix cargo test for proto.
7413461 Avoid (almost) all DNSSEC-specific functionality when DNSSEC is disabled.
589610a Fix client default build.
5737bfd Fix client --no-default-features.
a056886 Fix cargo test for client.
98151fe Fix cargo test for server.
d439fa6 Add some clarifying comments about separation of DNSSEC and SIG(0) types.

📊 Changes

30 files changed (+805 additions, -616 deletions)

View changed files

📝 client/Cargo.toml (+1 -1)
📝 client/src/rr/dnssec/signer.rs (+12 -11)
📝 client/src/rr/mod.rs (+7 -2)
📝 client/src/serialize/txt/parse_rdata.rs (+10 -8)
📝 integration-tests/tests/authority_tests.rs (+6 -5)
📝 integration-tests/tests/client_future_tests.rs (+3 -2)
📝 integration-tests/tests/client_tests.rs (+6 -6)
📝 integration-tests/tests/secure_client_handle_tests.rs (+3 -2)
📝 proto/src/op/edns.rs (+1 -0)
📝 proto/src/op/message.rs (+10 -3)
📝 proto/src/rr/dnssec/mod.rs (+2 -1)
📝 proto/src/rr/dnssec/rdata/dnskey.rs (+1 -1)
📝 proto/src/rr/dnssec/rdata/ds.rs (+2 -2)
📝 proto/src/rr/dnssec/rdata/key.rs (+1 -1)
➕ proto/src/rr/dnssec/rdata/mod.rs (+513 -0)
📝 proto/src/rr/dnssec/rdata/nsec.rs (+4 -3)
📝 proto/src/rr/dnssec/rdata/nsec3.rs (+10 -6)
📝 proto/src/rr/dnssec/rdata/nsec3param.rs (+0 -0)
📝 proto/src/rr/dnssec/rdata/sig.rs (+0 -0)
📝 proto/src/rr/dnssec/tbs.rs (+2 -2)

...and 10 more files

📄 Description

In the discussoin of #265, @bluejekyll wrote:

Should we just use the --features=dnssec-* as the method for enabling/disabling dnssec support?

Implement that.

First, centralize the majority of DNSSEC-specific code into rr::dnssec, so that most of DNSSEC code is in rr::dnssec or into SecureDnsHandle. This makes it easier for somebody reading the code to focus on either the non-DNSSEC logic or the DNSSEC logic, which is helpful for code auditing.

Next, stop building almost all of the DNSSEC-specific logic when the "dnssec" default feature isn't enabled.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/hickory-dns/hickory-dns/pull/267 **Author:** [@briansmith](https://github.com/briansmith) **Created:** 10/25/2017 **Status:** ✅ Merged **Merged:** 10/26/2017 **Merged by:** [@bluejekyll](https://github.com/bluejekyll) **Base:** `master` ← **Head:** `separate-dnssec` --- ### 📝 Commits (9) - [`bc6ad1d`](https://github.com/hickory-dns/hickory-dns/commit/bc6ad1d75da026b120d54fc14eaa09c38b5f6248) Move DNSSSEC-specific data structures to be under proto/src/rr/dnssec/. - [`bfeff5c`](https://github.com/hickory-dns/hickory-dns/commit/bfeff5c19925363642aa98fcbc522d30a83bc94f) Fix proto DNSSEC-enabled build. - [`913f688`](https://github.com/hickory-dns/hickory-dns/commit/913f6880bb4900604db76f82d65add60f5397c9c) Fix `cargo test` for proto. - [`7413461`](https://github.com/hickory-dns/hickory-dns/commit/74134613456a4f18967d19b8344548a55dbeb94f) Avoid (almost) all DNSSEC-specific functionality when DNSSEC is disabled. - [`589610a`](https://github.com/hickory-dns/hickory-dns/commit/589610afab1422505354dd0120d39e7530eefac2) Fix client default build. - [`5737bfd`](https://github.com/hickory-dns/hickory-dns/commit/5737bfd39bba215b28bc0bf96aa112ca9818a5f1) Fix client --no-default-features. - [`a056886`](https://github.com/hickory-dns/hickory-dns/commit/a056886b4ffeaebc9239bf94830f3e3472a8e158) Fix `cargo test` for client. - [`98151fe`](https://github.com/hickory-dns/hickory-dns/commit/98151fe29069ad814ef86d0117310e921cdd9239) Fix `cargo test` for server. - [`d439fa6`](https://github.com/hickory-dns/hickory-dns/commit/d439fa6e8cc83efbe3e5073231dac95fe4a2dbf5) Add some clarifying comments about separation of DNSSEC and SIG(0) types. ### 📊 Changes **30 files changed** (+805 additions, -616 deletions) <details> <summary>View changed files</summary> 📝 `client/Cargo.toml` (+1 -1) 📝 `client/src/rr/dnssec/signer.rs` (+12 -11) 📝 `client/src/rr/mod.rs` (+7 -2) 📝 `client/src/serialize/txt/parse_rdata.rs` (+10 -8) 📝 `integration-tests/tests/authority_tests.rs` (+6 -5) 📝 `integration-tests/tests/client_future_tests.rs` (+3 -2) 📝 `integration-tests/tests/client_tests.rs` (+6 -6) 📝 `integration-tests/tests/secure_client_handle_tests.rs` (+3 -2) 📝 `proto/src/op/edns.rs` (+1 -0) 📝 `proto/src/op/message.rs` (+10 -3) 📝 `proto/src/rr/dnssec/mod.rs` (+2 -1) 📝 `proto/src/rr/dnssec/rdata/dnskey.rs` (+1 -1) 📝 `proto/src/rr/dnssec/rdata/ds.rs` (+2 -2) 📝 `proto/src/rr/dnssec/rdata/key.rs` (+1 -1) ➕ `proto/src/rr/dnssec/rdata/mod.rs` (+513 -0) 📝 `proto/src/rr/dnssec/rdata/nsec.rs` (+4 -3) 📝 `proto/src/rr/dnssec/rdata/nsec3.rs` (+10 -6) 📝 `proto/src/rr/dnssec/rdata/nsec3param.rs` (+0 -0) 📝 `proto/src/rr/dnssec/rdata/sig.rs` (+0 -0) 📝 `proto/src/rr/dnssec/tbs.rs` (+2 -2) _...and 10 more files_ </details> ### 📄 Description In the discussoin of #265, @bluejekyll wrote: > Should we just use the --features=dnssec-* as the method for enabling/disabling dnssec support? Implement that. First, centralize the majority of DNSSEC-specific code into rr::dnssec, so that most of DNSSEC code is in rr::dnssec or into SecureDnsHandle. This makes it easier for somebody reading the code to focus on either the non-DNSSEC logic or the DNSSEC logic, which is helpful for code auditing. Next, stop building almost all of the DNSSEC-specific logic when the "dnssec" default feature isn't enabled. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>