[PR #647] [MERGED] Add SSHFP and OPENPGPKEY support #1572

New issue

Closed

opened 2026-03-16 02:13:48 +03:00 by kerem · 0 comments

kerem commented

2026-03-16 02:13:48 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/hickory-dns/hickory-dns/pull/647
Author: @amesgen
Created: 1/5/2019
Status: ✅ Merged
Merged: 1/7/2019
Merged by: @bluejekyll

Base: master ← Head: add-record-types

📝 Commits (5)

097f422 Add SSHFP and OPENPGPKEY support
d8091c3 fix representation format & add tests
3788310 update copyright + minor things
439eb5e update changelog
0558044 fix clippy

📊 Changes

11 files changed (+703 additions, -14 deletions)

View changed files

📝 CHANGELOG.md (+4 -0)
📝 crates/client/src/serialize/txt/parse_rdata.rs (+4 -2)
📝 crates/client/src/serialize/txt/rdata_parsers/mod.rs (+3 -1)
➕ crates/client/src/serialize/txt/rdata_parsers/openpgpkey.rs (+47 -0)
➕ crates/client/src/serialize/txt/rdata_parsers/sshfp.rs (+168 -0)
📝 crates/client/src/serialize/txt/rdata_parsers/tlsa.rs (+0 -1)
📝 crates/proto/src/rr/rdata/mod.rs (+6 -2)
➕ crates/proto/src/rr/rdata/openpgpkey.rs (+56 -0)
➕ crates/proto/src/rr/rdata/sshfp.rs (+309 -0)
📝 crates/proto/src/rr/record_data.rs (+90 -4)
📝 crates/proto/src/rr/record_type.rs (+16 -4)

📄 Description

This PR (addresses #646) adds support for the SSHFP and OPENPGPKEY record types. It is WIP as tests are still missing.

The implementation does not check if the OPENPGPKEY record data is a valid OpenPGP public key, even though there exist implementations of the TPK (Transferable Public Key) format in rust (such as in sequoia-openpgp).
The Fingerprint enum of SSHFP does not include XMSS, which is included in OpenSSH. It does not seem to be standardized.
As OPENPGPKEY records tend to be very large, they do not work well with UDP (they are also great for amplification attacks, just like DNSSEC in general). It could be reasonable to enforce TCP for (answering) OPENPGPKEY records. But I do not think this is too much of an issue.

The license headers are also missing in new files, as I was not sure which year to choose.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/hickory-dns/hickory-dns/pull/647 **Author:** [@amesgen](https://github.com/amesgen) **Created:** 1/5/2019 **Status:** ✅ Merged **Merged:** 1/7/2019 **Merged by:** [@bluejekyll](https://github.com/bluejekyll) **Base:** `master` ← **Head:** `add-record-types` --- ### 📝 Commits (5) - [`097f422`](https://github.com/hickory-dns/hickory-dns/commit/097f42222ffa1b4151bff5d2d48906a89ec505e5) Add SSHFP and OPENPGPKEY support - [`d8091c3`](https://github.com/hickory-dns/hickory-dns/commit/d8091c36e864d3a2f0b8a996ac41c8085a8f8db8) fix representation format & add tests - [`3788310`](https://github.com/hickory-dns/hickory-dns/commit/378831049be6182749b4ac2d4e4922cb9137232f) update copyright + minor things - [`439eb5e`](https://github.com/hickory-dns/hickory-dns/commit/439eb5ebefcf3c54f08bf89219a2f7cf8a81a451) update changelog - [`0558044`](https://github.com/hickory-dns/hickory-dns/commit/0558044201b4a4fccfa54dd5069d401e3ea9b23c) fix clippy ### 📊 Changes **11 files changed** (+703 additions, -14 deletions) <details> <summary>View changed files</summary> 📝 `CHANGELOG.md` (+4 -0) 📝 `crates/client/src/serialize/txt/parse_rdata.rs` (+4 -2) 📝 `crates/client/src/serialize/txt/rdata_parsers/mod.rs` (+3 -1) ➕ `crates/client/src/serialize/txt/rdata_parsers/openpgpkey.rs` (+47 -0) ➕ `crates/client/src/serialize/txt/rdata_parsers/sshfp.rs` (+168 -0) 📝 `crates/client/src/serialize/txt/rdata_parsers/tlsa.rs` (+0 -1) 📝 `crates/proto/src/rr/rdata/mod.rs` (+6 -2) ➕ `crates/proto/src/rr/rdata/openpgpkey.rs` (+56 -0) ➕ `crates/proto/src/rr/rdata/sshfp.rs` (+309 -0) 📝 `crates/proto/src/rr/record_data.rs` (+90 -4) 📝 `crates/proto/src/rr/record_type.rs` (+16 -4) </details> ### 📄 Description This PR (addresses #646) adds support for the SSHFP and OPENPGPKEY record types. It is WIP as tests are still missing. - The implementation does not check if the OPENPGPKEY record data is a valid OpenPGP public key, even though there exist implementations of the TPK (Transferable Public Key) format in rust (such as in [sequoia-openpgp](https://docs.sequoia-pgp.org/sequoia_openpgp/tpk/index.html)). - The Fingerprint enum of SSHFP does not include XMSS, which is [included in OpenSSH](https://github.com/openssh/openssh-portable/commit/1b11ea7c58cd5c59838b5fa574cd456d6047b2d4). It does not seem to be standardized. - As OPENPGPKEY records tend to be very large, they do not work well with UDP (they are also great for amplification attacks, just like DNSSEC in general). It could be reasonable to enforce TCP for (answering) OPENPGPKEY records. But I do not think this is too much of an issue. The license headers are also missing in new files, as I was not sure which year to choose. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>