[PR #2344] [CLOSED] NSEC3 support #2972

Closed
opened 2026-03-16 11:18:14 +03:00 by kerem · 0 comments
Owner

📋 Pull Request Information

Original PR: https://github.com/hickory-dns/hickory-dns/pull/2344
Author: @pvdrz
Created: 8/6/2024
Status: Closed

Base: mainHead: nsec3-signing-poc


📝 Commits (10+)

  • 326be34 Implement basic zone signing for NSEC3 records
  • 6c6d185 Add configuration fields for NSEC3
  • 04038e6 Implement basic NSEC3 zone serving
  • 0f2340a Implement NSEC3 zone serving for NODATA responses
  • 6832b3c Document zone serving
  • 64c83e7 Only serve NSEC3 records if NSEC3 is enabled
  • d0b794d Fix conditional compilation errors
  • 821bdbc Address clippy lints
  • 5b0db27 Merge branch 'main' into nsec3-signing-poc
  • 18db8bc Add NxProof config

📊 Changes

23 files changed (+713 additions, -34 deletions)

View changed files

📝 Cargo.lock (+1 -0)
📝 bin/src/hickory-dns.rs (+12 -0)
📝 crates/proto/src/rr/dnssec/nsec3.rs (+2 -1)
📝 crates/server/Cargo.toml (+1 -0)
📝 crates/server/src/authority/authority.rs (+18 -0)
📝 crates/server/src/authority/authority_object.rs (+33 -0)
📝 crates/server/src/authority/catalog.rs (+14 -1)
📝 crates/server/src/authority/error.rs (+4 -0)
📝 crates/server/src/config/mod.rs (+47 -0)
📝 crates/server/src/store/file/authority.rs (+47 -4)
📝 crates/server/src/store/forwarder/authority.rs (+17 -0)
📝 crates/server/src/store/in_memory/authority.rs (+321 -13)
📝 crates/server/src/store/recursor/authority.rs (+17 -0)
📝 crates/server/src/store/sqlite/authority.rs (+31 -1)
📝 crates/server/tests/config_tests.rs (+18 -0)
📝 crates/server/tests/in_memory.rs (+6 -0)
📝 crates/server/tests/store_file_tests.rs (+18 -1)
📝 crates/server/tests/store_sqlite_tests.rs (+9 -0)
📝 crates/server/tests/txt_tests.rs (+43 -4)
📝 tests/integration-tests/src/example_authority.rs (+11 -2)

...and 3 more files

📄 Description

This PR implements RFC 5155 including zone signing and serving of NSEC3 records.

The only unimplemented feature of the RFC is opt-out support.


🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/hickory-dns/hickory-dns/pull/2344 **Author:** [@pvdrz](https://github.com/pvdrz) **Created:** 8/6/2024 **Status:** ❌ Closed **Base:** `main` ← **Head:** `nsec3-signing-poc` --- ### 📝 Commits (10+) - [`326be34`](https://github.com/hickory-dns/hickory-dns/commit/326be34ebcc6eee5606219ecbd6c7aa894ac3d15) Implement basic zone signing for NSEC3 records - [`6c6d185`](https://github.com/hickory-dns/hickory-dns/commit/6c6d185c547d484a43c654889ffc7ac8d006a15b) Add configuration fields for NSEC3 - [`04038e6`](https://github.com/hickory-dns/hickory-dns/commit/04038e64a4a0c541fe30c601097be5b3ca12c91c) Implement basic NSEC3 zone serving - [`0f2340a`](https://github.com/hickory-dns/hickory-dns/commit/0f2340a1c41399bfd528f89986020a36e72d30c5) Implement NSEC3 zone serving for NODATA responses - [`6832b3c`](https://github.com/hickory-dns/hickory-dns/commit/6832b3cb05ea310e26e1ee333afc3f48265794ab) Document zone serving - [`64c83e7`](https://github.com/hickory-dns/hickory-dns/commit/64c83e78b32de6b44f0660f23ad1a99d59370ec9) Only serve NSEC3 records if NSEC3 is enabled - [`d0b794d`](https://github.com/hickory-dns/hickory-dns/commit/d0b794d32853f49b6a2a417c5f01c29fed2dad7a) Fix conditional compilation errors - [`821bdbc`](https://github.com/hickory-dns/hickory-dns/commit/821bdbc7b48da124d4db4767c04777b269496c82) Address clippy lints - [`5b0db27`](https://github.com/hickory-dns/hickory-dns/commit/5b0db27a6fc94d1f62ea2c52db6237ee657dc751) Merge branch 'main' into nsec3-signing-poc - [`18db8bc`](https://github.com/hickory-dns/hickory-dns/commit/18db8bc6621b4f1f403f18453c6ac5b59f35874f) Add NxProof config ### 📊 Changes **23 files changed** (+713 additions, -34 deletions) <details> <summary>View changed files</summary> 📝 `Cargo.lock` (+1 -0) 📝 `bin/src/hickory-dns.rs` (+12 -0) 📝 `crates/proto/src/rr/dnssec/nsec3.rs` (+2 -1) 📝 `crates/server/Cargo.toml` (+1 -0) 📝 `crates/server/src/authority/authority.rs` (+18 -0) 📝 `crates/server/src/authority/authority_object.rs` (+33 -0) 📝 `crates/server/src/authority/catalog.rs` (+14 -1) 📝 `crates/server/src/authority/error.rs` (+4 -0) 📝 `crates/server/src/config/mod.rs` (+47 -0) 📝 `crates/server/src/store/file/authority.rs` (+47 -4) 📝 `crates/server/src/store/forwarder/authority.rs` (+17 -0) 📝 `crates/server/src/store/in_memory/authority.rs` (+321 -13) 📝 `crates/server/src/store/recursor/authority.rs` (+17 -0) 📝 `crates/server/src/store/sqlite/authority.rs` (+31 -1) 📝 `crates/server/tests/config_tests.rs` (+18 -0) 📝 `crates/server/tests/in_memory.rs` (+6 -0) 📝 `crates/server/tests/store_file_tests.rs` (+18 -1) 📝 `crates/server/tests/store_sqlite_tests.rs` (+9 -0) 📝 `crates/server/tests/txt_tests.rs` (+43 -4) 📝 `tests/integration-tests/src/example_authority.rs` (+11 -2) _...and 3 more files_ </details> ### 📄 Description This PR implements RFC 5155 including zone signing and serving of NSEC3 records. The only unimplemented feature of the RFC is opt-out support. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
kerem 2026-03-16 11:18:14 +03:00
Sign in to join this conversation.
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/hickory-dns#2972
No description provided.