[PR #2777] [MERGED] Handle unknown digest types and delete operations in CDS/CDNSKEY records #3311

New issue

Closed

opened 2026-03-16 11:36:51 +03:00 by kerem · 0 comments

kerem commented

2026-03-16 11:36:51 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/hickory-dns/hickory-dns/pull/2777
Author: @divergentdave
Created: 2/13/2025
Status: ✅ Merged
Merged: 2/19/2025
Merged by: @divergentdave

Base: main ← Head: david/ds

📝 Commits (4)

f4f7718 Allow representing unknown digest types
57b583a Handle DS records with unknown digest types
378faaf Inline fields of CDS and CDNSKEY
e32b456 Add support for delete CDS/CDNSKEY records

📊 Changes

11 files changed (+413 additions, -53 deletions)

View changed files

📝 crates/proto/src/dnssec/crypto.rs (+24 -13)
📝 crates/proto/src/dnssec/dnssec_dns_handle/mod.rs (+3 -2)
📝 crates/proto/src/dnssec/mod.rs (+14 -7)
📝 crates/proto/src/dnssec/nsec3.rs (+1 -1)
📝 crates/proto/src/dnssec/rdata/cdnskey.rs (+200 -11)
📝 crates/proto/src/dnssec/rdata/cds.rs (+161 -11)
📝 crates/proto/src/dnssec/rdata/dnskey.rs (+1 -1)
📝 crates/proto/src/dnssec/rdata/ds.rs (+3 -4)
📝 crates/proto/src/error.rs (+5 -0)
📝 crates/proto/src/serialize/txt/rdata_parsers/ds.rs (+1 -1)
📝 tests/ede-dot-com/src/lib.rs (+0 -2)

📄 Description

This adds a variant to DigestType for unknown digest types, updates the unsupported algorithm logic to also consider digest type when deciding to treat a zone as insecure, and adds special handling to CDS and CDNSKEY records for delete operations, represented by a signature algorithm field of zero.

This closes #2695 and closes #2734.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/hickory-dns/hickory-dns/pull/2777 **Author:** [@divergentdave](https://github.com/divergentdave) **Created:** 2/13/2025 **Status:** ✅ Merged **Merged:** 2/19/2025 **Merged by:** [@divergentdave](https://github.com/divergentdave) **Base:** `main` ← **Head:** `david/ds` --- ### 📝 Commits (4) - [`f4f7718`](https://github.com/hickory-dns/hickory-dns/commit/f4f77187d94398f2dd9834ed85ef6bc23e5fa873) Allow representing unknown digest types - [`57b583a`](https://github.com/hickory-dns/hickory-dns/commit/57b583ad5f9d2c68353941fb8a8875055ae2f85e) Handle DS records with unknown digest types - [`378faaf`](https://github.com/hickory-dns/hickory-dns/commit/378faaf21caba45a3655a507f3ebd1ce3494eb49) Inline fields of CDS and CDNSKEY - [`e32b456`](https://github.com/hickory-dns/hickory-dns/commit/e32b45614872d587be49085804869373a6a8a7c8) Add support for delete CDS/CDNSKEY records ### 📊 Changes **11 files changed** (+413 additions, -53 deletions) <details> <summary>View changed files</summary> 📝 `crates/proto/src/dnssec/crypto.rs` (+24 -13) 📝 `crates/proto/src/dnssec/dnssec_dns_handle/mod.rs` (+3 -2) 📝 `crates/proto/src/dnssec/mod.rs` (+14 -7) 📝 `crates/proto/src/dnssec/nsec3.rs` (+1 -1) 📝 `crates/proto/src/dnssec/rdata/cdnskey.rs` (+200 -11) 📝 `crates/proto/src/dnssec/rdata/cds.rs` (+161 -11) 📝 `crates/proto/src/dnssec/rdata/dnskey.rs` (+1 -1) 📝 `crates/proto/src/dnssec/rdata/ds.rs` (+3 -4) 📝 `crates/proto/src/error.rs` (+5 -0) 📝 `crates/proto/src/serialize/txt/rdata_parsers/ds.rs` (+1 -1) 📝 `tests/ede-dot-com/src/lib.rs` (+0 -2) </details> ### 📄 Description This adds a variant to `DigestType` for unknown digest types, updates the unsupported algorithm logic to also consider digest type when deciding to treat a zone as insecure, and adds special handling to CDS and CDNSKEY records for delete operations, represented by a signature algorithm field of zero. This closes #2695 and closes #2734. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>