[PR #3177] [MERGED] dns-test: add DoT support to authoritative DNS servers #3616

New issue

Closed

opened 2026-03-16 11:53:25 +03:00 by kerem · 0 comments

kerem commented

2026-03-16 11:53:25 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/hickory-dns/hickory-dns/pull/3177
Author: @cpu
Created: 8/5/2025
Status: ✅ Merged
Merged: 8/7/2025
Merged by: @cpu

Base: main ← Head: cpu-dnstest-dot

📝 Commits (3)

0d98159 dns-test: introduce container PKI
f827c2d dns-test: nameserver DoT config
446da93 dns-test: support DoT dig queries

📊 Changes

13 files changed (+476 additions, -26 deletions)

View changed files

📝 conformance/Cargo.lock (+100 -6)
📝 conformance/packages/dns-test/Cargo.toml (+1 -0)
📝 conformance/packages/dns-test/examples/explore.rs (+8 -2)
📝 conformance/packages/dns-test/src/client.rs (+40 -3)
📝 conformance/packages/dns-test/src/docker/hickory.Dockerfile (+5 -3)
📝 conformance/packages/dns-test/src/implementation.rs (+17 -1)
📝 conformance/packages/dns-test/src/lib.rs (+2 -0)
📝 conformance/packages/dns-test/src/name_server.rs (+109 -6)
➕ conformance/packages/dns-test/src/pki.rs (+68 -0)
📝 conformance/packages/dns-test/src/templates/hickory.name-server.toml.jinja (+8 -0)
📝 conformance/packages/dns-test/src/templates/named.name-server.conf.jinja (+12 -0)
📝 conformance/packages/dns-test/src/templates/nsd.conf.jinja (+7 -0)
📝 tests/ede-dot-com/Cargo.lock (+99 -5)

📄 Description

For the authoritative name server implementations that support it (BIND, nsd, hickory-dns), have the servers bind the standard DNS-over-TLS (DoT) port, using a certificate/private key issued from an internal PKI.

This will allow writing tests that exercise opportunistic resolver->authoritative DoT probing.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/hickory-dns/hickory-dns/pull/3177 **Author:** [@cpu](https://github.com/cpu) **Created:** 8/5/2025 **Status:** ✅ Merged **Merged:** 8/7/2025 **Merged by:** [@cpu](https://github.com/cpu) **Base:** `main` ← **Head:** `cpu-dnstest-dot` --- ### 📝 Commits (3) - [`0d98159`](https://github.com/hickory-dns/hickory-dns/commit/0d98159425295247f91d5d2582a234529fa00474) dns-test: introduce container PKI - [`f827c2d`](https://github.com/hickory-dns/hickory-dns/commit/f827c2d6a922be13d731499b86d679ea92fa9d18) dns-test: nameserver DoT config - [`446da93`](https://github.com/hickory-dns/hickory-dns/commit/446da937ebdcaac47a1def95b7a60a1769817f2e) dns-test: support DoT dig queries ### 📊 Changes **13 files changed** (+476 additions, -26 deletions) <details> <summary>View changed files</summary> 📝 `conformance/Cargo.lock` (+100 -6) 📝 `conformance/packages/dns-test/Cargo.toml` (+1 -0) 📝 `conformance/packages/dns-test/examples/explore.rs` (+8 -2) 📝 `conformance/packages/dns-test/src/client.rs` (+40 -3) 📝 `conformance/packages/dns-test/src/docker/hickory.Dockerfile` (+5 -3) 📝 `conformance/packages/dns-test/src/implementation.rs` (+17 -1) 📝 `conformance/packages/dns-test/src/lib.rs` (+2 -0) 📝 `conformance/packages/dns-test/src/name_server.rs` (+109 -6) ➕ `conformance/packages/dns-test/src/pki.rs` (+68 -0) 📝 `conformance/packages/dns-test/src/templates/hickory.name-server.toml.jinja` (+8 -0) 📝 `conformance/packages/dns-test/src/templates/named.name-server.conf.jinja` (+12 -0) 📝 `conformance/packages/dns-test/src/templates/nsd.conf.jinja` (+7 -0) 📝 `tests/ede-dot-com/Cargo.lock` (+99 -5) </details> ### 📄 Description For the authoritative name server implementations that support it (BIND, nsd, hickory-dns), have the servers bind the standard DNS-over-TLS (DoT) port, using a certificate/private key issued from an internal PKI. This will allow writing tests that exercise opportunistic resolver->authoritative DoT probing. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>