starred/hickory-dns
1
0
Fork 0
mirror of https://github.com/hickory-dns/hickory-dns.git synced 2026-04-25 11:15:54 +03:00
Code Issues 373 Projects Releases 6 Packages Wiki Activity

[GH-ISSUE #933] Spurious resolution failure with concurrent requests #571

New issue
Closed
opened 2026-03-15 23:12:53 +03:00 by kerem · 24 comments
kerem commented 2026-03-15 23:12:53 +03:00
Owner
Copy link

Originally created by @ktff on GitHub (Nov 28, 2019).
Original GitHub issue: https://github.com/hickory-dns/hickory-dns/issues/933

Describe the bug
With 3 servers and a configuration with 2 concurrent requests, name resolution sometimes fails, other times not.

To Reproduce
Use default for ResolverOpts::num_concurrent_reqs field and 3 authorities on different domains. With them construct Resolver. With such resolver, Resolver::lookup_ip will sometimes spuriously fail with resolution.

Expected behavior
To Resolver::lookup_ip successfully resolve a name.

System:

  • OS: Ubuntu
  • Architecture: x64
  • Version 18.04.3 LTS
  • rustc version: 1.39.0

Version:
Crate: trust-dns-resolver
Version: 0.12

Additional context
Client and Server were in the same process.

With ResolverOpts::num_concurrent_reqs = 1 Resolver::lookup_ip behaves as expected.

Servers were made with trust-dns-server = 0.17.

Discovered while working on https://github.com/timberio/vector/pull/1118

Originally created by @ktff on GitHub (Nov 28, 2019). Original GitHub issue: https://github.com/hickory-dns/hickory-dns/issues/933 **Describe the bug** With 3 servers and a configuration with 2 concurrent requests, name resolution sometimes fails, other times not. **To Reproduce** Use default for `ResolverOpts::num_concurrent_reqs` field and 3 authorities on different domains. With them construct `Resolver`. With such resolver, `Resolver::lookup_ip` will sometimes spuriously fail with resolution. **Expected behavior** To `Resolver::lookup_ip` successfully resolve a name. **System:** - OS: Ubuntu - Architecture: x64 - Version 18.04.3 LTS - rustc version: 1.39.0 **Version:** Crate: trust-dns-resolver Version: 0.12 **Additional context** Client and Server were in the same process. With `ResolverOpts::num_concurrent_reqs = 1` `Resolver::lookup_ip` behaves as expected. Servers were made with `trust-dns-server = 0.17`. Discovered while working on https://github.com/timberio/vector/pull/1118
kerem 2026-03-15 23:12:53 +03:00
kerem commented 2026-03-15 23:13:09 +03:00
Author
Owner
Copy link

@bluejekyll commented on GitHub (Nov 28, 2019):

Thank you for the report. We should investigate this after the big refactor that's coming in #913 or the follow up PR that I'm working on now.

<!-- gh-comment-id:559607449 --> @bluejekyll commented on GitHub (Nov 28, 2019): Thank you for the report. We should investigate this after the big refactor that's coming in #913 or the follow up PR that I'm working on now.
kerem commented 2026-03-15 23:13:14 +03:00
Author
Owner
Copy link

@LucioFranco commented on GitHub (Dec 3, 2019):

You can find the repro of this with this test https://github.com/timberio/vector/blob/master/src/dns.rs#L308

<!-- gh-comment-id:561308681 --> @LucioFranco commented on GitHub (Dec 3, 2019): You can find the repro of this with this test https://github.com/timberio/vector/blob/master/src/dns.rs#L308
kerem commented 2026-03-15 23:13:19 +03:00
Author
Owner
Copy link

@bluejekyll commented on GitHub (Dec 3, 2019):

@LucioFranco, do you have any issues with me pulling that test directly into the trust-dns-resolver test cases?

<!-- gh-comment-id:561312854 --> @bluejekyll commented on GitHub (Dec 3, 2019): @LucioFranco, do you have any issues with me pulling that test directly into the trust-dns-resolver test cases?
kerem commented 2026-03-15 23:13:24 +03:00
Author
Owner
Copy link

@LucioFranco commented on GitHub (Dec 3, 2019):

@bluejekyll nope go for it!

<!-- gh-comment-id:561315021 --> @LucioFranco commented on GitHub (Dec 3, 2019): @bluejekyll nope go for it!
kerem commented 2026-03-15 23:13:29 +03:00
Author
Owner
Copy link

@bluejekyll commented on GitHub (Dec 16, 2019):

@LucioFranco and @ktff, while I was working on updating the libraries to Tokio 0.2 I discovered a deadlock in the trust-dns-proto UdpStream. This has been patched, but I wonder if this is the root cause of the issues you were seeing here.

I took a look at your test, and I want to port it into the library, I just haven't had time. But maybe you could validate that this is still an issue in 0.18.0.alpha.3?

<!-- gh-comment-id:565943090 --> @bluejekyll commented on GitHub (Dec 16, 2019): @LucioFranco and @ktff, while I was working on updating the libraries to Tokio 0.2 I discovered a deadlock in the trust-dns-proto UdpStream. This has been patched, but I wonder if this is the root cause of the issues you were seeing here. I took a look at your test, and I want to port it into the library, I just haven't had time. But maybe you could validate that this is still an issue in 0.18.0.alpha.3?
kerem commented 2026-03-15 23:13:34 +03:00
Author
Owner
Copy link

@LucioFranco commented on GitHub (Dec 16, 2019):

@bluejekyll I am not sure we can bring in that version yet since we don't have tokio 0.2 support yet, but would be good to bring the test over. Im not sure ill have much time before the end of the year to do so though.

<!-- gh-comment-id:566151490 --> @LucioFranco commented on GitHub (Dec 16, 2019): @bluejekyll I am not sure we can bring in that version yet since we don't have tokio 0.2 support yet, but would be good to bring the test over. Im not sure ill have much time before the end of the year to do so though.
kerem commented 2026-03-15 23:13:40 +03:00
Author
Owner
Copy link

@bluejekyll commented on GitHub (Dec 16, 2019):

Understood.

This and another bug are the only things I need to look into before publishing 0.18, so it will be at the top of my list as I have time to work on it.

<!-- gh-comment-id:566161397 --> @bluejekyll commented on GitHub (Dec 16, 2019): Understood. This and another bug are the only things I need to look into before publishing 0.18, so it will be at the top of my list as I have time to work on it.
kerem commented 2026-03-15 23:13:45 +03:00
Author
Owner
Copy link

@bluejekyll commented on GitHub (Apr 17, 2020):

I think this was resolved in the 0.19.4 release. Would be good to validate.

<!-- gh-comment-id:615493781 --> @bluejekyll commented on GitHub (Apr 17, 2020): I think this was resolved in the 0.19.4 release. Would be good to validate.
kerem commented 2026-03-15 23:13:50 +03:00
Author
Owner
Copy link

@LucioFranco commented on GitHub (Apr 17, 2020):

We have not upgraded yet, but will do so once I do!

<!-- gh-comment-id:615494041 --> @LucioFranco commented on GitHub (Apr 17, 2020): We have not upgraded yet, but will do so once I do!
kerem commented 2026-03-15 23:13:55 +03:00
Author
Owner
Copy link

@gabelerner commented on GitHub (Apr 19, 2020):

I just upgraded to 0.19.4 to test my related issue and it's still broken. I was on 0.18.0-alpha.2 because that's what 0.9.0 of actix is on. My issue is as follows:

use trust_dns_resolver::Resolver;
use trust_dns_resolver::system_conf::read_system_conf;

fn main() {
    let (c, mut o) = read_system_conf().unwrap();
    o.num_concurrent_reqs = 1;
    let resolver = Resolver::new(c, o).unwrap();
    resolver.lookup_ip("subdomain.internaldomain.corp").unwrap();
    resolver.lookup_ip("subdomain.internaldomain.corp").unwrap();
}

this does not panic - i get the IP back twice, but when i comment out the num_concurrent_reqs line (i.e. set it to the default of 2), I get a panic on the 2nd call to lookup_ip:

on 0.19.4

thread 'main' panicked at 'called `Result::unwrap()` on an `Err` value: ResolveError { kind: NoRecordsFound { query: Query { name: Name { is_fqdn: true, labels: [subdomain, internaldomain, corp, internaldomain, corp] }, query_type: AAAA, query_class: IN }, valid_until: None }, backtrack: None }', src/main.rs:9:5

on 0.18.0-alpha.2, i got a similar error but instead of the labels formatted as a vec it was subdomain.internaldomain.corp.internaldomain.corp.

my /etc/resolv.conf:

search internaldomain.corp
nameserver 10.0.x.x # internal
nameserver 10.0.x.y # internal
nameserver 8.8.8.8 # google
nameserver 8.8.4.4 # google

it seems like when it's running concurrently, somewhere it's prepending the query onto the search defined in your config and exiting early?

<!-- gh-comment-id:616236072 --> @gabelerner commented on GitHub (Apr 19, 2020): I just upgraded to `0.19.4` to test my related issue and it's still broken. I was on `0.18.0-alpha.2` because that's what `0.9.0` of `actix` is on. My issue is as follows: ```rust use trust_dns_resolver::Resolver; use trust_dns_resolver::system_conf::read_system_conf; fn main() { let (c, mut o) = read_system_conf().unwrap(); o.num_concurrent_reqs = 1; let resolver = Resolver::new(c, o).unwrap(); resolver.lookup_ip("subdomain.internaldomain.corp").unwrap(); resolver.lookup_ip("subdomain.internaldomain.corp").unwrap(); } ``` this does not panic - i get the IP back twice, but when i comment out the `num_concurrent_reqs` line (i.e. set it to the default of `2`), I get a panic on the 2nd call to `lookup_ip`: on `0.19.4` ``` thread 'main' panicked at 'called `Result::unwrap()` on an `Err` value: ResolveError { kind: NoRecordsFound { query: Query { name: Name { is_fqdn: true, labels: [subdomain, internaldomain, corp, internaldomain, corp] }, query_type: AAAA, query_class: IN }, valid_until: None }, backtrack: None }', src/main.rs:9:5 ``` on `0.18.0-alpha.2`, i got a similar error but instead of the labels formatted as a vec it was `subdomain.internaldomain.corp.internaldomain.corp`. my `/etc/resolv.conf`: ``` search internaldomain.corp nameserver 10.0.x.x # internal nameserver 10.0.x.y # internal nameserver 8.8.8.8 # google nameserver 8.8.4.4 # google ``` it seems like when it's running concurrently, somewhere it's prepending the query onto the search defined in your config and exiting early?
kerem commented 2026-03-15 23:14:00 +03:00
Author
Owner
Copy link

@bluejekyll commented on GitHub (Apr 20, 2020):

Thank you for the test case. I will use that to try and reproduce.

<!-- gh-comment-id:616450276 --> @bluejekyll commented on GitHub (Apr 20, 2020): Thank you for the test case. I will use that to try and reproduce.
kerem commented 2026-03-15 23:14:05 +03:00
Author
Owner
Copy link

@bluejekyll commented on GitHub (Apr 27, 2020):

For folks running into this issue, are some people using internal DNS servers for domains that are not public? I'm wondering if this is related to the lookup order in Trust-DNS?

<!-- gh-comment-id:620266391 --> @bluejekyll commented on GitHub (Apr 27, 2020): For folks running into this issue, are some people using internal DNS servers for domains that are not public? I'm wondering if this is related to the lookup order in Trust-DNS?
kerem commented 2026-03-15 23:14:10 +03:00
Author
Owner
Copy link

@gabelerner commented on GitHub (Apr 27, 2020):

Yes, my dns server is internal / private -- that's why I put the internaldomain.corp in my earlier reproduction steps. You can try by running a dns server in a docker and setting it up how I have above and issuing a query to your local dns server.

I'm also glad to see that somebody else successfully fixed it by setting concurrent reqs to 1. I did that solution locally as well but now I know it's not just me.

<!-- gh-comment-id:620272502 --> @gabelerner commented on GitHub (Apr 27, 2020): Yes, my dns server is internal / private -- that's why I put the `internaldomain.corp` in my earlier reproduction steps. You can try by running a dns server in a docker and setting it up how I have above and issuing a query to your local dns server. I'm also glad to see that somebody else successfully fixed it by setting concurrent reqs to 1. I did that solution locally as well but now I know it's not just me.
kerem commented 2026-03-15 23:14:15 +03:00
Author
Owner
Copy link

@bluejekyll commented on GitHub (Apr 27, 2020):

I think I'm at least understanding the root cause of this issue here. There's a patch in #1085 to name_server.rs that would be cool if you could test (with concurrency of at least 2). My working theory here is that your getting an NXDomain for .corp which is a real domain, and therefor you're getting an Authoritative negative answer. Trust-DNS may have to loosen up it's definition of how it regards permanent lookup failures from authoritative servers.

<!-- gh-comment-id:620277207 --> @bluejekyll commented on GitHub (Apr 27, 2020): I think I'm at least understanding the root cause of this issue here. There's a patch in #1085 to `name_server.rs` that would be cool if you could test (with concurrency of at least 2). My working theory here is that your getting an NXDomain for `.corp` which is a real domain, and therefor you're getting an Authoritative negative answer. Trust-DNS may have to loosen up it's definition of how it regards permanent lookup failures from authoritative servers.
kerem commented 2026-03-15 23:14:20 +03:00
Author
Owner
Copy link

@gabelerner commented on GitHub (Apr 28, 2020):

@bluejekyll on my reproduction code above w/ 0.19.5 and the patch from the PR applied i get:

Starting ...
Nameserver responded with NXDomain
Nameserver responded with NXDomain
<... clipped: 140 more lines of the same message ...>
Nameserver responded with NXDomain
Nameserver responded with NXDomain
thread 'main' panicked at 'called `Result::unwrap()` on an `Err` value: ResolveError { kind: Proto(ProtoError { kind: Message("Nameserver responded with NXDomain"), backtrack: None }), backtrack: None }', src/main.rs:8:17
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

seems like i do not hit any of the other match arms? can i put prints anywhere to help you debug this more?

<!-- gh-comment-id:620828557 --> @gabelerner commented on GitHub (Apr 28, 2020): @bluejekyll on my reproduction code above w/ `0.19.5` and the patch from the PR applied i get: ``` Starting ... Nameserver responded with NXDomain Nameserver responded with NXDomain <... clipped: 140 more lines of the same message ...> Nameserver responded with NXDomain Nameserver responded with NXDomain thread 'main' panicked at 'called `Result::unwrap()` on an `Err` value: ResolveError { kind: Proto(ProtoError { kind: Message("Nameserver responded with NXDomain"), backtrack: None }), backtrack: None }', src/main.rs:8:17 note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace ``` seems like i do not hit any of the other match arms? can i put `prints` anywhere to help you debug this more?
kerem commented 2026-03-15 23:14:25 +03:00
Author
Owner
Copy link

@bluejekyll commented on GitHub (Apr 28, 2020):

Can you double check that the nameserver 10.0.x.x # internal configuration in your resolv.conf is making it into the configuration with the let (c, mut o) = read_system_conf().unwrap(); from your example? It seems like it is doing the correct thing in that it is searching a lot of different domains (thus all the NXDomain dbg lines).

<!-- gh-comment-id:620852084 --> @bluejekyll commented on GitHub (Apr 28, 2020): Can you double check that the `nameserver 10.0.x.x # internal` configuration in your `resolv.conf` is making it into the configuration with the `let (c, mut o) = read_system_conf().unwrap();` from your example? It seems like it is doing the correct thing in that it is searching a lot of different domains (thus all the NXDomain dbg lines).
kerem commented 2026-03-15 23:14:30 +03:00
Author
Owner
Copy link

@gabelerner commented on GitHub (Apr 28, 2020):

ResolverConfig { domain: Some(Name { is_fqdn: false, labels: [local] }), search: [Name { is_fqdn: false, labels: [kernel, corp] }], name_servers: NameServerConfigGroup([NameServerConfig { socket_addr: V4(10.0.x.x:53), protocol: Udp, tls_dns_name: None }, NameServerConfig { socket_addr: V4(10.0.x.x:53), protocol: Tcp, tls_dns_name: None }, NameServerConfig { socket_addr: V4(10.0.x.y:53), protocol: Udp, tls_dns_name: None }, NameServerConfig { socket_addr: V4(10.0.x.y:53), protocol: Tcp, tls_dns_name: None }, NameServerConfig { socket_addr: V4(8.8.8.8:53), protocol: Udp, tls_dns_name: None }, NameServerConfig { socket_addr: V4(8.8.8.8:53), protocol: Tcp, tls_dns_name: None }, NameServerConfig { socket_addr: V4(8.8.4.4:53), protocol: Udp, tls_dns_name: None }, NameServerConfig { socket_addr: V4(8.8.4.4:53), protocol: Tcp, tls_dns_name: None }]) }

ResolverOpts { ndots: 1, timeout: 5s, attempts: 2, rotate: false, check_names: true, edns0: false, validate: false, ip_strategy: Ipv4thenIpv6, cache_size: 32, use_hosts_file: true, positive_min_ttl: None, negative_min_ttl: None, positive_max_ttl: None, negative_max_ttl: None, distrust_nx_responses: true, num_concurrent_reqs: 2, preserve_intermediates: false }
<!-- gh-comment-id:620857792 --> @gabelerner commented on GitHub (Apr 28, 2020): ``` ResolverConfig { domain: Some(Name { is_fqdn: false, labels: [local] }), search: [Name { is_fqdn: false, labels: [kernel, corp] }], name_servers: NameServerConfigGroup([NameServerConfig { socket_addr: V4(10.0.x.x:53), protocol: Udp, tls_dns_name: None }, NameServerConfig { socket_addr: V4(10.0.x.x:53), protocol: Tcp, tls_dns_name: None }, NameServerConfig { socket_addr: V4(10.0.x.y:53), protocol: Udp, tls_dns_name: None }, NameServerConfig { socket_addr: V4(10.0.x.y:53), protocol: Tcp, tls_dns_name: None }, NameServerConfig { socket_addr: V4(8.8.8.8:53), protocol: Udp, tls_dns_name: None }, NameServerConfig { socket_addr: V4(8.8.8.8:53), protocol: Tcp, tls_dns_name: None }, NameServerConfig { socket_addr: V4(8.8.4.4:53), protocol: Udp, tls_dns_name: None }, NameServerConfig { socket_addr: V4(8.8.4.4:53), protocol: Tcp, tls_dns_name: None }]) } ResolverOpts { ndots: 1, timeout: 5s, attempts: 2, rotate: false, check_names: true, edns0: false, validate: false, ip_strategy: Ipv4thenIpv6, cache_size: 32, use_hosts_file: true, positive_min_ttl: None, negative_min_ttl: None, positive_max_ttl: None, negative_max_ttl: None, distrust_nx_responses: true, num_concurrent_reqs: 2, preserve_intermediates: false } ```
kerem commented 2026-03-15 23:14:35 +03:00
Author
Owner
Copy link

@gabelerner commented on GitHub (Apr 28, 2020):

Oops 🤦 I was testing a domain that we had deactivated! @bluejekyll

I just tested again with another domain and it worked even w/ concurrency=2!

The only message I saw was a single "Nameserver responded with NXDomain". Hopefully @svenstaro can also test by undoing the concurrency=1.

<!-- gh-comment-id:620859499 --> @gabelerner commented on GitHub (Apr 28, 2020): Oops 🤦 I was testing a domain that we had deactivated! @bluejekyll I just tested again with another domain and it worked even w/ concurrency=2! The only message I saw was a single "Nameserver responded with NXDomain". Hopefully @svenstaro can also test by undoing the concurrency=1.
kerem commented 2026-03-15 23:14:41 +03:00
Author
Owner
Copy link

@bluejekyll commented on GitHub (Apr 28, 2020):

Excellent. This finally answers that problem. The root cause is that trust-dns is strictly regarding the upstream response as authoritative. Given that it eventually errors correctly, I'm going to say we should go forward with that PR, and we can let that bake in master and allow people to experiment with it.

BTW, I will make the same comment here that I did in #1085, which is that your DNS configuration is potentially vulnerable to a form of attack where an external name could be used to redirect traffic to a nefarious endpoint, so I'd strongly suggest having your organization move away from that.

Thanks for helping debug this.

<!-- gh-comment-id:620876983 --> @bluejekyll commented on GitHub (Apr 28, 2020): Excellent. This finally answers that problem. The root cause is that trust-dns is strictly regarding the upstream response as authoritative. Given that it eventually errors correctly, I'm going to say we should go forward with that PR, and we can let that bake in master and allow people to experiment with it. BTW, I will make the same comment here that I did in #1085, which is that your DNS configuration is potentially vulnerable to a form of attack where an external name could be used to redirect traffic to a nefarious endpoint, so I'd strongly suggest having your organization move away from that. Thanks for helping debug this.
kerem commented 2026-03-15 23:14:46 +03:00
Author
Owner
Copy link

@bluejekyll commented on GitHub (Apr 29, 2020):

FYI, #1086 was merged, it should resolve this. It sounds like this resolves the issues, but I'll leave this open until we have more confidence from everyone who was effected.

<!-- gh-comment-id:621314824 --> @bluejekyll commented on GitHub (Apr 29, 2020): FYI, #1086 was merged, it should resolve this. It sounds like this resolves the issues, but I'll leave this open until we have more confidence from everyone who was effected.
kerem commented 2026-03-15 23:14:51 +03:00
Author
Owner
Copy link

@gabelerner commented on GitHub (Apr 29, 2020):

Yea I myself will be waiting for actix to get on the latest version. I think that'll be common for many of your users that are waiting for a dependency so they should just vendor, apply the patch, and test for now. Thanks for the quick fix!

<!-- gh-comment-id:621318774 --> @gabelerner commented on GitHub (Apr 29, 2020): Yea I myself will be waiting for `actix` to get on the latest version. I think that'll be common for many of your users that are waiting for a dependency so they should just vendor, apply the patch, and test for now. Thanks for the quick fix!
kerem commented 2026-03-15 23:14:56 +03:00
Author
Owner
Copy link

@LucioFranco commented on GitHub (Apr 30, 2020):

I can confirm this is fixed on our end by upgrading.

<!-- gh-comment-id:622014319 --> @LucioFranco commented on GitHub (Apr 30, 2020): I can confirm this is fixed on our end by upgrading.
kerem commented 2026-03-15 23:15:01 +03:00
Author
Owner
Copy link

@bluejekyll commented on GitHub (Apr 30, 2020):

this is great news. Thanks!

<!-- gh-comment-id:622174901 --> @bluejekyll commented on GitHub (Apr 30, 2020): this is great news. Thanks!
kerem commented 2026-03-15 23:15:06 +03:00
Author
Owner
Copy link

@bluejekyll commented on GitHub (Apr 30, 2020):

#1085 resolves this issue.

<!-- gh-comment-id:622175028 --> @bluejekyll commented on GitHub (Apr 30, 2020): #1085 resolves this issue.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
release/0.26
david/conformance-dnssec-negative-tests
query-api
opt-types
cname-nsec
no-cname-recursion
conformance-min-ttl
dname-base
drop-message-request
no-error-queries
cpu-sig0-rm-message-sig_dev
cpu-tsig-test-update_dev
windows-config
dnssec-net
release/0.25
opp-enc-persist
integration-test
cpu-tidying-recursor-opts_dev
happy-eyeballs
david/authoritative-zone-storage-trait
dnssec-ad
no-authority
release/0.24
pvdrz/remove-top-file
pvdrz/h3-handshake-timeout
pvdrz/quic-handshake-timeout
nxdomain-for-recursor
ja-test-merque-queue
ja-fix-ci-again
sz-add-ede-tests
sz-test-tc-bit-with-large-response
sz-fix-tokio-dependency
gh-2275-test-rrsig-signature
refactor-sign-zone-file
fix-1.79-cleanliness
update-nightly-hash
release/0.23
gh-pages
use-just-for-server-toml
release/0.22
revert-1874-cpu-zone-parse-default-class
disable-bind-compatibility-tests
disable-test_tls_client_stream_ipv4
update-native-tls-0.2.11
recursor-tests
fix-clippy-self
release/0.20
saethlin-fix-rdata-zero
release/0.19
flat_name
drop_unused_futures
release/0.18
release-r0.12-cs0.17
release/r0.12-cs0.17
trust-dns-book
r0.10
test-connections-not-dropped
fix_exec_status_on_rs_files
release-0.9
add-mutex-to-integration-tests
0.8_release
bfry/dns-crypt
v0.26.0
v0.26.0-beta.4
v0.26.0-beta.3
v0.26.0-beta.2
v0.26.0-beta.1
v0.26.0-alpha.1
v0.25.2
v0.25.1
v0.25.0
v0.24.4
v0.24.3
v0.25.0-alpha.5
v0.24.2
v0.25.0-alpha.4
v0.25.0-alpha.3
v0.25.0-alpha.2
v0.25.0-alpha.1
v0.24.1
v0.23.2
v0.24.0
v0.23.1
v0.23.0
v0.23.0-alpha.5
v0.23.0-alpha.4
v0.23.0-alpha.3
v0.22.1
v0.23.0-alpha.2
v0.23.0-alpha.1
v0.22.0
v0.21.2
v0.21.1
v0.21.0
v0.21.0-alpha.5
v0.20.4
v0.21.0-alpha.4
v0.21.0-alpha.3
v0.21.0-alpha.2
v0.21.0-alpha.1
v0.20.3
v0.20.2
v0.20.1
v0.19.7
v0.20.0
0.19.6
v0.20.0-alpha.3
v0.20.0-alpha.2
v0.20.0-alpha.1
0.19.5
0.19.4
0.19.3
0.19.0
0.18.1
0.18
0.18.0.alpha.2
r0.12_cs0.17
r0.11.1
cs0.16.1
r0.11
cs0.16
r0.10.1
r0.10.0
cs0.15.0
r0.9.1
v0.14.0
r0.9.0
r0.8.1
r0.8.0
v0.13.0
r0.7.0
c0.12.0
r0.6.0
r0.5.0
resolver.0.4.0
0.11.0
0.10.5
0.10.4
0.10.3
0.10.2
0.10.1
0.10.0
0.9.3
0.9.2
0.9.1
0.9.0
0.8.1
0.8.0
0.7.3
0.7.2
0.7.1
0.7.0
0.6.0
0.5.3
0.5.1
0.5.0
0.4.0
0.3.1
0.3.0
0.2.1
0.2.0
0.1.0
Labels
Clear labels   
blocked

   
breaking-change

   
bug

   
bug:critical

   
bug:tests

   
cleanup

   
compliance

   
compliance

   
compliance

   
crate:all

   
crate:client

   
crate:native-tls

   
crate:proto

   
crate:recursor

   
crate:resolver

   
crate:resolver

   
crate:rustls

   
crate:server

   
crate:util

   
dependencies

   
docs

   
duplicate

   
easy

   
easy

   
enhance

   
enhance

   
enhance

   
feature:dns-over-https

   
feature:dns-over-quic

   
feature:dns-over-tls

   
feature:dnsssec

   
feature:global_lb

   
feature:mdns

   
feature:tsig

   
features:edns

   
has workaround

   
ops

   
perf

   
platform:WASM

   
platform:android

   
platform:fuchsia

   
platform:linux

   
platform:macos

   
platform:windows

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
test

   
tools

   
tools

   
trust

   
unclear

   
wontfix
No labels
blocked
breaking-change
bug
bug:critical
bug:tests
cleanup
compliance
compliance
compliance
crate:all
crate:client
crate:native-tls
crate:proto
crate:recursor
crate:resolver
crate:resolver
crate:rustls
crate:server
crate:util
dependencies
docs
duplicate
easy
easy
enhance
enhance
enhance
feature:dns-over-https
feature:dns-over-quic
feature:dns-over-tls
feature:dnsssec
feature:global_lb
feature:mdns
feature:tsig
features:edns
has workaround
ops
perf
platform:WASM
platform:android
platform:fuchsia
platform:linux
platform:macos
platform:windows
pull-request
question
test
tools
tools
trust
unclear
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/hickory-dns#571
No description provided.