[GH-ISSUE #1838] PKCS12 is not supported with Rustls for certificate, use PEM encoding #789

New issue

Closed

opened 2026-03-16 00:14:38 +03:00 by kerem · 7 comments

kerem commented 2026-03-16 00:14:38 +03:00

Owner

Copy link

Originally created by @HLFH on GitHub (Nov 24, 2022).
Original GitHub issue: https://github.com/hickory-dns/hickory-dns/issues/1838

Describe the bug

nov. 24 17:16:00 arch-server named[1290978]: 1669310160:INFO:named:593:loading cert for DNS over TLS: "sec/example.p12"
nov. 24 17:16:00 arch-server named[1290978]: thread 'main' panicked at 'error loading tls certificate file: "PKCS12 is not supported with Rustls for certificate, use PEM encoding"', src/named.rs:5>
nov. 24 17:16:00 arch-server named[1290978]: stack backtrace:
nov. 24 17:16:00 arch-server named[1290978]:    0:     0x563dc5b50f03 - <unknown>
nov. 24 17:16:00 arch-server named[1290978]:    1:     0x563dc5b73ebc - <unknown>
nov. 24 17:16:00 arch-server named[1290978]:    2:     0x563dc5b4b975 - <unknown>
nov. 24 17:16:00 arch-server named[1290978]:    3:     0x563dc5b52761 - <unknown>
nov. 24 17:16:00 arch-server named[1290978]:    4:     0x563dc5b52433 - <unknown>
nov. 24 17:16:00 arch-server named[1290978]:    5:     0x563dc5b52e03 - <unknown>
nov. 24 17:16:00 arch-server named[1290978]:    6:     0x563dc5b52cf7 - <unknown>
nov. 24 17:16:00 arch-server named[1290978]:    7:     0x563dc5b513b4 - <unknown>
nov. 24 17:16:00 arch-server named[1290978]:    8:     0x563dc5b52a22 - <unknown>
nov. 24 17:16:00 arch-server named[1290978]:    9:     0x563dc5558453 - <unknown>
nov. 24 17:16:00 arch-server named[1290978]:   10:     0x563dc55585a3 - <unknown>
nov. 24 17:16:00 arch-server named[1290978]:   11:     0x563dc55c1fc6 - <unknown>
nov. 24 17:16:00 arch-server named[1290978]:   12:     0x563dc5617fe3 - <unknown>
nov. 24 17:16:00 arch-server named[1290978]:   13:     0x563dc5564179 - <unknown>
nov. 24 17:16:00 arch-server named[1290978]:   14:     0x563dc5b47f12 - <unknown>
nov. 24 17:16:00 arch-server named[1290978]:   15:     0x563dc55c3e08 - <unknown>
nov. 24 17:16:00 arch-server named[1290978]:   16:     0x7f0952a93290 - <unknown>
nov. 24 17:16:00 arch-server named[1290978]:   17:     0x7f0952a9334a - __libc_start_main
nov. 24 17:16:00 arch-server named[1290978]:   18:     0x563dc5558735 - <unknown>
nov. 24 17:16:00 arch-server named[1290978]:   19:                0x0 - <unknown>

System:

• OS: Arch Linux
• Architecture: x86_64
• Version: 0.22.0

Version:
Crate: server

Additional context
Config file

##
## This is an example configuration file for the Trust-DNS named server.
##
## The format is in TOML: https://github.com/toml-lang/toml which was chosen
##  as the configuration format for Trust-DNS. While Trust-DNS is intended to
##  be a drop-in replacement for BIND9, it will not support the named.conf files
##  directly. At some point, there will be a binary tool for converting the
##  BIND9 configuration files over to Trust-DNS TOML.
##
## Many of these options are available as both command line options and
##  configuration options in these files. In that case, the command line option
##  will take precedence.
##
## Comments with two hash marks, ##, document the config parameter
## Comments with one hash mark, #, is an example line and should be the default
##
## The root options are similar to the options in 'options { .. }' in named.conf

## listen_addrs: address on which to listen for incoming connections
##  this can be a list of ipv4 or ipv6 addresses
listen_addrs_ipv4 = ["0.0.0.0"]
# listen_addrs_ipv6 = ["::0"]

## listen_port: port on which to list, default 53
# listen_port = 53

## tcp_request_timeout: TCP request timeout in seconds. Allows TCP connections
##  to timeout if there are no requests from a client in the specified amount of
##  time. This is not a socket level timeout, so trickles of data will not count,
##  a full request must be received for it to not count against the timeout.
##  Specifying a timeout of 0 will disable it.
# tcp_request_timeout = 5

## DNS over TLS certificate information.
tls_cert = { path = "sec/example.p12", endpoint_name = "ns.example.com", password = "mypass" }

## DNS over QUIC certificate information.
# tls_cert = { path = "sec/example.cert.pem", endpoint_name = "ns.example.com", cert_type = "pem", private_key = "sec/example.key" }

## port on which to listen, default 853 (should not be 53)
tls_listen_port = 853

## directory: path on the host filesystem to where zone files are stored.
# directory = "/var/named"

## Default zones, these should be present on all nameservers, except in rare
##  configuration cases
[[zones]]
zone = "localhost"
zone_type = "Primary"
file = "default/localhost.zone"

[[zones]]
zone = "0.0.127.in-addr.arpa"
zone_type = "Primary"
file = "default/127.0.0.1.zone"

[[zones]]
zone = "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"
zone_type = "Primary"
file = "default/ipv6_1.zone"

[[zones]]
zone = "255.in-addr.arpa"
zone_type = "Primary"
file = "default/255.zone"

[[zones]]
zone = "0.in-addr.arpa"
zone_type = "Primary"
file = "default/0.zone"

[[zones]]
## zone: this is the ORIGIN of the zone, aka the base name, '.' is implied on the end
zone = "example.com"

## zone_type: Primary, Secondary, Hint, Forward
zone_type = "Primary"

## file: this is relative to the directory above
file = "example.com.zone"

## if false, updates will not be allowed, default false
# allow_update = false

## if false, AXFRs requests will result in Refused responses
# allow_axfr = false

## if true, looks to see if a chained pem file exists at $file.pem (see
## supported_algorithms below).
## these keys will also be registered as authorities for update,
## meaning that SIG(0) updates can be established by initially using these
## keys. the zone will be signed with all specified keys, it may be desirable
## to limit this set for performance reasons.
# enable_dnssec = false

## set of DNSSEC algorithms to use to sign the zone. enable_dnssec must be true.
## these will be lookedup by $file.{key_name}.pem, for backward compatibility
## with previous versions of Trust-DNS, if enable_dnssec is enabled but
## supported_algorithms is not specified, it will default to "RSASHA256" and
## look for the $file.pem for the key. To control key length, or other options
## keys of the specified formats can be generated in PEM format. Instructions
## for custom keys can be found elsewhere.
##
## supported extensions are 'der', 'pem'. ED25519 keys are only supported
## with 'pk8'.
##
## the currently supported set of supported_algorithms are
## ["RSASHA256", "RSASHA512", "ECDSAP256SHA256", "ECDSAP384SHA384", "ED25519"]
##
## keys are listed in pairs of key_name and algorithm, the search path is the
## same directory has the zone $file (this section would be relative to the
## example.com zone):
# [[zones.keys]]
## relative to the zone $file
# key_path = "my_rsa_2048.pem"
## the password used to encrypt/decrypt the file (must be PEM), blank for none
# password = ""
## specify the algorithm
# algorithm = "RSASHA256"
## this key should be used to sign the zone
# is_zone_signing_key = true
## this key is authorized for dynamic update access to the zone via SIG0
# is_zone_update_auth = true
#
# [[zones.keys]]
# key_path = "/path/to/my_ed25519.pk8"
# algorithm = "ED25519"
## for keys that are not zone signing, the pem need only include the pubic_key
# is_zone_signing_key = false
# is_zone_update_auth = true

Originally created by @HLFH on GitHub (Nov 24, 2022). Original GitHub issue: https://github.com/hickory-dns/hickory-dns/issues/1838 **Describe the bug** ``` nov. 24 17:16:00 arch-server named[1290978]: 1669310160:INFO:named:593:loading cert for DNS over TLS: "sec/example.p12" nov. 24 17:16:00 arch-server named[1290978]: thread 'main' panicked at 'error loading tls certificate file: "PKCS12 is not supported with Rustls for certificate, use PEM encoding"', src/named.rs:5> nov. 24 17:16:00 arch-server named[1290978]: stack backtrace: nov. 24 17:16:00 arch-server named[1290978]: 0: 0x563dc5b50f03 - <unknown> nov. 24 17:16:00 arch-server named[1290978]: 1: 0x563dc5b73ebc - <unknown> nov. 24 17:16:00 arch-server named[1290978]: 2: 0x563dc5b4b975 - <unknown> nov. 24 17:16:00 arch-server named[1290978]: 3: 0x563dc5b52761 - <unknown> nov. 24 17:16:00 arch-server named[1290978]: 4: 0x563dc5b52433 - <unknown> nov. 24 17:16:00 arch-server named[1290978]: 5: 0x563dc5b52e03 - <unknown> nov. 24 17:16:00 arch-server named[1290978]: 6: 0x563dc5b52cf7 - <unknown> nov. 24 17:16:00 arch-server named[1290978]: 7: 0x563dc5b513b4 - <unknown> nov. 24 17:16:00 arch-server named[1290978]: 8: 0x563dc5b52a22 - <unknown> nov. 24 17:16:00 arch-server named[1290978]: 9: 0x563dc5558453 - <unknown> nov. 24 17:16:00 arch-server named[1290978]: 10: 0x563dc55585a3 - <unknown> nov. 24 17:16:00 arch-server named[1290978]: 11: 0x563dc55c1fc6 - <unknown> nov. 24 17:16:00 arch-server named[1290978]: 12: 0x563dc5617fe3 - <unknown> nov. 24 17:16:00 arch-server named[1290978]: 13: 0x563dc5564179 - <unknown> nov. 24 17:16:00 arch-server named[1290978]: 14: 0x563dc5b47f12 - <unknown> nov. 24 17:16:00 arch-server named[1290978]: 15: 0x563dc55c3e08 - <unknown> nov. 24 17:16:00 arch-server named[1290978]: 16: 0x7f0952a93290 - <unknown> nov. 24 17:16:00 arch-server named[1290978]: 17: 0x7f0952a9334a - __libc_start_main nov. 24 17:16:00 arch-server named[1290978]: 18: 0x563dc5558735 - <unknown> nov. 24 17:16:00 arch-server named[1290978]: 19: 0x0 - <unknown> ``` **System:** - OS: Arch Linux - Architecture: x86_64 - Version: 0.22.0 **Version:** Crate: server **Additional context** Config file ``` ## ## This is an example configuration file for the Trust-DNS named server. ## ## The format is in TOML: https://github.com/toml-lang/toml which was chosen ## as the configuration format for Trust-DNS. While Trust-DNS is intended to ## be a drop-in replacement for BIND9, it will not support the named.conf files ## directly. At some point, there will be a binary tool for converting the ## BIND9 configuration files over to Trust-DNS TOML. ## ## Many of these options are available as both command line options and ## configuration options in these files. In that case, the command line option ## will take precedence. ## ## Comments with two hash marks, ##, document the config parameter ## Comments with one hash mark, #, is an example line and should be the default ## ## The root options are similar to the options in 'options { .. }' in named.conf ## listen_addrs: address on which to listen for incoming connections ## this can be a list of ipv4 or ipv6 addresses listen_addrs_ipv4 = ["0.0.0.0"] # listen_addrs_ipv6 = ["::0"] ## listen_port: port on which to list, default 53 # listen_port = 53 ## tcp_request_timeout: TCP request timeout in seconds. Allows TCP connections ## to timeout if there are no requests from a client in the specified amount of ## time. This is not a socket level timeout, so trickles of data will not count, ## a full request must be received for it to not count against the timeout. ## Specifying a timeout of 0 will disable it. # tcp_request_timeout = 5 ## DNS over TLS certificate information. tls_cert = { path = "sec/example.p12", endpoint_name = "ns.example.com", password = "mypass" } ## DNS over QUIC certificate information. # tls_cert = { path = "sec/example.cert.pem", endpoint_name = "ns.example.com", cert_type = "pem", private_key = "sec/example.key" } ## port on which to listen, default 853 (should not be 53) tls_listen_port = 853 ## directory: path on the host filesystem to where zone files are stored. # directory = "/var/named" ## Default zones, these should be present on all nameservers, except in rare ## configuration cases [[zones]] zone = "localhost" zone_type = "Primary" file = "default/localhost.zone" [[zones]] zone = "0.0.127.in-addr.arpa" zone_type = "Primary" file = "default/127.0.0.1.zone" [[zones]] zone = "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" zone_type = "Primary" file = "default/ipv6_1.zone" [[zones]] zone = "255.in-addr.arpa" zone_type = "Primary" file = "default/255.zone" [[zones]] zone = "0.in-addr.arpa" zone_type = "Primary" file = "default/0.zone" [[zones]] ## zone: this is the ORIGIN of the zone, aka the base name, '.' is implied on the end zone = "example.com" ## zone_type: Primary, Secondary, Hint, Forward zone_type = "Primary" ## file: this is relative to the directory above file = "example.com.zone" ## if false, updates will not be allowed, default false # allow_update = false ## if false, AXFRs requests will result in Refused responses # allow_axfr = false ## if true, looks to see if a chained pem file exists at $file.pem (see ## supported_algorithms below). ## these keys will also be registered as authorities for update, ## meaning that SIG(0) updates can be established by initially using these ## keys. the zone will be signed with all specified keys, it may be desirable ## to limit this set for performance reasons. # enable_dnssec = false ## set of DNSSEC algorithms to use to sign the zone. enable_dnssec must be true. ## these will be lookedup by $file.{key_name}.pem, for backward compatibility ## with previous versions of Trust-DNS, if enable_dnssec is enabled but ## supported_algorithms is not specified, it will default to "RSASHA256" and ## look for the $file.pem for the key. To control key length, or other options ## keys of the specified formats can be generated in PEM format. Instructions ## for custom keys can be found elsewhere. ## ## supported extensions are 'der', 'pem'. ED25519 keys are only supported ## with 'pk8'. ## ## the currently supported set of supported_algorithms are ## ["RSASHA256", "RSASHA512", "ECDSAP256SHA256", "ECDSAP384SHA384", "ED25519"] ## ## keys are listed in pairs of key_name and algorithm, the search path is the ## same directory has the zone $file (this section would be relative to the ## example.com zone): # [[zones.keys]] ## relative to the zone $file # key_path = "my_rsa_2048.pem" ## the password used to encrypt/decrypt the file (must be PEM), blank for none # password = "" ## specify the algorithm # algorithm = "RSASHA256" ## this key should be used to sign the zone # is_zone_signing_key = true ## this key is authorized for dynamic update access to the zone via SIG0 # is_zone_update_auth = true # # [[zones.keys]] # key_path = "/path/to/my_ed25519.pk8" # algorithm = "ED25519" ## for keys that are not zone signing, the pem need only include the pubic_key # is_zone_signing_key = false # is_zone_update_auth = true ```

kerem closed this issue 2026-03-16 00:14:43 +03:00

kerem commented 2026-03-16 00:14:49 +03:00

Author

Owner

Copy link

@djc commented on GitHub (Nov 24, 2022):

Please actually fill in what you expected to happen. Seems to me that the error is relatively clear and you should just convert your certficate file to the other format, some googling will probably get you there.

<!-- gh-comment-id:1326726593 --> @djc commented on GitHub (Nov 24, 2022): Please actually fill in what you expected to happen. Seems to me that the error is relatively clear and you should just convert your certficate file to the other format, some googling will probably get you there.

kerem commented 2026-03-16 00:14:54 +03:00

Author

Owner

Copy link

@HLFH commented on GitHub (Nov 24, 2022):

Well I am using the default config file (https://github.com/bluejekyll/trust-dns/blob/main/tests/test-data/named_test_configs/dns_over_tls.toml) with the default linked certificate: https://github.com/bluejekyll/trust-dns/blob/main/tests/test-data/named_test_configs/sec/example.p12.

I am not sure why I should expect an error there with files and configuration provided by Trust-DNS.
I cannot launch successfully DNS over TLS with the samples provided.

Here is my named.service file:

[Unit]
Description=TRUST-DNS server
Wants=network-online.target
After=network-online.target

[Service]
User=named
DynamicUser=yes
Environment=RUST_BACKTRACE=full
ExecStart=/usr/bin/named -c /etc/named/named.toml -p 853
AmbientCapabilities=CAP_NET_BIND_SERVICE
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
Restart=on-failure
RestartSec=1

[Install]
WantedBy=multi-user.target

Linked to this comment: https://github.com/bluejekyll/trust-dns/issues/1642#issuecomment-1126794501

<!-- gh-comment-id:1326729494 --> @HLFH commented on GitHub (Nov 24, 2022): Well I am using the default config file (https://github.com/bluejekyll/trust-dns/blob/main/tests/test-data/named_test_configs/dns_over_tls.toml) with the default linked certificate: https://github.com/bluejekyll/trust-dns/blob/main/tests/test-data/named_test_configs/sec/example.p12. I am not sure why I should expect an error there with files and configuration provided by Trust-DNS. I cannot launch successfully DNS over TLS with the samples provided. Here is my `named.service` file: ``` [Unit] Description=TRUST-DNS server Wants=network-online.target After=network-online.target [Service] User=named DynamicUser=yes Environment=RUST_BACKTRACE=full ExecStart=/usr/bin/named -c /etc/named/named.toml -p 853 AmbientCapabilities=CAP_NET_BIND_SERVICE CapabilityBoundingSet=CAP_NET_BIND_SERVICE Restart=on-failure RestartSec=1 [Install] WantedBy=multi-user.target ``` Linked to this comment: https://github.com/bluejekyll/trust-dns/issues/1642#issuecomment-1126794501

kerem commented 2026-03-16 00:14:59 +03:00

Author

Owner

Copy link

@djc commented on GitHub (Nov 24, 2022):

Okay, so we can close this as a duplicate of #1642? You're not being very explicit about the purpose of this issue.

<!-- gh-comment-id:1326737215 --> @djc commented on GitHub (Nov 24, 2022): Okay, so we can close this as a duplicate of #1642? You're not being very explicit about the purpose of this issue.

kerem commented 2026-03-16 00:15:04 +03:00

Author

Owner

Copy link

@HLFH commented on GitHub (Nov 24, 2022):

@djc This is not a duplicate of https://github.com/bluejekyll/trust-dns/issues/1642. I am not asking to support for EC keys.
I am submitting a bug.

I just don't understand why the sample conf. provided by Trust-DNS for DNS over TLS links to a PKCS12 file 'sec/example.p12' that makes Trust-DNS fail.

<!-- gh-comment-id:1326740233 --> @HLFH commented on GitHub (Nov 24, 2022): @djc This is not a duplicate of https://github.com/bluejekyll/trust-dns/issues/1642. I am not asking to support for EC keys. I am submitting a bug. I just don't understand why the sample conf. provided by Trust-DNS for DNS over TLS links to a PKCS12 file 'sec/example.p12' that makes Trust-DNS fail.

kerem commented 2026-03-16 00:15:09 +03:00

Author

Owner

Copy link

@darnuria commented on GitHub (Nov 26, 2022):

I can confirm that we have some issue with OpensslV3 on Manjaro. I was able to reproduce the CI issue with openssl tools

This Issue is linked to the infamous error in CI that poped last week.

# Pass in certificate generation script
openssl x509 -inform der -in tests/test-data/cert.p12 -outform pem | openssl verify -CAfile CA/ca.crt

Error loading file CA/ca.crt
40377C9EA17F0000:error:80000002:system library:BIO_new_file:No such file or directory:crypto/bio/bss_file.c:67:calling fopen(CA/ca.crt, r)
40377C9EA17F0000:error:10000080:BIO routines:BIO_new_file:no such file:crypto/bio/bss_file.c:75:
40377C9EA17F0000:error:05880002:x509 certificate routines:X509_load_cert_crl_file_ex:system lib:crypto/x509/by_file.c:228:
Enter pass phrase for PKCS12 import pass phrase:
Could not read certificate from tests/test-data/cert.p12
40875A8CF87F0000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:373:Global default library context, Algorithm (RC2-40-CBC : 0), Properties ()
Unable to load certificate

<!-- gh-comment-id:1328036522 --> @darnuria commented on GitHub (Nov 26, 2022): I can confirm that we have some issue with OpensslV3 on Manjaro. I was able to reproduce the CI issue with openssl tools This Issue is linked to the infamous error in CI that poped last week. ``` # Pass in certificate generation script openssl x509 -inform der -in tests/test-data/cert.p12 -outform pem | openssl verify -CAfile CA/ca.crt Error loading file CA/ca.crt 40377C9EA17F0000:error:80000002:system library:BIO_new_file:No such file or directory:crypto/bio/bss_file.c:67:calling fopen(CA/ca.crt, r) 40377C9EA17F0000:error:10000080:BIO routines:BIO_new_file:no such file:crypto/bio/bss_file.c:75: 40377C9EA17F0000:error:05880002:x509 certificate routines:X509_load_cert_crl_file_ex:system lib:crypto/x509/by_file.c:228: Enter pass phrase for PKCS12 import pass phrase: Could not read certificate from tests/test-data/cert.p12 40875A8CF87F0000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:373:Global default library context, Algorithm (RC2-40-CBC : 0), Properties () Unable to load certificate ```

kerem commented 2026-03-16 00:15:14 +03:00

Author

Owner

Copy link

@HLFH commented on GitHub (Nov 28, 2022):

Currently, trust-dns does not support PKCS12, and rustls seems not to support it either, so it's probably a won't fix for trust-dns at this moment as it needs to wait for rustls to support it.

I tried to install trust-dns with this Arch Linux AUR package but it includes a patch that unlink the dns-over-native-tls feature, and therefore openssl, and links instead to dns-over-rustls. That is why I got the error. I finally packaged trust-dns-git on Arch Linux AUR to solve this issue, and I will continue to maintain this package. No more issues for me on my side with the right features enabled.

I consider this issue as a won't fix for trust-dns as the initial issue is a rustls issue.
Closing.

@darnuria I think the other issue you mentioned is fixed with the PR https://github.com/bluejekyll/trust-dns/pull/1841 and thanks to your initial PR that was solving half of it.

<!-- gh-comment-id:1329340582 --> @HLFH commented on GitHub (Nov 28, 2022): Currently, [trust-dns does not support PKCS12](https://github.com/bluejekyll/trust-dns/issues/1642#issuecomment-1126830656), and `rustls` seems not to support it either, so it's probably a won't fix for `trust-dns` at this moment as it needs to wait for `rustls` to support it. I tried to install `trust-dns` with [this Arch Linux AUR package]( https://aur.archlinux.org/packages/trust-dns) but it includes a patch that unlink the `dns-over-native-tls` feature, and therefore `openssl`, and links instead to `dns-over-rustls`. That is why I got the error. I finally packaged [trust-dns-git](https://aur.archlinux.org/packages/trust-dns-git) on Arch Linux AUR to solve this issue, and I will continue to maintain this package. No more issues for me on my side with the right features enabled. I consider this issue as a won't fix for `trust-dns` as the initial issue is a rustls issue. Closing. @darnuria I think the other issue you mentioned is fixed with the PR https://github.com/bluejekyll/trust-dns/pull/1841 and thanks to your initial PR that was solving half of it.

kerem commented 2026-03-16 00:15:19 +03:00

Author

Owner

Copy link

@darnuria commented on GitHub (Dec 3, 2022):

No problem happy to see it fixed! :)

<!-- gh-comment-id:1336153806 --> @darnuria commented on GitHub (Dec 3, 2022): No problem happy to see it fixed! :)

kerem referenced this issue 2026-03-16 02:19:46 +03:00

[PR #789] [CLOSED] Bump byteorder from 1.3.1 to 1.3.2 #1684

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

release/0.26

david/conformance-dnssec-negative-tests

query-api

opt-types

cname-nsec

no-cname-recursion

conformance-min-ttl

dname-base

drop-message-request

no-error-queries

cpu-sig0-rm-message-sig_dev

cpu-tsig-test-update_dev

windows-config

dnssec-net

release/0.25

opp-enc-persist

integration-test

cpu-tidying-recursor-opts_dev

happy-eyeballs

david/authoritative-zone-storage-trait

dnssec-ad

no-authority

release/0.24

pvdrz/remove-top-file

pvdrz/h3-handshake-timeout

pvdrz/quic-handshake-timeout

nxdomain-for-recursor

ja-test-merque-queue

ja-fix-ci-again

sz-add-ede-tests

sz-test-tc-bit-with-large-response

sz-fix-tokio-dependency

gh-2275-test-rrsig-signature

refactor-sign-zone-file

fix-1.79-cleanliness

update-nightly-hash

release/0.23

gh-pages

use-just-for-server-toml

release/0.22

revert-1874-cpu-zone-parse-default-class

disable-bind-compatibility-tests

disable-test_tls_client_stream_ipv4

update-native-tls-0.2.11

recursor-tests

fix-clippy-self

release/0.20

saethlin-fix-rdata-zero

release/0.19

flat_name

drop_unused_futures

release/0.18

release-r0.12-cs0.17

release/r0.12-cs0.17

trust-dns-book

r0.10

test-connections-not-dropped

fix_exec_status_on_rs_files

release-0.9

add-mutex-to-integration-tests

0.8_release

bfry/dns-crypt

v0.26.0

v0.26.0-beta.4

v0.26.0-beta.3

v0.26.0-beta.2

v0.26.0-beta.1

v0.26.0-alpha.1

v0.25.2

v0.25.1

v0.25.0

v0.24.4

v0.24.3

v0.25.0-alpha.5

v0.24.2

v0.25.0-alpha.4

v0.25.0-alpha.3

v0.25.0-alpha.2

v0.25.0-alpha.1

v0.24.1

v0.23.2

v0.24.0

v0.23.1

v0.23.0

v0.23.0-alpha.5

v0.23.0-alpha.4

v0.23.0-alpha.3

v0.22.1

v0.23.0-alpha.2

v0.23.0-alpha.1

v0.22.0

v0.21.2

v0.21.1

v0.21.0

v0.21.0-alpha.5

v0.20.4

v0.21.0-alpha.4

v0.21.0-alpha.3

v0.21.0-alpha.2

v0.21.0-alpha.1

v0.20.3

v0.20.2

v0.20.1

v0.19.7

v0.20.0

0.19.6

v0.20.0-alpha.3

v0.20.0-alpha.2

v0.20.0-alpha.1

0.19.5

0.19.4

0.19.3

0.19.0

0.18.1

0.18

0.18.0.alpha.2

r0.12_cs0.17

r0.11.1

cs0.16.1

r0.11

cs0.16

r0.10.1

r0.10.0

cs0.15.0

r0.9.1

v0.14.0

r0.9.0

r0.8.1

r0.8.0

v0.13.0

r0.7.0

c0.12.0

r0.6.0

r0.5.0

resolver.0.4.0

0.11.0

0.10.5

0.10.4

0.10.3

0.10.2

0.10.1

0.10.0

0.9.3

0.9.2

0.9.1

0.9.0

0.8.1

0.8.0

0.7.3

0.7.2

0.7.1

0.7.0

0.6.0

0.5.3

0.5.1

0.5.0

0.4.0

0.3.1

0.3.0

0.2.1

0.2.0

0.1.0

Labels

Clear labels   

blocked

  

breaking-change

  

bug

  

bug:critical

  

bug:tests

  

cleanup

  

compliance

  

compliance

  

compliance

  

crate:all

  

crate:client

  

crate:native-tls

  

crate:proto

  

crate:recursor

  

crate:resolver

  

crate:resolver

  

crate:rustls

  

crate:server

  

crate:util

  

dependencies

  

docs

  

duplicate

  

easy

  

easy

  

enhance

  

enhance

  

enhance

  

feature:dns-over-https

  

feature:dns-over-quic

  

feature:dns-over-tls

  

feature:dnsssec

  

feature:global_lb

  

feature:mdns

  

feature:tsig

  

features:edns

  

has workaround

  

ops

  

perf

  

platform:WASM

  

platform:android

  

platform:fuchsia

  

platform:linux

  

platform:macos

  

platform:windows

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

test

  

tools

  

tools

  

trust

  

unclear

  

wontfix

No labels

blocked

breaking-change

bug

bug:critical

bug:tests

cleanup

compliance

compliance

compliance

crate:all

crate:client

crate:native-tls

crate:proto

crate:recursor

crate:resolver

crate:resolver

crate:rustls

crate:server

crate:util

dependencies

docs

duplicate

easy

easy

enhance

enhance

enhance

feature:dns-over-https

feature:dns-over-quic

feature:dns-over-tls

feature:dnsssec

feature:global_lb

feature:mdns

feature:tsig

features:edns

has workaround

ops

perf

platform:WASM

platform:android

platform:fuchsia

platform:linux

platform:macos

platform:windows

pull-request

question

test

tools

tools

trust

unclear

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/hickory-dns#789

No description provided.