starred/hickory-dns
1
0
Fork 0
mirror of https://github.com/hickory-dns/hickory-dns.git synced 2026-04-25 03:05:51 +03:00
Code Issues 373 Projects Releases 6 Packages Wiki Activity

[GH-ISSUE #1893] Trust-DNS mDNS and DNS-SD Support #810

New issue
Open
opened 2026-03-16 00:20:04 +03:00 by kerem · 4 comments
kerem commented 2026-03-16 00:20:04 +03:00
Owner
Copy link

Originally created by @darconeous on GitHub (Feb 7, 2023).
Original GitHub issue: https://github.com/hickory-dns/hickory-dns/issues/1893

Trust-DNS currently has only experimental support for mDNS and DNS-SD that has not been maintained since its introduction. I intend to do most of the implementation work, but wanted to engage with the community about the design before I get too far into development.

This description is a living document. As the discussion continues, I will update the plan here in the description so that it is easy to get up to speed.

High Level Goals

  • Implement RFC 6762-compliant support for mDNS:
    • Support for legacy unicast-response mDNS resolver mode
    • Support for full mDNS responder/resolver mode
    • Aim for implementing all "SHOULD" features mentioned in the RFC
  • Implement RFC 6763-compliant support for DNS-SD:
    • Support for browse/registration with multicast DNS.
    • Support for browse with unicast DNS.
      • Unicast service registration and long-lived-queries are not an immediate priority.

Usage

Support for DNS-SD is fairly straightforward for both unicast DNS and multicast DNS. In theory you could have multiple instances of DNS-SD running per application and it should work out just fine, as long as those instances have a consistent interface for resolving and publishing records.

On the other hand, mDNS is tricky. There can really only be a single "mDNS responder" running on a machine. In the absence of some sort of IPC allowing applications to communicate with the mDNS responder running on the system. The "legacy unicast-response mDNS resolver mode" allows the mDNS queries to be made without coordination with a centralized mDNS responder, but it has several limitations, such as the inability to receive updates dynamically without polling.

So far, Trust DNS has avoided getting into the IPC game. At this point I recommend we punt on the IPC question, and instead base our design on a "Pseudo IPC" that is shaped similarly to what we would like to see on an ideal system.

Design Proposal

I'm proposing a two-layer design: a record querying/publishing layer and a service discovery layer.

Design: Record Querying/Publishing Layer

Conceptually, there are unicast domains and there are multicast domains (and here there are two different ways of querying them). We can summarize these as DNS, mDNS, and Legacy Unicast mDNS. For each flavor, we need a way to do the following:

  • Short-lived queries
  • Long-lived queries
  • Push record updates

Since we want to support DNS, mDNS, and Unicast-Response mDNS, the mechanisms necessary on-the-wire are nicely summarized in the following table:

Query Type DNS mDNS Unicast-Response mDNS
Short-lived queries RFC1035 RFC6762 s5.2 RFC6762 s5.1
Long-lived queries RFC8764 RFC6762 s5.2 N/A
Push record updates RFC2136 draft-ietf-dnssd-srp RFC6762 s8.3 N/A

Key:

  • : Implemented
  • ️: Not implemented at all
  • : Partially implemented
  • N/A: Not applicable

Ideally we could expose a trait or some other sort of interface that could allow us to perform these three operations independently of knowing the underlying transport.

This layer would also need to feature a system domain management system for doing things like adding new unicast browsing/registration domains, determining which domains should be used as 'search' domains, default domain browse/registration behavior, etc. Here are the specific list of properties/flags associated with a "system domain":

  • search — Is this domain used as a suffix when resolving single-label hostnames?
  • uses_punycode
  • dnssd_browsable — Is this domain browsable?
  • dnssd_browsable_default — Should this domain be browsed by default?
  • dnssd_registrable — Can services be registered to this domain?
  • dnssd_registrable_default — Should services be registered to this domain by default?

TBD: Which Crate?

Design: Service Discovery Layer

The service discovery layer would use the API exposed by the record querying/publishing layer to implement the full DNS-SD spec independently of the underlying mechanism. This would allow a service to be registered on all "default" registration domains and allow for browsing all "default" domains (which might be a mixture of unicast and multicast domains).

Additionally to just being able to publish and resolve services for the current host, we also need to be able to support proxy hosts and local aliases.

A proxy host are service+host records that we manage on behalf of another host. This is especially important when implementing a Discovery Proxy.

A Local Alias is similar to a Proxy Host, except that the hostname always resolves to the local machine. This is important for supporting Matter, due to an unfortunate SHALL requirement on the format of the hostname in that specification.

TBD: Which Crate?

The actual act of discovering services should be broken down into two steps: Browsing and Resolving.

Browsing

Browsing is how you discover services. To browse for a service, you need the following information:

  • service_type (Ex: _ssh._tcp)
  • Optional Fields
    • interface_id
    • domain (Ex: local )
    • subtypes (Ex: _printer)
    • exclude_local_services — Flag for excluding locally-hosted services, including those hosted by a local alias.
    • exclude_proxied_services — Flag for excluding services proxied by this device.
    • exclude_ipv4_mdns — Prevents the associated query from sending IPv4 mDNS packets.

The browse operation will collect the following information for each service:

  • The name of the service
  • The domain for that service
  • If relevant, the interface identifier that this service was discovered on.

Browsing is an inherently asynchronous operation. Rarely does someone want to just return the first result.

Resolving

Once a service has been discovered and the program wants to look up more information (perhaps to connect to it), you must then resolve the service. Resolving a service is analogous to resolving a hostname.

You supply the above three parameters (plus the service type) to the service resolver and, if successful, will give you the following:

  • Fully qualified domain name of the service (Ex: MyDevice._ssh._tcp.local.)
  • Fully qualified domain name of the host (Ex: my-device.local.)
  • Port number
  • Array of TXT entries
  • Array of addresses
  • TTL

Note that resolution always resolves to a single service, but that single service might change dynamically, for example if the TXT records change. Thus, resolution is asynchronous and can return many updates over time. However in most cases the user is only going to care about the first result.

Registration

The registration interface should ideally be something that is shared for local services, proxy hosts, and local aliases.

Additional information on the structure of the registration system is coming shortly.

Open Questions

Internationalized Name Handling

mDNS and DNS use different mechanisms for hostname and domain internationalization. DNS has standardized around punycode for hostnames, whereas mDNS hostname must use only UTF-8. To make matters more complicated, RFC 6763-compliant subtype labels aren't even required to be valid UTF-8:

Subtype strings (e.g., _printer in the example above) may be constructed using arbitrary 8-bit data values. In many cases these data values may be UTF-8 RFC3629 representations of text, or even (as in the example above) plain ASCII [RFC20](https://www.rfc-editor.org/rfc/rfc20 ASCII format for network interchange), but they do not have to be. Note, however, that even when using arbitrary 8-bit data for subtype strings, DNS name comparisons are still case-insensitive, so (for example) the byte values 0x41 and 0x61 will be considered equivalent for subtype comparison purposes. — RFC 6762, Section 7

This is tricky because Trust-DNS seems to integrate IDNA logic at a deep level. All DNS labels internally are punycode ASCII, which is not going to be compatible with the mDNS specification nor DNS-SD specification. Some careful thought will need to be put into how this is handled.

Note that IDNA applies only to host names and domain names. It does not apply to service names, service types, and subtypes. For example, service name labels are always UTF-8 across both DNS and mDNS. It's the hostnames that are the tricky part.

Addendum: Multicast Domains

One might think that there is only one multicast domain: .local., however, there are actually several outlined in RFC6761:

  • .local.
  • .10.in-addr.arpa.
  • .[16-31].172.in-addr.arpa.
  • .168.192.in-addr.arpa.
  • .168.192.in-addr.arpa.
  • .0.8.e.f.ip6.arpa.

These all need to be supported.

Addendum: References

  • RFC6761: Special use domain names
  • RFC6762: Multicast DNS
  • RFC6763: DNS Service Discovery
  • RFC8764: Apple's DNS Long-Lived Queries Protocol
  • RFC8766: Discovery Proxy for Multicast DNS-Based Service Discovery
  • draft-ietf-dnssd-srp: Service Registration Protocol for DNS-Based Service Discovery

Immediate Action Items

Below are the list of action items. This list will be expanded as the design takes shape.

Originally created by @darconeous on GitHub (Feb 7, 2023). Original GitHub issue: https://github.com/hickory-dns/hickory-dns/issues/1893 Trust-DNS currently has only experimental support for mDNS and DNS-SD that has not been maintained since its introduction. I intend to do most of the implementation work, but wanted to engage with the community about the design before I get too far into development. This description is a living document. As the discussion continues, I will update the plan here in the description so that it is easy to get up to speed. ## High Level Goals ## * Implement [RFC 6762](https://www.rfc-editor.org/rfc/rfc6762)-compliant support for mDNS: * Support for legacy unicast-response mDNS resolver mode * Support for full mDNS responder/resolver mode * Aim for implementing all "*SHOULD*" features mentioned in the RFC * Implement [RFC 6763](https://www.rfc-editor.org/rfc/rfc6763)-compliant support for DNS-SD: * Support for browse/registration with multicast DNS. * Support for browse with unicast DNS. * Unicast service registration and long-lived-queries are not an immediate priority. ## Usage ## Support for DNS-SD is fairly straightforward for both unicast DNS and multicast DNS. In theory you could have multiple instances of DNS-SD running per application and it should work out just fine, as long as those instances have a consistent interface for resolving and publishing records. On the other hand, mDNS is tricky. There can really only be a single "mDNS responder" running on a machine. In the absence of some sort of IPC allowing applications to communicate with the mDNS responder running on the system. The "legacy unicast-response mDNS resolver mode" allows the mDNS queries to be made without coordination with a centralized mDNS responder, but it has several limitations, such as the inability to receive updates dynamically without polling. So far, Trust DNS has avoided getting into the IPC game. At this point I recommend we punt on the IPC question, and instead base our design on a "Pseudo IPC" that is shaped similarly to what we would like to see on an ideal system. ## Design Proposal I'm proposing a two-layer design: a record querying/publishing layer and a service discovery layer. ## Design: Record Querying/Publishing Layer Conceptually, there are unicast domains and there are multicast domains (and here there are two different ways of querying them). We can summarize these as DNS, mDNS, and Legacy Unicast mDNS. For each flavor, we need a way to do the following: * Short-lived queries * Long-lived queries * Push record updates Since we want to support DNS, mDNS, and Unicast-Response mDNS, the mechanisms necessary on-the-wire are nicely summarized in the following table: | Query Type | DNS | mDNS | Unicast-Response mDNS | |---------------------|-----------|---------------|---------------| | Short-lived queries | ✅ [RFC1035](https://www.rfc-editor.org/rfc/rfc1035) | ❓[RFC6762 s5.2](https://www.rfc-editor.org/rfc/rfc6762#section-5.2) |❓[RFC6762 s5.1](https://www.rfc-editor.org/rfc/rfc6762#section-5.1) | | Long-lived queries | ⭕️ [RFC8764](https://datatracker.ietf.org/doc/html/rfc8764 "Apple's DNS Long-Lived Queries Protocol") | ❓[RFC6762 s5.2](https://www.rfc-editor.org/rfc/rfc6762#section-5.2) | N/A | | Push record updates | ✅ [RFC2136](https://www.rfc-editor.org/rfc/rfc2136) ⭕️[draft-ietf-dnssd-srp](https://datatracker.ietf.org/doc/html/draft-ietf-dnssd-srp) | ❓[RFC6762 s8.3](https://www.rfc-editor.org/rfc/rfc6762#section-8.3) | N/A | Key: * ✅: Implemented * ⭕️: Not implemented at all * ❓: Partially implemented * N/A: Not applicable Ideally we could expose a trait or some other sort of interface that could allow us to perform these three operations independently of knowing the underlying transport. This layer would also need to feature a system domain management system for doing things like adding new unicast browsing/registration domains, determining which domains should be used as 'search' domains, default domain browse/registration behavior, etc. Here are the specific list of properties/flags associated with a "system domain": * `search` — Is this domain used as a suffix when resolving single-label hostnames? * `uses_punycode` * `dnssd_browsable` — Is this domain browsable? * `dnssd_browsable_default` — Should this domain be browsed by default? * `dnssd_registrable` — Can services be registered to this domain? * `dnssd_registrable_default` — Should services be registered to this domain by default? TBD: Which Crate? ## Design: Service Discovery Layer The service discovery layer would use the API exposed by the record querying/publishing layer to implement the full DNS-SD spec independently of the underlying mechanism. This would allow a service to be registered on all "default" registration domains and allow for browsing all "default" domains (which might be a mixture of unicast and multicast domains). Additionally to just being able to publish and resolve services for the current host, we also need to be able to support *proxy hosts* and *local aliases*. A proxy host are service+host records that we manage on behalf of another host. This is especially important when implementing a [Discovery Proxy](https://www.rfc-editor.org/rfc/rfc8766.html). A Local Alias is similar to a Proxy Host, except that the hostname always resolves to the local machine. This is important for supporting [Matter](https://csa-iot.org/all-solutions/matter/), due to an unfortunate *SHALL* requirement on the format of the hostname in that specification. TBD: Which Crate? The actual act of discovering services should be broken down into two steps: Browsing and Resolving. ### Browsing Browsing is how you discover services. To browse for a service, you need the following information: * `service_type` (Ex: `_ssh._tcp`) * Optional Fields * `interface_id` * `domain` (Ex: `local` ) * `subtypes` (Ex: `_printer`) * `exclude_local_services` — Flag for excluding locally-hosted services, including those hosted by a *local alias*. * `exclude_proxied_services` — Flag for excluding services proxied by this device. * `exclude_ipv4_mdns` — Prevents the associated query from sending IPv4 mDNS packets. The browse operation will collect the following information for each service: * The name of the service * The domain for that service * If relevant, the interface identifier that this service was discovered on. Browsing is an inherently asynchronous operation. Rarely does someone want to just return the first result. ### Resolving Once a service has been discovered and the program wants to look up more information (perhaps to connect to it), you must then *resolve* the service. Resolving a service is analogous to resolving a hostname. You supply the above three parameters (plus the service type) to the service resolver and, if successful, will give you the following: * Fully qualified domain name of the service (Ex: `MyDevice._ssh._tcp.local.`) * Fully qualified domain name of the host (Ex: `my-device.local.`) * Port number * Array of TXT entries * Array of addresses * TTL Note that resolution always resolves to a single service, but that single service might change dynamically, for example if the TXT records change. Thus, resolution is asynchronous and can return many updates over time. However in most cases the user is only going to care about the first result. ### Registration The registration interface should ideally be something that is shared for local services, proxy hosts, and local aliases. Additional information on the structure of the registration system is coming shortly. ## Open Questions #### Internationalized Name Handling mDNS and DNS use different mechanisms for hostname and domain internationalization. DNS has standardized around [punycode](https://www.rfc-editor.org/rfc/rfc3492) for hostnames, whereas [mDNS hostname must use only UTF-8](https://www.rfc-editor.org/rfc/rfc6762.html#appendix-F). To make matters more complicated, [RFC 6763](https://www.rfc-editor.org/rfc/rfc6763)-compliant subtype labels aren't even required to be valid UTF-8: > Subtype strings (e.g., `_printer` in the example above) may be constructed using **arbitrary 8-bit data values**. In many cases these data values may be UTF-8 [RFC3629](https://www.rfc-editor.org/rfc/rfc3629) representations of text, or even (as in the example above) plain ASCII [RFC20](https://www.rfc-editor.org/rfc/rfc20 ASCII format for network interchange), but they do not have to be. Note, however, that even when using arbitrary 8-bit data for subtype strings, DNS name comparisons are still case-insensitive, so (for example) the byte values 0x41 and 0x61 will be considered equivalent for subtype comparison purposes. — RFC 6762, Section 7 This is tricky because Trust-DNS seems to [integrate IDNA logic at a deep level](https://github.com/bluejekyll/trust-dns/blob/main/crates/proto/src/rr/domain/label.rs#L53). All DNS labels internally are punycode ASCII, which is not going to be compatible with the mDNS specification nor DNS-SD specification. Some careful thought will need to be put into how this is handled. Note that IDNA applies *only* to host names and domain names. It does not apply to service names, service types, and subtypes. For example, service name labels are always UTF-8 across both DNS and mDNS. It's the hostnames that are the tricky part. ## Addendum: Multicast Domains One might think that there is only one multicast domain: `.local.`, however, there are actually [several outlined in RFC6761](https://www.rfc-editor.org/rfc/rfc6761): * `.local.` * `.10.in-addr.arpa.` * `.[16-31].172.in-addr.arpa.` * `.168.192.in-addr.arpa.` * `.168.192.in-addr.arpa.` * `.0.8.e.f.ip6.arpa.` These all need to be supported. ## Addendum: References * [RFC6761](https://www.rfc-editor.org/rfc/rfc6761): Special use domain names * [RFC6762](https://www.rfc-editor.org/rfc/rfc6762): Multicast DNS * [RFC6763](https://www.rfc-editor.org/rfc/rfc6763): DNS Service Discovery * [RFC8764](https://datatracker.ietf.org/doc/html/rfc8764 "Apple's DNS Long-Lived Queries Protocol"): Apple's DNS Long-Lived Queries Protocol * [RFC8766](https://www.rfc-editor.org/rfc/rfc8766.html): Discovery Proxy for Multicast DNS-Based Service Discovery * [draft-ietf-dnssd-srp](https://datatracker.ietf.org/doc/html/draft-ietf-dnssd-srp): Service Registration Protocol for DNS-Based Service Discovery ## Immediate Action Items ## Below are the list of action items. This list will be expanded as the design takes shape. * [ ] [Update NameServerPool to support multiple mDNS "servers"](https://github.com/bluejekyll/trust-dns/blob/main/crates/resolver/src/name_server/name_server_pool.rs#L43). This is needed so that we can support IPv4, IPv6, and perhaps other multicast addresses (for testing purposes) * [ ] [Update NameServer to support IPv6 in addition to IPv4](https://github.com/bluejekyll/trust-dns/blob/main/crates/resolver/src/name_server/name_server.rs#L236). * [ ] [Decouple DNS-SD from mDNS](https://github.com/bluejekyll/trust-dns/blob/main/crates/resolver/src/dns_sd.rs#L9). * [ ] [Avoid parsing the value of TXT records as UTF8](https://github.com/bluejekyll/trust-dns/blob/main/crates/resolver/src/dns_sd.rs#L143), since raw-binary non-UTF8 TXT record values are legal in the DNS-SD spec. * [ ] [Expand the suite of integration tests to better cover mDNS and possibly DNS-SD](https://github.com/bluejekyll/trust-dns/blob/main/tests/integration-tests/tests/mdns_tests.rs). * [ ] Change the assumptions+documentation behind the `Label` type in the trustdns-proto crate to account for how non-UTF8 non-Punycoded labels will work in practice. * [ ] Introduce a new crate for providing service registration and possibly service discovery support, alongside the resolve crate.
kerem commented 2026-03-16 00:20:15 +03:00
Author
Owner
Copy link

@djc commented on GitHub (Feb 8, 2023):

Great news that you will be investing in mDNS/DNS-SD, and welcome to the trust-dns community!

Just to set expectations, @bluejekyll has recently not been able to spend a lot of time on this crate (but I don't know what his outlook is for the near future) and I try to review proactively but I'm mostly unfamiliar with DNS-SD/mDNS. Therefore, review capacity of the changes you propose will be limited. In order to make the most of it, please (a) chunk up the work in small PRs (your action items look pretty good), (b) make sure to keep commits small even within a PR -- separate mechanical and logical changes, separate refactoring vs adding features/fixing bugs and (c) please provide good context for your changes so that even I can follow along.

As for the which crate question, I'm not sure I have good answers here, and I guess it might depend on the volume of code you'll be adding to support mDNS and DNS-SD. Personally I've been thinking that we should consider splitting out networking code (that is, anything involving a UDP socket or TCP stream, including all the async machinery) into a new trust-dns-net crate, which could potentially also accomodate some of this work. This would leave the proto crate to be only about parsing and serializing DNS records (and streams of records, where applicable), which is usually good design.

I'd be interested to hear more about the context in which you're doing this work/what your use case is! (Can I take a guess that Nest devices might be interested in adopting Fuchsia and would need this stuff?)

<!-- gh-comment-id:1422225177 --> @djc commented on GitHub (Feb 8, 2023): Great news that you will be investing in mDNS/DNS-SD, and welcome to the trust-dns community! Just to set expectations, @bluejekyll has recently not been able to spend a lot of time on this crate (but I don't know what his outlook is for the near future) and I try to review proactively but I'm mostly unfamiliar with DNS-SD/mDNS. Therefore, review capacity of the changes you propose will be limited. In order to make the most of it, please (a) chunk up the work in small PRs (your action items look pretty good), (b) make sure to keep commits small even within a PR -- separate mechanical and logical changes, separate refactoring vs adding features/fixing bugs and (c) please provide good context for your changes so that even I can follow along. As for the which crate question, I'm not sure I have good answers here, and I guess it might depend on the volume of code you'll be adding to support mDNS and DNS-SD. Personally I've been thinking that we should consider splitting out networking code (that is, anything involving a UDP socket or TCP stream, including all the async machinery) into a new trust-dns-net crate, which could potentially also accomodate some of this work. This would leave the proto crate to be only about parsing and serializing DNS records (and streams of records, where applicable), which is usually good design. I'd be interested to hear more about the context in which you're doing this work/what your use case is! (Can I take a guess that Nest devices might be interested in adopting Fuchsia and would need this stuff?)
kerem commented 2026-03-16 00:20:20 +03:00
Author
Owner
Copy link

@darconeous commented on GitHub (Feb 8, 2023):

Just to set expectations, @bluejekyll has recently not been able to spend a lot of time on this crate (but I don't know what his outlook is for the near future) and I try to review proactively but I'm mostly unfamiliar with DNS-SD/mDNS. Therefore, review capacity of the changes you propose will be limited. In order to make the most of it, please (a) chunk up the work in small PRs (your action items look pretty good), (b) make sure to keep commits small even within a PR -- separate mechanical and logical changes, separate refactoring vs adding features/fixing bugs and (c) please provide good context for your changes so that even I can follow along.

Will do. My first efforts will be to clean up and solidify the mDNS side of things, making sure resolution works, publishing records, etc. There is a lot of work that needs to be done there.

As for the which crate question, I'm not sure I have good answers here, and I guess it might depend on the volume of code you'll be adding to support mDNS and DNS-SD. Personally I've been thinking that we should consider splitting out networking code (that is, anything involving a UDP socket or TCP stream, including all the async machinery) into a new trust-dns-net crate, which could potentially also accomodate some of this work. This would leave the proto crate to be only about parsing and serializing DNS records (and streams of records, where applicable), which is usually good design.

Perhaps, but I'm not sure what we would get over refactoring that code into a crate rather than into a module. Breaking things up into modules allows us to only include the parts that we need, and the proto crate seems like it would be needed everywhere this networking crate would be needed. Refactoring the networking code into a submodule in proto seems reasonable, if it isn't already factored like that (can't remember off the top of my head).

I'd be interested to hear more about the context in which you're doing this work/what your use case is! (Can I take a guess that Nest devices might be interested in adopting Fuchsia and would need this stuff?)

As you likely already know, Fuchsia uses Trust-DNS as its system resolver. We were looking into rewriting our mDNS/DNS-SD implementation to be a bit easier to maintain over the long run, and internal discussions led us to consider moving all DNS-related stuff into our DNS resolver component, which is basically just a wrapper around Trust-DNS. The updated component will support a new DNS-SD specific API.

Github Discussions

Any chance we could turn on the "Discussions" feature for this project and migrate this issue to a discussion? Discussions allow for threads and have other nice features.

Caching

One thing I now remember I wanted some insight on was how caching works. Having a look at dns_lru.rs...

If I understand the current DNS cache behavior, it is based on queries. Individual queries are cached along with the responses. But individual records can have their own TTLs. For example, if we do an SRV lookup for _http._tcp.example.com, we might get back some A and AAAA records for www.example.com in the additional records section. But if we later (before the TTL expired) query the AAAA record for www.example.com, it looks like the query wouldn't match and we would have to hit the wire again, even though we theoretically have the record in the cache.

I ask this because in mDNS we will have responses coming in without explicit queries. Ideally we would cache these so that we can avoid sending out queries when we don't need to. But I'm not sure how to fit that into the way the cache system is currently set up, other than making up a fake query when we get an update on the wire.

I get that some sort of query-cache is necessary in order to have negative responses be cached.

But maybe I'm misunderstanding something?

<!-- gh-comment-id:1423330961 --> @darconeous commented on GitHub (Feb 8, 2023): > Just to set expectations, @bluejekyll has recently not been able to spend a lot of time on this crate (but I don't know what his outlook is for the near future) and I try to review proactively but I'm mostly unfamiliar with DNS-SD/mDNS. Therefore, review capacity of the changes you propose will be limited. In order to make the most of it, please (a) chunk up the work in small PRs (your action items look pretty good), (b) make sure to keep commits small even within a PR -- separate mechanical and logical changes, separate refactoring vs adding features/fixing bugs and (c) please provide good context for your changes so that even I can follow along. Will do. My first efforts will be to clean up and solidify the mDNS side of things, making sure resolution works, publishing records, etc. There is a lot of work that needs to be done there. > As for the which crate question, I'm not sure I have good answers here, and I guess it might depend on the volume of code you'll be adding to support mDNS and DNS-SD. Personally I've been thinking that we should consider splitting out networking code (that is, anything involving a UDP socket or TCP stream, including all the async machinery) into a new trust-dns-net crate, which could potentially also accomodate some of this work. This would leave the proto crate to be only about parsing and serializing DNS records (and streams of records, where applicable), which is usually good design. Perhaps, but I'm not sure what we would get over refactoring that code into a crate rather than into a module. Breaking things up into modules allows us to only include the parts that we need, and the `proto` crate seems like it would be needed everywhere this networking crate would be needed. Refactoring the networking code into a submodule in `proto` seems reasonable, if it isn't already factored like that (can't remember off the top of my head). > I'd be interested to hear more about the context in which you're doing this work/what your use case is! (Can I take a guess that Nest devices might be interested in adopting Fuchsia and would need this stuff?) As you likely already know, Fuchsia uses Trust-DNS as its system resolver. We were looking into rewriting our mDNS/DNS-SD implementation to be a bit easier to maintain over the long run, and internal discussions led us to consider moving all DNS-related stuff into our [DNS resolver component](https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/src/connectivity/network/dns/), which is basically just a wrapper around Trust-DNS. The updated component will support a [new DNS-SD specific API](https://fxrev.dev/742875). -------------- ### Github Discussions Any chance we could turn on the "Discussions" feature for this project and migrate this issue to a discussion? Discussions allow for threads and have other nice features. -------------- ### Caching One thing I now remember I wanted some insight on was how caching works. Having a look at [`dns_lru.rs`](https://github.com/bluejekyll/trust-dns/blob/main/crates/resolver/src/dns_lru.rs)... If I understand the current DNS cache behavior, it is based on queries. Individual queries are cached along with the responses. But individual records can have their own TTLs. For example, if we do an `SRV` lookup for `_http._tcp.example.com`, we might get back some `A` and `AAAA` records for `www.example.com` in the additional records section. But if we later (before the TTL expired) query the `AAAA` record for `www.example.com`, it looks like the query wouldn't match and we would have to hit the wire again, even though we theoretically have the record in the cache. I ask this because in mDNS we will have responses coming in *without explicit queries*. Ideally we would cache these so that we can avoid sending out queries when we don't need to. But I'm not sure how to fit that into the way the cache system is currently set up, other than making up a fake query when we get an update on the wire. I get that some sort of query-cache is necessary in order to have negative responses be cached. But maybe I'm misunderstanding something?
kerem commented 2026-03-16 00:20:25 +03:00
Author
Owner
Copy link

@djc commented on GitHub (Feb 14, 2023):

Any chance we could turn on the "Discussions" feature for this project and migrate this issue to a discussion? Discussions allow for threads and have other nice features.

Enabling Discussions makes sense to me. @bluejekyll what do you think? @darconeous you might also be interested in joining our Discord server.

But maybe I'm misunderstanding something?

Probably not, this is likely just an oversight/missed optimization.

<!-- gh-comment-id:1429311338 --> @djc commented on GitHub (Feb 14, 2023): > Any chance we could turn on the "Discussions" feature for this project and migrate this issue to a discussion? Discussions allow for threads and have other nice features. Enabling Discussions makes sense to me. @bluejekyll what do you think? @darconeous you might also be interested in joining our Discord server. > But maybe I'm misunderstanding something? Probably not, this is likely just an oversight/missed optimization.
kerem commented 2026-03-16 00:20:30 +03:00
Author
Owner
Copy link

@bluejekyll commented on GitHub (Feb 14, 2023):

On the discussions enablement, unless Discord is an issue, I'd prefer to keep the conversation in Discord, if people have a strong preference, then we can do that.

As to the caching of the additional records, yes, we should improve that. I can't remember the exact reasons why I didn't do that originally. I think I was concerned about validating authenticity...

<!-- gh-comment-id:1430527770 --> @bluejekyll commented on GitHub (Feb 14, 2023): On the discussions enablement, unless Discord is an issue, I'd prefer to keep the conversation in Discord, if people have a strong preference, then we can do that. As to the caching of the additional records, yes, we should improve that. I can't remember the exact reasons why I didn't do that originally. I think I was concerned about validating authenticity...
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
david/conformance-dnssec-negative-tests
prepare-0.26.1
release/0.26
query-api
opt-types
cname-nsec
no-cname-recursion
conformance-min-ttl
dname-base
drop-message-request
no-error-queries
cpu-sig0-rm-message-sig_dev
cpu-tsig-test-update_dev
windows-config
dnssec-net
release/0.25
opp-enc-persist
integration-test
cpu-tidying-recursor-opts_dev
happy-eyeballs
david/authoritative-zone-storage-trait
dnssec-ad
no-authority
release/0.24
pvdrz/remove-top-file
pvdrz/h3-handshake-timeout
pvdrz/quic-handshake-timeout
nxdomain-for-recursor
ja-test-merque-queue
ja-fix-ci-again
sz-add-ede-tests
sz-test-tc-bit-with-large-response
sz-fix-tokio-dependency
gh-2275-test-rrsig-signature
refactor-sign-zone-file
fix-1.79-cleanliness
update-nightly-hash
release/0.23
gh-pages
use-just-for-server-toml
release/0.22
revert-1874-cpu-zone-parse-default-class
disable-bind-compatibility-tests
disable-test_tls_client_stream_ipv4
update-native-tls-0.2.11
recursor-tests
fix-clippy-self
release/0.20
saethlin-fix-rdata-zero
release/0.19
flat_name
drop_unused_futures
release/0.18
release-r0.12-cs0.17
release/r0.12-cs0.17
trust-dns-book
r0.10
test-connections-not-dropped
fix_exec_status_on_rs_files
release-0.9
add-mutex-to-integration-tests
0.8_release
bfry/dns-crypt
v0.26.0
v0.26.0-beta.4
v0.26.0-beta.3
v0.26.0-beta.2
v0.26.0-beta.1
v0.26.0-alpha.1
v0.25.2
v0.25.1
v0.25.0
v0.24.4
v0.24.3
v0.25.0-alpha.5
v0.24.2
v0.25.0-alpha.4
v0.25.0-alpha.3
v0.25.0-alpha.2
v0.25.0-alpha.1
v0.24.1
v0.23.2
v0.24.0
v0.23.1
v0.23.0
v0.23.0-alpha.5
v0.23.0-alpha.4
v0.23.0-alpha.3
v0.22.1
v0.23.0-alpha.2
v0.23.0-alpha.1
v0.22.0
v0.21.2
v0.21.1
v0.21.0
v0.21.0-alpha.5
v0.20.4
v0.21.0-alpha.4
v0.21.0-alpha.3
v0.21.0-alpha.2
v0.21.0-alpha.1
v0.20.3
v0.20.2
v0.20.1
v0.19.7
v0.20.0
0.19.6
v0.20.0-alpha.3
v0.20.0-alpha.2
v0.20.0-alpha.1
0.19.5
0.19.4
0.19.3
0.19.0
0.18.1
0.18
0.18.0.alpha.2
r0.12_cs0.17
r0.11.1
cs0.16.1
r0.11
cs0.16
r0.10.1
r0.10.0
cs0.15.0
r0.9.1
v0.14.0
r0.9.0
r0.8.1
r0.8.0
v0.13.0
r0.7.0
c0.12.0
r0.6.0
r0.5.0
resolver.0.4.0
0.11.0
0.10.5
0.10.4
0.10.3
0.10.2
0.10.1
0.10.0
0.9.3
0.9.2
0.9.1
0.9.0
0.8.1
0.8.0
0.7.3
0.7.2
0.7.1
0.7.0
0.6.0
0.5.3
0.5.1
0.5.0
0.4.0
0.3.1
0.3.0
0.2.1
0.2.0
0.1.0
Labels
Clear labels   
blocked

   
breaking-change

   
bug

   
bug:critical

   
bug:tests

   
cleanup

   
compliance

   
compliance

   
compliance

   
crate:all

   
crate:client

   
crate:native-tls

   
crate:proto

   
crate:recursor

   
crate:resolver

   
crate:resolver

   
crate:rustls

   
crate:server

   
crate:util

   
dependencies

   
docs

   
duplicate

   
easy

   
easy

   
enhance

   
enhance

   
enhance

   
feature:dns-over-https

   
feature:dns-over-quic

   
feature:dns-over-tls

   
feature:dnsssec

   
feature:global_lb

   
feature:mdns

   
feature:tsig

   
features:edns

   
has workaround

   
ops

   
perf

   
platform:WASM

   
platform:android

   
platform:fuchsia

   
platform:linux

   
platform:macos

   
platform:windows

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
test

   
tools

   
tools

   
trust

   
unclear

   
wontfix
No labels
blocked
breaking-change
bug
bug:critical
bug:tests
cleanup
compliance
compliance
compliance
crate:all
crate:client
crate:native-tls
crate:proto
crate:recursor
crate:resolver
crate:resolver
crate:rustls
crate:server
crate:util
dependencies
docs
duplicate
easy
easy
enhance
enhance
enhance
feature:dns-over-https
feature:dns-over-quic
feature:dns-over-tls
feature:dnsssec
feature:global_lb
feature:mdns
feature:tsig
features:edns
has workaround
ops
perf
platform:WASM
platform:android
platform:fuchsia
platform:linux
platform:macos
platform:windows
pull-request
question
test
tools
tools
trust
unclear
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/hickory-dns#810
No description provided.