starred/hickory-dns
1
0
Fork 0
mirror of https://github.com/hickory-dns/hickory-dns.git synced 2026-04-25 03:05:51 +03:00
Code Issues 373 Projects Releases 6 Packages Wiki Activity

[GH-ISSUE #2206] 0.25 Release #919

New issue
Closed
opened 2026-03-16 00:53:24 +03:00 by kerem · 50 comments
kerem commented 2026-03-16 00:53:24 +03:00
Owner
Copy link

Originally created by @bluejekyll on GitHub (May 4, 2024).
Original GitHub issue: https://github.com/hickory-dns/hickory-dns/issues/2206

I want to start tracking what we need for the next release. I'm thinking it might be a good idea to start releasing some alphas, as I think we're waiting on a few upstream things. Thoughts?

  • upgrade ring
  • upgrade quinn
    ... others
Originally created by @bluejekyll on GitHub (May 4, 2024). Original GitHub issue: https://github.com/hickory-dns/hickory-dns/issues/2206 I want to start tracking what we need for the next release. I'm thinking it might be a good idea to start releasing some alphas, as I think we're waiting on a few upstream things. Thoughts? - [x] upgrade `ring` - [x] upgrade `quinn` ... others
kerem 2026-03-16 00:53:24 +03:00
  • closed this issue
  • added the
    crate:all
         label
kerem commented 2026-03-16 00:53:40 +03:00
Author
Owner
Copy link

@djc commented on GitHub (May 4, 2024):

I noticed that we now also depend on h3, so I started a PR for upgrading h3-quinn to Quinn 0.11 already.

<!-- gh-comment-id:2094339578 --> @djc commented on GitHub (May 4, 2024): I noticed that we now also depend on h3, so I started a PR for upgrading h3-quinn to Quinn 0.11 already.
kerem commented 2026-03-16 00:53:45 +03:00
Author
Owner
Copy link

@djc commented on GitHub (May 21, 2024):

Draft PR for the TLS upates in #2217.

<!-- gh-comment-id:2122356623 --> @djc commented on GitHub (May 21, 2024): Draft PR for the TLS upates in #2217.
kerem commented 2026-03-16 00:53:50 +03:00
Author
Owner
Copy link

@AaronKutch commented on GitHub (May 22, 2024):

the smallvec version and some other utility crates are quite old, could they be updated if it doesn't conflict with MSRV?

<!-- gh-comment-id:2125665304 --> @AaronKutch commented on GitHub (May 22, 2024): the `smallvec` version and some other utility crates are quite old, could they be updated if it doesn't conflict with MSRV?
kerem commented 2026-03-16 00:53:55 +03:00
Author
Owner
Copy link

@djc commented on GitHub (May 22, 2024):

@AaronKutch they should! If you want to help out with that, it would be greatly appreciated!

<!-- gh-comment-id:2125715928 --> @djc commented on GitHub (May 22, 2024): @AaronKutch they should! If you want to help out with that, it would be greatly appreciated!
kerem commented 2026-03-16 00:54:00 +03:00
Author
Owner
Copy link

@AaronKutch commented on GitHub (May 22, 2024):

Could I update several crates to only specify the minor version instead of patch version, when their repos indicate stricter MSRV guarantees (the last time a lot of them had their MSRV updated, it was to 1.56 because of syn 2)? E.x. most of the things that aren't async runtimes and ssl related stuff.

<!-- gh-comment-id:2125751867 --> @AaronKutch commented on GitHub (May 22, 2024): Could I update several crates to only specify the minor version instead of patch version, when their repos indicate stricter MSRV guarantees (the last time a lot of them had their MSRV updated, it was to 1.56 because of syn 2)? E.x. most of the things that aren't async runtimes and ssl related stuff.
kerem commented 2026-03-16 00:54:06 +03:00
Author
Owner
Copy link

@djc commented on GitHub (May 22, 2024):

I'm not sure what you mean? We don't want to pin dependencies for MSRV reasons -- we just keep the versions in Cargo.lock low enough that CI can still pass.

<!-- gh-comment-id:2125758781 --> @djc commented on GitHub (May 22, 2024): I'm not sure what you mean? We don't want to pin dependencies for MSRV reasons -- we just keep the versions in `Cargo.lock` low enough that CI can still pass.
kerem commented 2026-03-16 00:54:11 +03:00
Author
Owner
Copy link

@AaronKutch commented on GitHub (May 22, 2024):

In the workspace .toml, there are dependencies that specify down to the patch version, is that what pinning versions too specifically would mean? In most crates, the MSRV is only updated across minor version changes at most, with a few exceptions like the backtrace crate.

<!-- gh-comment-id:2125779399 --> @AaronKutch commented on GitHub (May 22, 2024): In the workspace .toml, there are dependencies that specify down to the patch version, is that what pinning versions too specifically would mean? In most crates, the MSRV is only updated across minor version changes at most, with a few exceptions like the `backtrace` crate.
kerem commented 2026-03-16 00:54:16 +03:00
Author
Owner
Copy link

@djc commented on GitHub (May 22, 2024):

I think you're misunderstanding how Cargo manifest dependency specifications work. In Cargo, dependencies without an explicit operator work like they have an implicit ^ operator, so any semver-compatible newer version can be used. Since there's not currently a smallvec 2.x version, our dependency specification is already compatible with the newest version of smallvec (and if you look at Cargo.lock you can see that we currently use 1.13.2 for testing).

So as far as I can tell from a quick glance, the only dependency where we're actually lagging is prefix-trie, which has recently had a 0.4.0 (and 0.4.1) release which we should pick up.

<!-- gh-comment-id:2125855239 --> @djc commented on GitHub (May 22, 2024): I think you're misunderstanding how Cargo manifest dependency specifications work. In Cargo, dependencies without an explicit operator work like they have an implicit `^` operator, so any semver-compatible newer version can be used. Since there's not currently a smallvec 2.x version, our dependency specification is already compatible with the newest version of smallvec (and if you look at `Cargo.lock` you can see that we currently use 1.13.2 for testing). So as far as I can tell from a quick glance, the only dependency where we're actually lagging is prefix-trie, which has recently had a 0.4.0 (and 0.4.1) release which we should pick up.
kerem commented 2026-03-16 00:54:21 +03:00
Author
Owner
Copy link

@AaronKutch commented on GitHub (May 22, 2024):

I think I have been misunderstanding how cargo updates versions this whole time. I always thought the way it worked was that if there were an array of x.y.z versions and "x" was specified, then cargo was allowed to update the y and z. If "x.y" was specified, then it could only update the z. Finally, if "x.y.z" were specified then it would fix it to that exact version. I did not realize it could jump to just any SemVer compatible version, I thought that was what the modifiers like >= did. It seems like ~ does what I expected, I don't know how I never noticed this. The only crates that can actually be updated right now by changing the .toml is h3*, prefix-trie, quinn, and rustls.

<!-- gh-comment-id:2125857420 --> @AaronKutch commented on GitHub (May 22, 2024): I think I have been misunderstanding how cargo updates versions this whole time. I always thought the way it worked was that if there were an array of x.y.z versions and "x" was specified, then cargo was allowed to update the y and z. If "x.y" was specified, then it could only update the z. Finally, if "x.y.z" were specified then it would fix it to that exact version. I did not realize it could jump to just any SemVer compatible version, I thought that was what the modifiers like `>=` did. It seems like `~` does what I expected, I don't know how I never noticed this. The only crates that can actually be updated right now by changing the .toml is `h3*`, `prefix-trie`, `quinn`, and `rustls`.
kerem commented 2026-03-16 00:54:26 +03:00
Author
Owner
Copy link

@djc commented on GitHub (May 23, 2024):

Most of those are taken care of in #2217, though.

<!-- gh-comment-id:2126240034 --> @djc commented on GitHub (May 23, 2024): Most of those are taken care of in #2217, though.
kerem commented 2026-03-16 00:54:31 +03:00
Author
Owner
Copy link

@NobodyXu commented on GitHub (Jul 28, 2024):

Now that quinn, rustls and ring is upgraded, can we have a new release please?

I'm looking forward to get rid of ring 0.16 workaround for aarch64-pc-windows-msvc from cargo-binstall

Than you for all the work on hickory-dns!

<!-- gh-comment-id:2254298079 --> @NobodyXu commented on GitHub (Jul 28, 2024): Now that quinn, rustls and ring is upgraded, can we have a new release please? I'm looking forward to get rid of ring 0.16 workaround for aarch64-pc-windows-msvc from cargo-binstall Than you for all the work on hickory-dns!
kerem commented 2026-03-16 00:54:36 +03:00
Author
Owner
Copy link

@bluejekyll commented on GitHub (Jul 28, 2024):

@djc, I’m happy to punish another alpha. Anything you think we need before then?

<!-- gh-comment-id:2254651450 --> @bluejekyll commented on GitHub (Jul 28, 2024): @djc, I’m happy to punish another alpha. Anything you think we need before then?
kerem commented 2026-03-16 00:54:41 +03:00
Author
Owner
Copy link

@djc commented on GitHub (Jul 28, 2024):

@bluejekyll why not just publish 0.25.0? It's been a long time.

(Or if not, maybe update the OP with a list of stuff that you'd like to see merged before release.)

<!-- gh-comment-id:2254660910 --> @djc commented on GitHub (Jul 28, 2024): @bluejekyll why not just publish 0.25.0? It's been a long time. (Or if not, maybe update the OP with a list of stuff that you'd like to see merged before release.)
kerem commented 2026-03-16 00:54:46 +03:00
Author
Owner
Copy link

@bluejekyll commented on GitHub (Jul 29, 2024):

I can do that, though, I thought we had discussed waiting for some of the recursor work to land, we’re still waiting on the nsec3 validation for example.

<!-- gh-comment-id:2254777462 --> @bluejekyll commented on GitHub (Jul 29, 2024): I can do that, though, I thought we had discussed waiting for some of the recursor work to land, we’re still waiting on the nsec3 validation for example.
kerem commented 2026-03-16 00:54:51 +03:00
Author
Owner
Copy link

@djc commented on GitHub (Jul 31, 2024):

There's always more to do -- I think it'd be okay if we do another semver-incompatible release in a few months (say, after the audit is complete), which would presumably not have all that large changes anyway. For now, IMO it's worthwhile to release all the changes we've accumulated over the past 10 months and allow people to get rid of all the duplicate dependencies from the rustls stack etc, and expose the current set of changes (including the RData overhaul, I think?) to a wider audience.

<!-- gh-comment-id:2260133813 --> @djc commented on GitHub (Jul 31, 2024): There's always more to do -- I think it'd be okay if we do another semver-incompatible release in a few months (say, after the audit is complete), which would presumably not have all that large changes anyway. For now, IMO it's worthwhile to release all the changes we've accumulated over the past 10 months and allow people to get rid of all the duplicate dependencies from the rustls stack etc, and expose the current set of changes (including the `RData` overhaul, I think?) to a wider audience.
kerem commented 2026-03-16 00:54:56 +03:00
Author
Owner
Copy link

@NobodyXu commented on GitHub (Aug 6, 2024):

Seconded, cc @bluejekyll we'd really want a new release of hickory-dns, to use ring 0.17 which added support for aarch64-pc-windows-msvc

<!-- gh-comment-id:2271531817 --> @NobodyXu commented on GitHub (Aug 6, 2024): Seconded, cc @bluejekyll we'd really want a new release of hickory-dns, to use ring 0.17 which added support for aarch64-pc-windows-msvc
kerem commented 2026-03-16 00:55:02 +03:00
Author
Owner
Copy link

@bluejekyll commented on GitHub (Aug 6, 2024):

I'm happy to publish 0.25, but I do want to see if we can get any feedback on the new UDP -> TCP logic in the resolver. If that bakes for a week or so with no issues, then we can do 0.25, sound good?

I just published 0.25.alpha.2 today.

<!-- gh-comment-id:2271569139 --> @bluejekyll commented on GitHub (Aug 6, 2024): I'm happy to publish 0.25, but I do want to see if we can get any feedback on the new UDP -> TCP logic in the resolver. If that bakes for a week or so with no issues, then we can do 0.25, sound good? I just published 0.25.alpha.2 today.
kerem commented 2026-03-16 00:55:07 +03:00
Author
Owner
Copy link

@NobodyXu commented on GitHub (Aug 7, 2024):

Thank you!

Release 0.25 in one week, if no one complains about 0.25.alpha.2 sounds good!

I could update cargo-binstall and cut a release as well, so that people could test it!

<!-- gh-comment-id:2273194281 --> @NobodyXu commented on GitHub (Aug 7, 2024): Thank you! Release 0.25 in one week, if no one complains about 0.25.alpha.2 sounds good! I could update cargo-binstall and cut a release as well, so that people could test it!
kerem commented 2026-03-16 00:55:12 +03:00
Author
Owner
Copy link

@NobodyXu commented on GitHub (Aug 10, 2024):

FYI I just published cargo-binstall v1.10.0 using 0.25.0-alpha.2, if there's any bug report related to hickory-dns, I'd forward them here

<!-- gh-comment-id:2280864164 --> @NobodyXu commented on GitHub (Aug 10, 2024): FYI I just published [cargo-binstall v1.10.0](https://github.com/cargo-bins/cargo-binstall/releases/tag/v1.10.0) using 0.25.0-alpha.2, if there's any bug report related to hickory-dns, I'd forward them here
kerem commented 2026-03-16 00:55:17 +03:00
Author
Owner
Copy link

@ibigbug commented on GitHub (Aug 30, 2024):

Hey guys, it's been a while, any updates?

<!-- gh-comment-id:2322115009 --> @ibigbug commented on GitHub (Aug 30, 2024): Hey guys, it's been a while, any updates?
kerem commented 2026-03-16 00:55:22 +03:00
Author
Owner
Copy link

@NobodyXu commented on GitHub (Aug 30, 2024):

@bluejekyll cargo-binstall has been using 0.25.0-alpha and we didn't receive any issue/bug reporting regarding dns

<!-- gh-comment-id:2322419923 --> @NobodyXu commented on GitHub (Aug 30, 2024): @bluejekyll cargo-binstall has been using 0.25.0-alpha and we didn't receive any issue/bug reporting regarding dns
kerem commented 2026-03-16 00:55:27 +03:00
Author
Owner
Copy link

@djc commented on GitHub (Sep 25, 2024):

Looking at open PRs, things that we might want to merge before release:

DNSSEC stuff:

Should finish this up, external contributor:

Not release blocking but good to merge:

<!-- gh-comment-id:2373398457 --> @djc commented on GitHub (Sep 25, 2024): Looking at open PRs, things that we might want to merge before release: - #2472 - #2470 - #2161 DNSSEC stuff: - #2457 - #2437 - #2393 - #2388 Should finish this up, external contributor: - #2199 Not release blocking but good to merge: - #2163
kerem commented 2026-03-16 00:55:32 +03:00
Author
Owner
Copy link

@NobodyXu commented on GitHub (Sep 25, 2024):

Would it make sense to use a more frequent/rolling release schedule?

I.e. it has been so long between release and that also make adoption of new features/bugfix longer than expected.

IMHO anything that does not change existing API probably shall not block a new 0.25.0, new features can always be added in a patch release.

<!-- gh-comment-id:2373714778 --> @NobodyXu commented on GitHub (Sep 25, 2024): Would it make sense to use a more frequent/rolling release schedule? I.e. it has been so long between release and that also make adoption of new features/bugfix longer than expected. IMHO anything that does not change existing API probably shall not block a new 0.25.0, new features can always be added in a patch release.
kerem commented 2026-03-16 00:55:37 +03:00
Author
Owner
Copy link

@djc commented on GitHub (Sep 25, 2024):

@NobodyXu what is the driver for you? Can you work with alpha/beta releases?

The reality is that no one is really funding maintenance of hickory-dns so although I've recently been spending a bunch of time during unemployment (and have been unable to find any organizations that wanted to fund my work maintaining Hickory DNS) there is always pretty limited capacity among maintainers. I think time from @bluejekyll who's effectively the lead maintainer has been especially scarce.

From the above PRs, most of these do actually change public API, only a few ones don't. From that perspective, I agree that #2437 and #2388 probably don't need to block the release, although they (along with #2428) stand in for a broader concept of robust DNSSEC.

Maybe it would be good to also have some governance discussion?

<!-- gh-comment-id:2373927737 --> @djc commented on GitHub (Sep 25, 2024): @NobodyXu what is the driver for you? Can you work with alpha/beta releases? The reality is that no one is really funding maintenance of hickory-dns so although I've recently been spending a bunch of time during unemployment (and have been unable to find any organizations that wanted to fund my work maintaining Hickory DNS) there is always pretty limited capacity among maintainers. I think time from @bluejekyll who's effectively the lead maintainer has been especially scarce. From the above PRs, most of these do actually change public API, only a few ones don't. From that perspective, I agree that #2437 and #2388 probably don't need to block the release, although they (along with #2428) stand in for a broader concept of robust DNSSEC. Maybe it would be good to also have some governance discussion?
kerem commented 2026-03-16 00:55:42 +03:00
Author
Owner
Copy link

@NobodyXu commented on GitHub (Sep 25, 2024):

@NobodyXu what is the driver for you?

Mainly for cargo-binstall, drop-in replacement for cargo-install which installs pre-built binaries.

Can you work with alpha/beta releases?

Yes, we are already using latest alpha version of hickory-dns.

The reality is that no one is really funding maintenance of hickory-dns so although I've recently been spending a bunch of time during unemployment (and have been unable to find any organizations that wanted to fund my work maintaining Hickory DNS)

Sorry mate, unemployment in today's economy is terrible time.

I'm willing to donate monthly to hickory-dns and send the link around social media as well.

From the above PRs, most of these do actually change public API, only a few ones don't.

Thanks, yeah then that makes sense to postpone the 0.25 release a bit, though I do hope we can get some alpha releases.

Maybe it would be good to also have some governance discussion?

I think we definitely would want the leadership council of rust-lang to provide some funding, or at least some help from them, like a blog post for hickory-dns to call for help and donation.

<!-- gh-comment-id:2373941787 --> @NobodyXu commented on GitHub (Sep 25, 2024): > @NobodyXu what is the driver for you? Mainly for cargo-binstall, drop-in replacement for cargo-install which installs pre-built binaries. > Can you work with alpha/beta releases? Yes, we are already using latest alpha version of hickory-dns. > The reality is that no one is really funding maintenance of hickory-dns so although I've recently been spending a bunch of time during unemployment (and have been unable to find any organizations that wanted to fund my work maintaining Hickory DNS) Sorry mate, unemployment in today's economy is terrible time. I'm willing to donate monthly to hickory-dns and send the link around social media as well. > From the above PRs, most of these do actually change public API, only a few ones don't. Thanks, yeah then that makes sense to postpone the 0.25 release a bit, though I do hope we can get some alpha releases. > Maybe it would be good to also have some governance discussion? I think we definitely would want the leadership council of rust-lang to provide some funding, or at least some help from them, like a blog post for hickory-dns to call for help and donation.
kerem commented 2026-03-16 00:55:47 +03:00
Author
Owner
Copy link

@djc commented on GitHub (Sep 25, 2024):

The reality is that no one is really funding maintenance of hickory-dns so although I've recently been spending a bunch of time during unemployment (and have been unable to find any organizations that wanted to fund my work maintaining Hickory DNS)

Sorry mate, unemployment in today's economy is terrible time.

I'm willing to donate monthly to hickory-dns and send the link around social media as well.

My unemployment isn't really a big deal and I don't think personal donations are necessarily the best solution, but I do think organizations relying on hickory-dns in some way should help sustain the continued maintenance.

From the above PRs, most of these do actually change public API, only a few ones don't.

Thanks, yeah then that makes sense to postpone the 0.25 release a bit, though I do hope we can get some alpha releases.

I think it would make sense to proactively drop another set of alpha releases, but would be good to hear what @bluejekyll thinks.

Maybe it would be good to also have some governance discussion?

I think we definitely would want the leadership council of rust-lang to provide some funding, or at least some help from them, like a blog post for hickory-dns to call for help and donation.

Sorry -- by governance I meant more how we run the project in terms of whether we have some kind of release schedule, what maintainers are responsible for what. I'm not sure Hickory DNS rises to a level where the Foundation or Project would need/want to have a call to funding -- I imagine many projects would want that kind of attention.

<!-- gh-comment-id:2373951547 --> @djc commented on GitHub (Sep 25, 2024): > > The reality is that no one is really funding maintenance of hickory-dns so although I've recently been spending a bunch of time during unemployment (and have been unable to find any organizations that wanted to fund my work maintaining Hickory DNS) > > Sorry mate, unemployment in today's economy is terrible time. > > I'm willing to donate monthly to hickory-dns and send the link around social media as well. My unemployment isn't really a big deal and I don't think personal donations are necessarily the best solution, but I do think organizations relying on hickory-dns in some way should help sustain the continued maintenance. > > From the above PRs, most of these do actually change public API, only a few ones don't. > > Thanks, yeah then that makes sense to postpone the 0.25 release a bit, though I do hope we can get some alpha releases. I think it would make sense to proactively drop another set of alpha releases, but would be good to hear what @bluejekyll thinks. > > Maybe it would be good to also have some governance discussion? > > I think we definitely would want the leadership council of rust-lang to provide some funding, or at least some help from them, like a blog post for hickory-dns to call for help and donation. Sorry -- by governance I meant more how we run the project in terms of whether we have some kind of release schedule, what maintainers are responsible for what. I'm not sure Hickory DNS rises to a level where the Foundation or Project would need/want to have a call to funding -- I imagine many projects would want that kind of attention.
kerem commented 2026-03-16 00:55:52 +03:00
Author
Owner
Copy link

@NobodyXu commented on GitHub (Sep 25, 2024):

Sorry -- by governance I meant more how we run the project in terms of whether we have some kind of release schedule, what maintainers are responsible for what.

True, I believe it shall have more small, incremental patch releases.

I'm not sure Hickory DNS rises to a level where the Foundation or Project would need/want to have a call to funding -- I imagine many projects would want that kind of attention.

I do think hickory-dns worths the attention of foundation, it's something does worth raising.

<!-- gh-comment-id:2374374125 --> @NobodyXu commented on GitHub (Sep 25, 2024): > Sorry -- by governance I meant more how we run the project in terms of whether we have some kind of release schedule, what maintainers are responsible for what. True, I believe it shall have more small, incremental patch releases. > I'm not sure Hickory DNS rises to a level where the Foundation or Project would need/want to have a call to funding -- I imagine many projects would want that kind of attention. I do think hickory-dns worths the attention of foundation, it's something does worth raising.
kerem commented 2026-03-16 00:55:57 +03:00
Author
Owner
Copy link

@bluejekyll commented on GitHub (Sep 26, 2024):

@NobodyXu, I hear you. It's good seeing so much interest in the project, but also to leave us a little breathing room and time to discover issues before "major" releases (until we hit 1.0), my goal is to make sure that disruptive changes have time to bake. That's why we're doing alpha releases.

I'm always happy to push new alpha releases off the current mainline, but I'm uncomfortable publishing major releases as that will increase the burden on our limited contribution time.

Is the discovery of the alpha releases the primary issue that you're worried about?

<!-- gh-comment-id:2375805083 --> @bluejekyll commented on GitHub (Sep 26, 2024): @NobodyXu, I hear you. It's good seeing so much interest in the project, but also to leave us a little breathing room and time to discover issues before "major" releases (until we hit 1.0), my goal is to make sure that disruptive changes have time to bake. That's why we're doing alpha releases. I'm always happy to push new alpha releases off the current mainline, but I'm uncomfortable publishing major releases as that will increase the burden on our limited contribution time. Is the discovery of the alpha releases the primary issue that you're worried about?
kerem commented 2026-03-16 00:56:03 +03:00
Author
Owner
Copy link

@NobodyXu commented on GitHub (Sep 26, 2024):

I'm always happy to push new alpha releases off the current mainline

Yeah that'd be good enough for me.

Is the discovery of the alpha releases the primary issue that you're worried about?

hmm no, I was worried that the hickory-dns project does not receive enough help/attention.

<!-- gh-comment-id:2376532695 --> @NobodyXu commented on GitHub (Sep 26, 2024): > I'm always happy to push new alpha releases off the current mainline Yeah that'd be good enough for me. > Is the discovery of the alpha releases the primary issue that you're worried about? hmm no, I was worried that the hickory-dns project does not receive enough help/attention.
kerem commented 2026-03-16 00:56:08 +03:00
Author
Owner
Copy link

@djc commented on GitHub (Sep 27, 2024):

@bluejekyll can you take care of doing another alpha release? I'm not sure how you did the changelog for the last one.

<!-- gh-comment-id:2380023334 --> @djc commented on GitHub (Sep 27, 2024): @bluejekyll can you take care of doing another alpha release? I'm not sure how you did the changelog for the last one.
kerem commented 2026-03-16 00:56:13 +03:00
Author
Owner
Copy link

@johnhtodd commented on GitHub (Nov 8, 2024):

Hi - fairly new to paying attention to the project, so apologies if my once-over on the notes above is a bit naïve.

On the topic of funding (which is sadly near to my focus for $dayjob): NLNet Labs might fund a bit of this work (despite possibly a conflict of interest) because it's great to have a variety of standards-based DNS tools. Also, you may want to talk to the German Sovereign Fund, as this might be up their alley. Also perhaps Comcast, who does sponsorships for this kind of work. All these funders are very interested in encryption and security of the DNS, especially where they can be used as "libraries" for inclusion into other packages. Do you participate at all in DNS-OARC? You may consider it, if not.

My interest in the release is also funding-related, indirectly. We (Quad9) are using Hickory-DNS embedded in Vector (https://vector.dev/) as Vector is our primary dnstap ingestion/aggregation platform. We have some funding opportunities related to DNSSEC reporting, and those in turn hinge on correct and complete EDE reporting. There was a recent PR (https://github.com/hickory-dns/hickory-dns/pull/2151) we sponsored that permits multiple EDNS messages, but I suspect the Vector team will only integrate after a formal release and not from an alpha.

Are there any guesses as to when a "release" candidate will next be ready? The lack of a release gates a lot of complexity on our side for compiling custom versions of Vector.

Lastly: we (directly) might be able to put some funding together or fund some patches for development of test functionality for EDSR (https://datatracker.ietf.org/doc/draft-jt-add-dns-server-redirection/) or for authoritative DOT (server or client - https://engineering.fb.com/2018/12/21/security/dns-over-tls/ or https://blog.powerdns.com/2022/06/13/probing-dot-support-of-authoritative-servers-just-try-it) - should I start another thread on that somewhere as an issue?

<!-- gh-comment-id:2464362963 --> @johnhtodd commented on GitHub (Nov 8, 2024): Hi - fairly new to paying attention to the project, so apologies if my once-over on the notes above is a bit naïve. On the topic of funding (which is sadly near to my focus for $dayjob): NLNet Labs might fund a bit of this work (despite possibly a conflict of interest) because it's great to have a variety of standards-based DNS tools. Also, you may want to talk to the German Sovereign Fund, as this might be up their alley. Also perhaps Comcast, who does sponsorships for this kind of work. All these funders are very interested in encryption and security of the DNS, especially where they can be used as "libraries" for inclusion into other packages. Do you participate at all in DNS-OARC? You may consider it, if not. My interest in the release is also funding-related, indirectly. We (Quad9) are using Hickory-DNS embedded in Vector (https://vector.dev/) as Vector is our primary dnstap ingestion/aggregation platform. We have some funding opportunities related to DNSSEC reporting, and those in turn hinge on correct and complete EDE reporting. There was a recent PR (https://github.com/hickory-dns/hickory-dns/pull/2151) we sponsored that permits multiple EDNS messages, but I suspect the Vector team will only integrate after a formal release and not from an alpha. Are there any guesses as to when a "release" candidate will next be ready? The lack of a release gates a lot of complexity on our side for compiling custom versions of Vector. Lastly: we (directly) might be able to put some funding together or fund some patches for development of test functionality for EDSR (https://datatracker.ietf.org/doc/draft-jt-add-dns-server-redirection/) or for authoritative DOT (server or client - https://engineering.fb.com/2018/12/21/security/dns-over-tls/ or https://blog.powerdns.com/2022/06/13/probing-dot-support-of-authoritative-servers-just-try-it) - should I start another thread on that somewhere as an issue?
kerem commented 2026-03-16 00:56:18 +03:00
Author
Owner
Copy link

@djc commented on GitHub (Nov 8, 2024):

@johnhtodd thanks for joining this conversation!

On the topic of funding (which is sadly near to my focus for $dayjob): NLNet Labs might fund a bit of this work (despite possibly a conflict of interest) because it's great to have a variety of standards-based DNS tools. Also, you may want to talk to the German Sovereign Fund, as this might be up their alley. Also perhaps Comcast, who does sponsorships for this kind of work. All these funders are very interested in encryption and security of the DNS, especially where they can be used as "libraries" for inclusion into other packages. Do you participate at all in DNS-OARC? You may consider it, if not.

So I left my job a few months ago and have since been trying to find funding for my open source work, and have been doing a bunch of Hickory DNS work in parallel. I did apply for a fellowship from the Sovereign Tech Fund. Do you have any contacts at Comcast? I am not sure what DNS-OARC is, do you have more context on that?

Are there any guesses as to when a "release" candidate will next be ready? The lack of a release gates a lot of complexity on our side for compiling custom versions of Vector.

I think we're going to try and get another alpha out today.

Lastly: we (directly) might be able to put some funding together or fund some patches for development of test functionality for EDSR (https://datatracker.ietf.org/doc/draft-jt-add-dns-server-redirection/) or for authoritative DOT (server or client - https://engineering.fb.com/2018/12/21/security/dns-over-tls/ or https://blog.powerdns.com/2022/06/13/probing-dot-support-of-authoritative-servers-just-try-it) - should I start another thread on that somewhere as an issue?

I would be interested in that, perhaps DM me on Discord or just email me so we can set up video call? (We do have some support for DoT already and I did at least previously build a Hickory-based authoritative server for Instant Domains, although it looks like we only enabled UDP and TCP in that server.)

<!-- gh-comment-id:2464869523 --> @djc commented on GitHub (Nov 8, 2024): @johnhtodd thanks for joining this conversation! > On the topic of funding (which is sadly near to my focus for $dayjob): NLNet Labs might fund a bit of this work (despite possibly a conflict of interest) because it's great to have a variety of standards-based DNS tools. Also, you may want to talk to the German Sovereign Fund, as this might be up their alley. Also perhaps Comcast, who does sponsorships for this kind of work. All these funders are very interested in encryption and security of the DNS, especially where they can be used as "libraries" for inclusion into other packages. Do you participate at all in DNS-OARC? You may consider it, if not. So I left my job a few months ago and have since been trying to find funding for my open source work, and have been doing a bunch of Hickory DNS work in parallel. I did apply for a fellowship from the Sovereign Tech Fund. Do you have any contacts at Comcast? I am not sure what DNS-OARC is, do you have more context on that? > Are there any guesses as to when a "release" candidate will next be ready? The lack of a release gates a lot of complexity on our side for compiling custom versions of Vector. I think we're going to try and get another alpha out today. > Lastly: we (directly) might be able to put some funding together or fund some patches for development of test functionality for EDSR (https://datatracker.ietf.org/doc/draft-jt-add-dns-server-redirection/) or for authoritative DOT (server or client - https://engineering.fb.com/2018/12/21/security/dns-over-tls/ or https://blog.powerdns.com/2022/06/13/probing-dot-support-of-authoritative-servers-just-try-it) - should I start another thread on that somewhere as an issue? I would be interested in that, perhaps DM me on Discord or just email me so we can set up video call? (We do have some support for DoT already and I did at least previously build a Hickory-based authoritative server for Instant Domains, although it looks like we only enabled UDP and TCP in that server.)
kerem commented 2026-03-16 00:56:23 +03:00
Author
Owner
Copy link

@djc commented on GitHub (Nov 8, 2024):

Preparing 0.25.0-alpha.3 here:

<!-- gh-comment-id:2464901880 --> @djc commented on GitHub (Nov 8, 2024): Preparing 0.25.0-alpha.3 here: - #2561
kerem commented 2026-03-16 00:56:28 +03:00
Author
Owner
Copy link

@djc commented on GitHub (Nov 8, 2024):

The 0.25.0-alpha.3 release has been published. This is really the latest and greatest version of the project, and the alpha tag merely means that we're finishing up some remaining issues and making a few more semver-incompatible changes.

<!-- gh-comment-id:2465676600 --> @djc commented on GitHub (Nov 8, 2024): The 0.25.0-alpha.3 release has been published. This is really the latest and greatest version of the project, and the alpha tag merely means that we're finishing up some remaining issues and making a few more semver-incompatible changes.
kerem commented 2026-03-16 00:56:33 +03:00
Author
Owner
Copy link

@zonyitoo commented on GitHub (Dec 1, 2024):

@djc When will v0.25 release? Could we expect that it will be released in early December?

<!-- gh-comment-id:2509532187 --> @zonyitoo commented on GitHub (Dec 1, 2024): @djc When will v0.25 release? Could we expect that it will be released in early December?
kerem commented 2026-03-16 00:56:38 +03:00
Author
Owner
Copy link

@djc commented on GitHub (Dec 2, 2024):

I have high hopes that it could be released in the first half of December, but since there is no funding for this work: no guarantees.

<!-- gh-comment-id:2511154019 --> @djc commented on GitHub (Dec 2, 2024): I have high hopes that it could be released in the first half of December, but since there is no funding for this work: no guarantees.
kerem commented 2026-03-16 00:56:43 +03:00
Author
Owner
Copy link

@djc commented on GitHub (Dec 9, 2024):

Okay, here's what I'd like to merge before releasing. I guess this is pretty ambitious: I have a bunch of time to get stuff done, but I depend on others for reviews so not sure if releasing in December is feasible with this plan.

  • Add support for aws-lc-rs as a protocol/DNSSEC backend
    • Would like to remove OpenSSL and native-tls first
    • Adding aws-lc-rs after this should be fairly straightforward, since aws-lc-rs mimics the ring API
  • #2560
    • I think this is mostly done
  • #2678
  • #2735
    • Group of issues around TLS configuration, see also
    • #2579
      • Waiting for review, should be one or two more PRs after that
  • #2666
    • Doesn't change the API so could technically be released later
<!-- gh-comment-id:2528322847 --> @djc commented on GitHub (Dec 9, 2024): Okay, here's what I'd like to merge before releasing. I guess this is pretty ambitious: I have a bunch of time to get stuff done, but I depend on others for reviews so not sure if releasing in December is feasible with this plan. - [ ] Add support for aws-lc-rs as a protocol/DNSSEC backend - Would like to remove OpenSSL and native-tls first - [x] #2656 - Adding aws-lc-rs after this should be fairly straightforward, since aws-lc-rs mimics the *ring* API - [x] #2560 - I think this is mostly done - [x] #2678 - [x] #2735 - Group of issues around TLS configuration, see also - #2031 - [x] #2579 - Waiting for review, should be one or two more PRs after that - [x] #2666 - Doesn't change the API so could technically be released later
kerem commented 2026-03-16 00:56:48 +03:00
Author
Owner
Copy link

@zonyitoo commented on GitHub (Dec 31, 2024):

Happy New Year 2025. @djc

<!-- gh-comment-id:2566110826 --> @zonyitoo commented on GitHub (Dec 31, 2024): Happy New Year 2025. @djc
kerem commented 2026-03-16 00:56:53 +03:00
Author
Owner
Copy link

@NobodyXu commented on GitHub (Feb 8, 2025):

Feature dns-over-native-tls seems to be removed from hickory-resolver but the document isn't updated, is that intended @djc ?

It's also not included in release changelog

<!-- gh-comment-id:2644432525 --> @NobodyXu commented on GitHub (Feb 8, 2025): Feature dns-over-native-tls seems to be removed from hickory-resolver but the document isn't updated, is that intended @djc ? It's also not included in release changelog
kerem commented 2026-03-16 00:56:59 +03:00
Author
Owner
Copy link

@djc commented on GitHub (Feb 8, 2025):

@NobodyXu not intended, would be great if you can submit a PR!

<!-- gh-comment-id:2645733154 --> @djc commented on GitHub (Feb 8, 2025): @NobodyXu not intended, would be great if you can submit a PR!
kerem commented 2026-03-16 00:57:04 +03:00
Author
Owner
Copy link

@NobodyXu commented on GitHub (Feb 9, 2025):

cc @djc Based on the commits it seems that removing of it is actually intended, but the documentation didn't get updated?

github.com/hickory-dns/hickory-dns@ca22ea794c
github.com/hickory-dns/hickory-dns@df8eab62b7

To be fair, I prefer rustls over native-tls and I'm ok with sunsetting openSSL, I just want to double check if it's actually removed as it breaks my CI but the feature doc in docs.rs says it's still supported, so a bit confusing for me.

I could open a PR to update the documentation to remove doc for feature dns-over-native-tls

<!-- gh-comment-id:2646298005 --> @NobodyXu commented on GitHub (Feb 9, 2025): cc @djc Based on the commits it seems that removing of it is actually intended, but the documentation didn't get updated? https://github.com/hickory-dns/hickory-dns/commit/ca22ea794cdac221c69c6a77cbbcd38653374398 https://github.com/hickory-dns/hickory-dns/commit/df8eab62b7d82cea65b58ff1bea591b87ae57be8 To be fair, I prefer rustls over native-tls and I'm ok with sunsetting openSSL, I just want to double check if it's actually removed as it breaks my CI but the feature doc in docs.rs says it's still supported, so a bit confusing for me. I could open a PR to update the documentation to remove doc for feature dns-over-native-tls
kerem commented 2026-03-16 00:57:09 +03:00
Author
Owner
Copy link

@djc commented on GitHub (Feb 9, 2025):

Yes, that's what I meant -- the removal was intended, the lack of documentation changes is an oversight.

<!-- gh-comment-id:2646299053 --> @djc commented on GitHub (Feb 9, 2025): Yes, that's what I meant -- the removal was intended, the lack of documentation changes is an oversight.
kerem commented 2026-03-16 00:57:14 +03:00
Author
Owner
Copy link

@NobodyXu commented on GitHub (Feb 9, 2025):

Thanks for clarification, opened #2758

<!-- gh-comment-id:2646318557 --> @NobodyXu commented on GitHub (Feb 9, 2025): Thanks for clarification, opened #2758
kerem commented 2026-03-16 00:57:19 +03:00
Author
Owner
Copy link

@jcgruenhage commented on GitHub (Feb 18, 2025):

0.25.0 has been pushed into the future for quite a long time by now. What's actually still missing before we can have a final release candidate and then a proper release if that RC doesn't surface any major problems?

<!-- gh-comment-id:2665326180 --> @jcgruenhage commented on GitHub (Feb 18, 2025): 0.25.0 has been pushed into the future for quite a long time by now. What's actually still missing before we can have a final release candidate and then a proper release if that RC doesn't surface any major problems?
kerem commented 2026-03-16 00:57:24 +03:00
Author
Owner
Copy link

@djc commented on GitHub (Feb 18, 2025):

<!-- gh-comment-id:2665493042 --> @djc commented on GitHub (Feb 18, 2025): - [x] #2778 - [x] #2802
kerem commented 2026-03-16 00:57:29 +03:00
Author
Owner
Copy link

@djc commented on GitHub (Feb 26, 2025):

I think we're pretty much ready to go with these final changes:

<!-- gh-comment-id:2684843731 --> @djc commented on GitHub (Feb 26, 2025): I think we're pretty much ready to go with these final changes: - [x] #2803 - [x] #2805 - [x] #2804
kerem commented 2026-03-16 00:57:34 +03:00
Author
Owner
Copy link

@jcgruenhage commented on GitHub (Feb 28, 2025):

Thanks @djc for pushing this through! :)

I see all the PRs/issues linked here merged, the version bump and changelog merged on main, but the releases aren't uploaded to crates.io yet and there is no tag yet either.

Anything we can still help with? Happy to test c141df9468 in my projects for example.

<!-- gh-comment-id:2690496209 --> @jcgruenhage commented on GitHub (Feb 28, 2025): Thanks @djc for pushing this through! :) I see all the PRs/issues linked here merged, the version bump and changelog merged on main, but the releases aren't uploaded to crates.io yet and there is no tag yet either. Anything we can still help with? Happy to test c141df9468b4039976ff1fcb298b6e9c84798520 in my projects for example.
kerem commented 2026-03-16 00:57:39 +03:00
Author
Owner
Copy link

@djc commented on GitHub (Feb 28, 2025):

I'm basically done, @bluejekyll mentioned he wanted to have a look before release. Rest assured that I will mention here when the release has been published.

<!-- gh-comment-id:2690515165 --> @djc commented on GitHub (Feb 28, 2025): I'm basically done, @bluejekyll mentioned he wanted to have a look before release. Rest assured that I will mention here when the release has been published.
kerem commented 2026-03-16 00:57:44 +03:00
Author
Owner
Copy link

@djc commented on GitHub (Mar 10, 2025):

FWIW, we're now holding the release for a fix for the #2428 regression.

<!-- gh-comment-id:2711919148 --> @djc commented on GitHub (Mar 10, 2025): FWIW, we're now holding the release for a fix for the #2428 regression.
kerem commented 2026-03-16 00:57:49 +03:00
Author
Owner
Copy link

@djc commented on GitHub (Mar 18, 2025):

It is done. Sorry that it took so long -- go forth and upgrade!

<!-- gh-comment-id:2734723653 --> @djc commented on GitHub (Mar 18, 2025): It is [done](https://github.com/hickory-dns/hickory-dns/releases/tag/v0.25.0). Sorry that it took so long -- go forth and upgrade!
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
david/conformance-dnssec-negative-tests
prepare-0.26.1
release/0.26
query-api
opt-types
cname-nsec
no-cname-recursion
conformance-min-ttl
dname-base
drop-message-request
no-error-queries
cpu-sig0-rm-message-sig_dev
cpu-tsig-test-update_dev
windows-config
dnssec-net
release/0.25
opp-enc-persist
integration-test
cpu-tidying-recursor-opts_dev
happy-eyeballs
david/authoritative-zone-storage-trait
dnssec-ad
no-authority
release/0.24
pvdrz/remove-top-file
pvdrz/h3-handshake-timeout
pvdrz/quic-handshake-timeout
nxdomain-for-recursor
ja-test-merque-queue
ja-fix-ci-again
sz-add-ede-tests
sz-test-tc-bit-with-large-response
sz-fix-tokio-dependency
gh-2275-test-rrsig-signature
refactor-sign-zone-file
fix-1.79-cleanliness
update-nightly-hash
release/0.23
gh-pages
use-just-for-server-toml
release/0.22
revert-1874-cpu-zone-parse-default-class
disable-bind-compatibility-tests
disable-test_tls_client_stream_ipv4
update-native-tls-0.2.11
recursor-tests
fix-clippy-self
release/0.20
saethlin-fix-rdata-zero
release/0.19
flat_name
drop_unused_futures
release/0.18
release-r0.12-cs0.17
release/r0.12-cs0.17
trust-dns-book
r0.10
test-connections-not-dropped
fix_exec_status_on_rs_files
release-0.9
add-mutex-to-integration-tests
0.8_release
bfry/dns-crypt
v0.26.0
v0.26.0-beta.4
v0.26.0-beta.3
v0.26.0-beta.2
v0.26.0-beta.1
v0.26.0-alpha.1
v0.25.2
v0.25.1
v0.25.0
v0.24.4
v0.24.3
v0.25.0-alpha.5
v0.24.2
v0.25.0-alpha.4
v0.25.0-alpha.3
v0.25.0-alpha.2
v0.25.0-alpha.1
v0.24.1
v0.23.2
v0.24.0
v0.23.1
v0.23.0
v0.23.0-alpha.5
v0.23.0-alpha.4
v0.23.0-alpha.3
v0.22.1
v0.23.0-alpha.2
v0.23.0-alpha.1
v0.22.0
v0.21.2
v0.21.1
v0.21.0
v0.21.0-alpha.5
v0.20.4
v0.21.0-alpha.4
v0.21.0-alpha.3
v0.21.0-alpha.2
v0.21.0-alpha.1
v0.20.3
v0.20.2
v0.20.1
v0.19.7
v0.20.0
0.19.6
v0.20.0-alpha.3
v0.20.0-alpha.2
v0.20.0-alpha.1
0.19.5
0.19.4
0.19.3
0.19.0
0.18.1
0.18
0.18.0.alpha.2
r0.12_cs0.17
r0.11.1
cs0.16.1
r0.11
cs0.16
r0.10.1
r0.10.0
cs0.15.0
r0.9.1
v0.14.0
r0.9.0
r0.8.1
r0.8.0
v0.13.0
r0.7.0
c0.12.0
r0.6.0
r0.5.0
resolver.0.4.0
0.11.0
0.10.5
0.10.4
0.10.3
0.10.2
0.10.1
0.10.0
0.9.3
0.9.2
0.9.1
0.9.0
0.8.1
0.8.0
0.7.3
0.7.2
0.7.1
0.7.0
0.6.0
0.5.3
0.5.1
0.5.0
0.4.0
0.3.1
0.3.0
0.2.1
0.2.0
0.1.0
Labels
Clear labels   
blocked

   
breaking-change

   
bug

   
bug:critical

   
bug:tests

   
cleanup

   
compliance

   
compliance

   
compliance

   
crate:all

   
crate:client

   
crate:native-tls

   
crate:proto

   
crate:recursor

   
crate:resolver

   
crate:resolver

   
crate:rustls

   
crate:server

   
crate:util

   
dependencies

   
docs

   
duplicate

   
easy

   
easy

   
enhance

   
enhance

   
enhance

   
feature:dns-over-https

   
feature:dns-over-quic

   
feature:dns-over-tls

   
feature:dnsssec

   
feature:global_lb

   
feature:mdns

   
feature:tsig

   
features:edns

   
has workaround

   
ops

   
perf

   
platform:WASM

   
platform:android

   
platform:fuchsia

   
platform:linux

   
platform:macos

   
platform:windows

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
test

   
tools

   
tools

   
trust

   
unclear

   
wontfix
No labels
blocked
breaking-change
bug
bug:critical
bug:tests
cleanup
compliance
compliance
compliance
crate:all
crate:client
crate:native-tls
crate:proto
crate:recursor
crate:resolver
crate:resolver
crate:rustls
crate:server
crate:util
dependencies
docs
duplicate
easy
easy
enhance
enhance
enhance
feature:dns-over-https
feature:dns-over-quic
feature:dns-over-tls
feature:dnsssec
feature:global_lb
feature:mdns
feature:tsig
features:edns
has workaround
ops
perf
platform:WASM
platform:android
platform:fuchsia
platform:linux
platform:macos
platform:windows
pull-request
question
test
tools
tools
trust
unclear
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/hickory-dns#919
No description provided.