{"id":13558370,"url":"https://github.com/hickory-dns/hickory-dns","last_synced_at":"2026-04-02T23:06:23.044Z","repository":{"id":36088319,"uuid":"40389144","full_name":"hickory-dns/hickory-dns","owner":"hickory-dns","description":"A Rust based DNS client, server, and resolver","archived":false,"fork":false,"pushed_at":"2025-05-01T10:02:00.000Z","size":20423,"stargazers_count":4488,"open_issues_count":289,"forks_count":497,"subscribers_count":49,"default_branch":"main","last_synced_at":"2025-05-01T11:46:42.270Z","etag":null,"topics":["dns","dns-client","dns-server","dnssec","dynamic-dns","hickory-dns","rust","rust-lang","trust-dns"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/hickory-dns.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE-APACHE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":"audit/2024-10-25-x41.pdf","citation":null,"codeowners":".github/CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2015-08-08T02:47:12.000Z","updated_at":"2025-05-01T10:02:03.000Z","dependencies_parsed_at":"2023-10-20T16:51:23.624Z","dependency_job_id":"3bf0934a-5d6a-4c96-833e-c0eb9230dc54","html_url":"https://github.com/hickory-dns/hickory-dns","commit_stats":{"total_commits":3288,"total_committers":230,"mean_commits":"14.295652173913043","dds":0.5395377128953771,"last_synced_commit":"6eb9237d3fbc0891a2ca3650807eb7bc0eda9862"},"previous_names":["bluejekyll/trust-dns"],"tags_count":93,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hickory-dns%2Fhickory-dns","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hickory-dns%2Fhickory-dns/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hickory-dns%2Fhickory-dns/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hickory-dns%2Fhickory-dns/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hickory-dns","download_url":"https://codeload.github.com/hickory-dns/hickory-dns/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":251885167,"owners_count":21659819,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dns","dns-client","dns-server","dnssec","dynamic-dns","hickory-dns","rust","rust-lang","trust-dns"],"created_at":"2024-08-01T12:04:54.956Z","updated_at":"2026-04-02T23:06:23.036Z","avatar_url":"https://github.com/hickory-dns.png","language":"Rust","funding_links":[],"categories":["Rust","rust","Applications"],"sub_categories":[],"readme":"[![Build Status](https://github.com/hickory-dns/hickory-dns/workflows/test/badge.svg?branch=main)](https://github.com/hickory-dns/hickory-dns/actions?query=workflow%3Atest)\n[![codecov](https://codecov.io/gh/hickory-dns/hickory-dns/branch/main/graph/badge.svg)](https://codecov.io/gh/hickory-dns/hickory-dns)\n[![License: MIT](https://img.shields.io/badge/license-MIT-blue.svg)](LICENSE-MIT)\n[![License: Apache 2.0](https://img.shields.io/badge/license-Apache_2.0-blue.svg)](LICENSE-APACHE)\n[![Discord](https://img.shields.io/discord/590067103822774272.svg)](https://discord.gg/89nxE4n)\n\n\u003cdiv class=\"oranda-hide\"\u003e\n\n![Hickory DNS](logo.png)\n\n# Hickory DNS\n\n\u003c/div\u003e\n\nA Rust based DNS client, server, and resolver, built to be safe and secure from the\nground up.\n\nThis repo consists of multiple crates:\n\n| Library         | Description                                                                                                                                                                                                                                                                                                                      |\n| --------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |\n| [**Hickory DNS**](bin/)             | [![](https://img.shields.io/crates/v/hickory-dns.svg)](https://crates.io/crates/hickory-dns) Provides the `hickory-dns` binary for running a DNS server.                                                                                                                                                                         |\n| [**Proto**](crates/proto/)          | [![](https://img.shields.io/crates/v/hickory-proto.svg)](https://crates.io/crates/hickory-proto) [![hickory-proto](https://docs.rs/hickory-proto/badge.svg)](https://docs.rs/hickory-proto) Low-level DNS library, including message encoding/decoding and DNS transports.                                                       |\n| [**Client**](crates/client/)        | [![](https://img.shields.io/crates/v/hickory-client.svg)](https://crates.io/crates/hickory-client) [![hickory-client](https://docs.rs/hickory-client/badge.svg)](https://docs.rs/hickory-client) Used for sending `query`, `update`, and `notify` messages directly to a DNS server.                                             |\n| [**Server**](crates/server/)        | [![](https://img.shields.io/crates/v/hickory-server.svg)](https://crates.io/crates/hickory-server) [![hickory-server](https://docs.rs/hickory-server/badge.svg)](https://docs.rs/hickory-server) Used to build DNS servers. The `hickory-dns` binary makes use of this library.                                                  |\n| [**Resolver**](crates/resolver/)    | [![](https://img.shields.io/crates/v/hickory-resolver.svg)](https://crates.io/crates/hickory-resolver) [![hickory-resolver](https://docs.rs/hickory-resolver/badge.svg)](https://docs.rs/hickory-resolver) Utilizes the client library to perform DNS resolution. Can be used in place of the standard OS resolution facilities. |\n| [**Recursor**](crates/recursor/)    | [![](https://img.shields.io/crates/v/hickory-recursor.svg)](https://crates.io/crates/hickory-recursor) [![hickory-recursor](https://docs.rs/hickory-recursor/badge.svg)](https://docs.rs/hickory-recursor) Performs recursive DNS resolution, looking up records from their authoritative name servers.                          |\n\n**NOTICE** This project was rebranded from Trust-DNS to Hickory DNS and has been moved to the https://github.com/hickory-dns/hickory-dns organization and repo.\n\n# Goals\n\n- Build a safe and secure DNS server and client with modern features.\n- No panics, all code is guarded\n- Use only safe Rust, and avoid all panics with proper Error handling\n- Use only stable Rust\n- Protect against DDOS attacks (to a degree)\n- Support options for Global Load Balancing functions\n- Make it dead simple to operate\n\n# Cryptography provider\n\nThe `hickory-dns` application and lower-level library crates support choosing between two \ncryptography providers for protocols that require cryptography (DNSSEC, DNS-over-TLS, etc):\n\n1. [aws-lc-rs]\n2. [ring]\n\nFeature flags that require cryptography are suffixed by the choice of provider. For example, \nfor DNS-over-TLS the feature is offered as `tls-aws-lc-rs` or `tls-ring` depending on whether\nyou wish to use `aws-lc-rs` or `ring`.\n\n[aws-lc-rs]: https://crates.io/crates/aws-lc-rs\n[ring]: https://crates.io/crates/ring\n\n# Status\n\n## DNSSEC status\n\nThe current root key is bundled into the system, and used by default. This gives\nvalidation of DNSKEY and DS records back to the root. NSEC and NSEC3 are\nimplemented.\n\nZones will be automatically resigned on any record updates via dynamic DNS. To enable DNSSEC, enable the `dnssec-ring` feature.\n\nOffline signing of records/zones is not presently supported.\n\n## RFCs implemented\n\n- [RFC 8499](https://tools.ietf.org/html/rfc8499): No more master/slave, in honor of [Juneteenth](https://en.wikipedia.org/wiki/Juneteenth)\n\n### Basic operations\n\n- [RFC 1035](https://tools.ietf.org/html/rfc1035): Base DNS spec (see the Resolver for caching)\n- [RFC 2308](https://tools.ietf.org/html/rfc2308): Negative Caching of DNS Queries (see the Resolver)\n- [RFC 2782](https://tools.ietf.org/html/rfc2782): Service location\n- [RFC 3596](https://tools.ietf.org/html/rfc3596): IPv6\n- [RFC 6891](https://tools.ietf.org/html/rfc6891): Extension Mechanisms for DNS\n- [RFC 6761](https://tools.ietf.org/html/rfc6761): Special-Use Domain Names (resolver)\n- [RFC 6762](https://tools.ietf.org/html/rfc6762): mDNS Multicast DNS (experimental feature: `mdns`)\n- [RFC 6763](https://tools.ietf.org/html/rfc6763): DNS-SD Service Discovery (experimental feature: `mdns`)\n- [draft-ietf-dnsop-aname](https://tools.ietf.org/html/draft-ietf-dnsop-aname-04): Address-specific DNS aliases (`ANAME`)\n\n### Update operations\n\n- [RFC 2136](https://tools.ietf.org/html/rfc2136): Dynamic Update\n- [RFC 7477](https://tools.ietf.org/html/rfc7477): Child-to-Parent Synchronization in DNS\n\n### Secure DNS operations\n\n- [RFC 2931](https://datatracker.ietf.org/doc/html/rfc2931): SIG(0)\n- [RFC 3007](https://tools.ietf.org/html/rfc3007): Secure Dynamic Update\n- [RFC 4034](https://tools.ietf.org/html/rfc4034): DNSSEC Resource Records\n- [RFC 4035](https://tools.ietf.org/html/rfc4035): Protocol Modifications for DNSSEC\n- [RFC 4509](https://tools.ietf.org/html/rfc4509): SHA-256 in DNSSEC Delegation Signer\n- [RFC 5155](https://tools.ietf.org/html/rfc5155): DNSSEC Hashed Authenticated Denial of Existence\n- [RFC 5702](https://tools.ietf.org/html/rfc5702): SHA-2 Algorithms with RSA in DNSKEY and RRSIG for DNSSEC\n- [RFC 6844](https://tools.ietf.org/html/rfc6844): DNS Certification Authority Authorization (CAA) Resource Record\n- [RFC 6698](https://tools.ietf.org/html/rfc6698): The DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA\n- [RFC 6840](https://tools.ietf.org/html/rfc6840): Clarifications and Implementation Notes for DNSSEC\n- [RFC 6844](https://tools.ietf.org/html/rfc6844): DNS Certification Authority Authorization Resource Record\n- [RFC 6944](https://tools.ietf.org/html/rfc6944): DNSKEY Algorithm Implementation Status\n- [RFC 6975](https://tools.ietf.org/html/rfc6975): Signaling Cryptographic Algorithm Understanding\n- [RFC 7858](https://tools.ietf.org/html/rfc7858): DNS over TLS (feature: `tls-aws-lc-rs`/`tls-ring`)\n- [RFC 8162](https://tools.ietf.org/html/rfc8162): Using Secure DNS to Associate Certificates with Domain Names for S/MIME\n- [RFC 8484](https://tools.ietf.org/html/rfc8484): DNS over HTTPS, DoH (feature: `https-aws-lc-rs`/`https-ring`)\n\n## RFCs in progress or not yet implemented\n\n### Basic operations\n\n- [RFC 2317](https://tools.ietf.org/html/rfc2317): Classless IN-ADDR.ARPA delegation\n\n### Update operations\n\n- [RFC 1995](https://tools.ietf.org/html/rfc1995): Incremental Zone Transfer\n- [RFC 1996](https://tools.ietf.org/html/rfc1996): Notify secondaries of update\n- [Update Leases](https://tools.ietf.org/html/draft-sekar-dns-ul-01): Dynamic DNS Update Leases\n- [RFC 8764](https://tools.ietf.org/html/rfc8764): Notify with bells\n\n### Secure DNS operations\n\n- [DNSCrypt](https://dnscrypt.org): Trusted DNS queries\n- [RFC 8162](https://tools.ietf.org/html/rfc8162): Domain Names For S/MIME\n\n## Testing\n\nHickory DNS uses `just` for build workflow management. While running `cargo test` at the project root will work, this is not exhaustive. Install `just` with `cargo install just`. A few of the `just` recipes require [`cargo-workspaces`](https://github.com/pksunkara/cargo-workspaces) to be installed, a plugin to optimize the workflow around cargo workspaces. Install the plugin with `cargo install cargo-workspaces`.\n\n- Default tests\n\n  These are good for running on local systems. They will create sockets for\n  local tests, but will not attempt to access remote systems. Tests can also\n  be run from the crate directory, i.e. `client` or `server` and `cargo test`\n\n```shell\njust default\n```\n\n- Default feature tests\n\n  Hickory DNS has many features, to quickly test with them or without, there are three targets supported, `default`, `no-default-features`, `all-features`:\n\n```shell\njust all-features\n```\n\n- Individual feature tests\n\n  Hickory DNS has many features, each individual feature can be tested\n  independently. See individual crates for all their features.\n  Each feature can be tested with itself as the task target for `just`:\n\n```shell\njust tls-aws-lc-rs\n```\n\n- Benchmarks\n\n  Waiting on benchmarks to stabilize in mainline Rust.\n\n## Building\n\n- Production build, from the `hickory-dns` base dir, to get all features, just pass the `--all-features` flag.\n\n```shell\ncargo build --release -p hickory-dns\n```\n\n## Using the hickory-resolver CLI\n\nAvailable in `0.20`\n\n```shell\ncargo install --bin resolve hickory-util\n```\n\nOr from source, in the hickory-dns directory\n\n```shell\ncargo install --bin resolve --path util\n```\n\nexample:\n\n```shell\n$ resolve www.example.com.\nQuerying for www.example.com. A from udp:8.8.8.8:53, tcp:8.8.8.8:53, udp:8.8.4.4:53, tcp:8.8.4.4:53, udp:[2001:4860:4860::8888]:53, tcp:[2001:4860:4860::8888]:53, udp:[2001:4860:4860::8844]:53, tcp:[2001:4860:4860::8844]:53\nSuccess for query name: www.example.com. type: A class: IN\n        www.example.com. 21063 IN A 93.184.215.14\n```\n\n## Usage with Docker\nA Docker image with a pre-compiled version of `hickory-dns` is availalbe at https://github.com/hickory-dns/docker.\n\n## FAQ\n\n- **Why are you building another DNS server?**\n\n  To offer a DNS server written in a memory-safe language.\n\n  Using Rust semantics it should be possible to develop a high performance and\n  safe DNS Server that is more resilient to attacks.\n\n- **What is the MSRV (minimum stable Rust version) policy?**\n\n  Hickory DNS will work to support backward compatibility with three Rust versions.\n\n  For example, if `1.50` is the current release, then the MSRV will be `1.47`. The\n  version is only increased as necessary, so it's possible that the MSRV is older\n  than this policy states. Additionally, the MSRV is only supported for the `no-default-features`\n  build due to it being an intractable issue of trying to enforce this policy on dependencies.\n\n## Community\n\nFor live discussions beyond this repository, please see this [Discord](https://discord.gg/89nxE4n).\n\n## License\n\nLicensed under either of\n\n- Apache License, Version 2.0, ([LICENSE-APACHE](LICENSE-APACHE) or \u003chttps://www.apache.org/licenses/LICENSE-2.0\u003e)\n- MIT license ([LICENSE-MIT](LICENSE-MIT) or \u003chttps://opensource.org/licenses/MIT\u003e)\n\nat your option.\n\n### Contribution\n\nUnless you explicitly state otherwise, any contribution intentionally\nsubmitted for inclusion in the work by you, as defined in the Apache-2.0\nlicense, shall be dual licensed as above, without any additional terms or\nconditions.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhickory-dns%2Fhickory-dns","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhickory-dns%2Fhickory-dns","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhickory-dns%2Fhickory-dns/lists"}