DOMAIN

  • About

Domain is a Rust library for interacting with the Domain Name System. The crate contains an ever-growing set of building blocks for including DNS functionality in applications.

The domain crate aims to provide a comprehensive – ideally complete – range of building blocks necessary to build specialised DNS applications or include uses of DNS in other applications. By now, it provides several foundational features centred around representing the components of a DNS message – domain names, resource records, etc. – and creating, parsing, and processing them. In addition, it contains a simple, async stub resolver that you can use to initiate specific queries towards upstream resolvers.

Development in 2024

Work on domain is funded by the Sovereign Tech Fund in 2024. Over the course of the year, we will extend the foundation to cover most functionality necessary to build other DNS components: authoritative servers, simple resolvers, and proxies.

Client and Server

We have structured this work into two tracks: client and server. Naturally, both tracks will start with the ability to send and receive messages using the various existing transports. For the client, we will add response caching and DNSSEC validation. In the server track, we will provide means to load zones from zone files, keep them available in memory, and use them to answer queries. We will also provide the means for zone transfers, both its primary and secondary sides. Finally, DNSSEC signing of zones and key management will round out the server track.

Proxy

We will start work on a flexible DNS proxy which will allow you to define rules for how to handle requests – whether to have them answered by a specific upstream server, from a configured local zone, or even not at all – based on properties of the request. An initial version of this proxy will tie everything together.

Diagnostics and Zone Management

We will also offer a fresh implementation of a DNS diagnostics tool. The idea is to provide functions beyond simple DNS queries. For instance, it could allow you to check the DNSSEC status of a zone or whether your local resolver provides answers that match those given by the authoritative servers.

Lastly, our ldns C library includes a number of tools for zone management – sign a zone, check the correctness of a zone, and so on. These were originally intended merely as examples for the library but have since been adopted for production purposes. We will provide a tool (or a set of tools) in Rust as their successor.