Skip to content
This repository was archived by the owner on Mar 21, 2025. It is now read-only.
This repository was archived by the owner on Mar 21, 2025. It is now read-only.

Use DNSSEC for resolving domain names #16

Open
Open
Use DNSSEC for resolving domain names#16
Labels
stage: devOn/for a development versiontype: fixIterations on existing features or infrastructuretype: securitySomething is vulnerable, not safe, or not securework: complicatedThe situation is complicated (known unknowns), good practices used
Milestone
DNS lookup
@ethanjli

Description

@ethanjli
ethanjli
opened on Sep 29, 2021

Right now we're using trust-dns-resolver to look up DNS records for domain names, but we probably haven't enabled DNSSEC features yet. trust-dns-resolver states that enabling DNSSEC requires enabling the feature dnssec-openssl or dnssec-rustls (we should probably use the latter) in our Cargo.toml file. We also need to determine whether/how to use DNSSEC for the lookups after enabling this feature - it looks like we need to construct a ResolverOpts instance, then set its validate member to true, and then pass the instance into the resolver; then we just use the resolver's lookup method as usual.

Metadata

Metadata

Assignees

No one assigned

    Labels

    stage: devOn/for a development versiontype: fixIterations on existing features or infrastructuretype: securitySomething is vulnerable, not safe, or not securework: complicatedThe situation is complicated (known unknowns), good practices used

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions