注意 此项目已重命名为 Hickory DNS 并已移动到 https://github.com/hickory-dns/hickory-dns 组织和仓库，此 crate 二进制文件已移动到 hickory-util，从 0.24 版本开始。

概述

Trust-DNS Util 是 Trust-DNS 库的支持库。

解析

通过独立的 CLI 测试 trust-dns-resolver 及其功能很有用

$ cargo install --bin resolve trust-dns-util

示例

$ resolve www.example.com.
Querying for www.example.com. A from udp:8.8.8.8:53, tcp:8.8.8.8:53, udp:8.8.4.4:53, tcp:8.8.4.4:53, udp:[2001:4860:4860::8888]:53, tcp:[2001:4860:4860::8888]:53, udp:[2001:4860:4860::8844]:53, tcp:[2001:4860:4860::8844]:53
Success for query name: www.example.com. type: A class: IN
        www.example.com. 21063 IN A 93.184.216.34

帮助

$ resolve -h
resolve 0.20.0-alpha.3
A CLI interface for the trust-dns-resolver.

This utility directly uses the trust-dns-resolver to perform a lookup to a set of nameservers. Many of the features can
be directly tested via the FLAGS and OPTIONS. By default (like trust-dns-resolver) the configured nameservers are the
Google provided ones. The system configured ones can be used with the `--system` FLAG. Other nameservers, as many as
desired, can be configured directly with the `--nameserver` OPTION.

USAGE:
    resolve [FLAGS] [OPTIONS] <domainname>

FLAGS:
        --cloudflare    Use cloudflare resolvers
        --debug         Enable debug and all logging
        --error         Enable error logging
        --google        Use google resolvers, default
    -e, --happy         Happy eye balls lookup, ipv4 and ipv6
    -h, --help          Prints help information
        --info          Enable info + warning + error logging
        --ipv4          Use ipv4 addresses only, default is both ipv4 and ipv6
        --ipv6          Use ipv6 addresses only, default is both ipv4 and ipv6
        --quad9         Use quad9 resolvers
    -s, --system        Use system configuration, e.g. /etc/resolv.conf, instead of defaults
        --tcp           Use only TCP, default to UDP and TCP
        --udp           Use only UDP, default to UDP and TCP
    -V, --version       Prints version information
        --warn          Enable warning + error logging

OPTIONS:
    -n, --nameserver <nameserver>...    Specify a nameserver to use, ip and port e.g. 8.8.8.8:53 or
                                        [2001:4860:4860::8888]:53 (port required)
    -t, --type <ty>                     Type of query to issue, e.g. A, AAAA, NS, etc [default: A]

ARGS:
    <domainname>    Name to attempt to resolve, if followed by a '.' then it's a fully-qualified-domain-name

dnskey-to-pem

此工具将使用 BIND9 生成的私钥 DNSKEY 并输出与 OpenSSL 兼容的 PEM 格式文件。 警告 这将包含私钥材料。

$ cargo run --bin pem-to-public-dnskey -- --help
Trust-DNS dnskey-to-pem 0.11.3
Benjamin Fry <[email protected]>
Converts a dnskey, as generated from BIND's dnssec-keygen, into pem format

USAGE:
    dnskey-to-pem [OPTIONS] <PRIVATE_KEY_FILE>

FLAGS:
    -h, --help       Prints help information
    -V, --version    Prints version information

OPTIONS:
    -o, --output <OUTPUT_FILE>    Output FILE to write to [default: out.pem]

ARGS:
    <PRIVATE_KEY_FILE>    Input FILE from which to read the DNSSEC private key

pem-to-public-dnskey

此工具可用于输出 DNSKEY RDATA 格式的原始字节数据。这对于将自定义公钥与 Trust-DNS 中的 TrustAnchor 功能相关联非常有用。

$ cargo run --bin pem-to-public-dnskey -- --help
Trust-DNS pem-to-public-dnskey 0.11.3
Benjamin Fry <[email protected]>
Converts a PEM formatted public key into a raw public dnskey (this is not the inverse of bind_dnskey_to_pem). This can be used to create a dnskey in the TrustAnchor internal
format.

USAGE:
    pem-to-public-dnskey [OPTIONS] <PEM_KEY_FILE>

FLAGS:
    -h, --help       Prints help information
    -V, --version    Prints version information

OPTIONS:
    -o, --output <OUTPUT_FILE>    Output FILE to write to [default: out.dnskey]

ARGS:
    <PEM_KEY_FILE>    Input PEM FILE from which to read the public key

版本控制

Trust-DNS 尽力遵循 semver。当公开的 API 稳定后，Trust-DNS 将升级到 1.0。这并不意味着 Trust-DNS 在 0.x 更新之间升级时一定会中断。尽可能保留旧的 API，并注明哪些替换了这些弃用。Trust-DNS 将尽力不因 API 更改而破坏依赖于它的软件，尽管不能保证。弃用接口将在弃用后至少维护一个主要版本（在可能的情况下），但升级到 1.0 的例外，所有弃用接口都计划在升级时移除。