Hickory-DNS is a DNS implementation written in Rust that provides a full suite of DNS capabilities: a client library for querying and constructing DNS messages, a recursive resolver with caching, an authoritative DNS server, and support for DNSSEC validation and signing. It can operate as a DNS-over-TLS (DoT) and DNS-over-HTTPS (DoH) client, and includes a multicast DNS (mDNS) implementation for local network discovery without a central server.
The project differentiates itself through its integrated DNSSEC pipeline, which validates signatures by chaining from a root trust anchor and can automatically re-sign zones on dynamic updates. Its recursive resolver traverses the DNS hierarchy from root servers, caching intermediate and negative responses, while the authoritative server supports incremental zone transfers (IXFR), notify, and dynamic updates authenticated with SIG(0). All DNS transports—UDP, TCP, TLS, HTTPS, and mDNS—are abstracted behind a unified interface.
The library also manages DNS resource records, serializes and deserializes messages in both binary wire format and human-readable text, and handles queries, updates, and response processing with timeouts. Command-line resolution and support for EDNS, IPv6, and various record types round out the capability surface.
