# hickory-dns/hickory-dns **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/hickory-dns-hickory-dns).** 5,000 stars · 555 forks · Rust · other ## Links - GitHub: https://github.com/hickory-dns/hickory-dns - awesome-repositories: https://awesome-repositories.com/repository/hickory-dns-hickory-dns.md ## Topics `dns` `dns-client` `dns-server` `dnssec` `dynamic-dns` `hickory-dns` `rust` `rust-lang` `trust-dns` ## Description Hickory-DNS is a DNS implementation written in Rust that provides a full suite of DNS capabilities: a client library for querying and constructing DNS messages, a recursive resolver with caching, an authoritative DNS server, and support for DNSSEC validation and signing. It can operate as a DNS-over-TLS (DoT) and DNS-over-HTTPS (DoH) client, and includes a multicast DNS (mDNS) implementation for local network discovery without a central server. The project differentiates itself through its integrated DNSSEC pipeline, which validates signatures by chaining from a root trust anchor and can automatically re-sign zones on dynamic updates. Its recursive resolver traverses the DNS hierarchy from root servers, caching intermediate and negative responses, while the authoritative server supports incremental zone transfers (IXFR), notify, and dynamic updates authenticated with SIG(0). All DNS transports—UDP, TCP, TLS, HTTPS, and mDNS—are abstracted behind a unified interface. The library also manages DNS resource records, serializes and deserializes messages in both binary wire format and human-readable text, and handles queries, updates, and response processing with timeouts. Command-line resolution and support for EDNS, IPv6, and various record types round out the capability surface. ## Tags ### Networking & Communication - [Authoritative DNS Hosting](https://awesome-repositories.com/f/networking-communication/authoritative-dns-hosting.md) — Serves as an authoritative DNS server with zone transfers, notify, and dynamic updates. - [Authoritative Zone Hosting](https://awesome-repositories.com/f/networking-communication/authoritative-zone-hosting.md) — Ships a full authoritative DNS server with zone transfer, notify, and service discovery support. ([source](https://cdn.jsdelivr.net/gh/hickory-dns/hickory-dns@main/README.md)) - [Incremental Zone Transfers](https://awesome-repositories.com/f/networking-communication/authoritative-zone-hosting/incremental-zone-transfers.md) — Serves authoritative DNS zones with support for incremental zone transfer and DNSSEC signing. - [DNS Message Codecs](https://awesome-repositories.com/f/networking-communication/dns-message-codecs.md) — The DNS library serializes and deserializes DNS resource records and messages in binary wire format and human-readable text for network transmission and storage. ([source](https://docs.rs/hickory-proto/)) - [DNS Query Clients](https://awesome-repositories.com/f/networking-communication/dns-query-clients.md) — Transmits DNS query or update messages to a server and processes responses with timeout handling. ([source](https://docs.rs/hickory-proto/0.26.1/hickory_proto/)) - [Encrypted Query Clients](https://awesome-repositories.com/f/networking-communication/dns-query-clients/encrypted-query-clients.md) — Operates as a client for DNS-over-TLS and DNS-over-HTTPS encrypted queries. - [DNS Resolution](https://awesome-repositories.com/f/networking-communication/dns-resolution.md) — Resolves DNS queries for various record types using system-configured or custom resolvers with EDNS and IPv6 support. ([source](https://cdn.jsdelivr.net/gh/hickory-dns/hickory-dns@main/README.md)) - [DNS-over-TLS Clients](https://awesome-repositories.com/f/networking-communication/dns-servers/dns-over-tls-clients.md) — Provides both DNS-over-TLS and DNS-over-HTTPS client capabilities for encrypted name resolution. - [Caching Resolvers](https://awesome-repositories.com/f/networking-communication/network-infrastructure-routing/network-infrastructure-configuration/network-infrastructure/recursive-dns-resolvers/caching-resolvers.md) — Traverses the DNS hierarchy from root to authoritative servers, caching intermediate results and negative responses. - [Recursive DNS Resolution](https://awesome-repositories.com/f/networking-communication/recursive-dns-resolution.md) — Resolves domain names recursively by traversing the DNS hierarchy from root servers to authoritative servers. ([source](https://docs.rs/hickory-resolver)) - [DNS Record Resolvers](https://awesome-repositories.com/f/networking-communication/dns-query-routers/dns-reconnaissance/dns-record-resolvers.md) — Queries DNS record types asynchronously over TCP and returns the deserialized data. ([source](https://docs.rs/hickory-client)) - [SIG(0)-Authenticated Updates](https://awesome-repositories.com/f/networking-communication/dns-record-management/sig-0-authenticated-updates.md) — Implements dynamic DNS updates authenticated with SIG(0) signed requests for record modification. ([source](https://cdn.jsdelivr.net/gh/hickory-dns/hickory-dns@main/README.md)) - [Multicast DNS Resolution](https://awesome-repositories.com/f/networking-communication/multicast-dns-resolution.md) — Implements multicast DNS for local network hostname discovery without a central server. ### Security & Cryptography - [DNSSEC Zone Signing](https://awesome-repositories.com/f/security-cryptography/dnssec-zone-signing.md) — Manages DNSSEC data structures and utilities for securing DNS responses and zone transfers. ([source](https://docs.rs/hickory-proto/latest/hickory_proto/)) - [DNSSEC Signature Validation](https://awesome-repositories.com/f/security-cryptography/dnssec-zone-signing/dnssec-signature-validation.md) — Validates DNSSEC signatures by chaining from the root trust anchor for response authenticity. - [Recursive DNS Resolvers](https://awesome-repositories.com/f/security-cryptography/recursive-dns-resolvers.md) — Implements a full recursive resolver that caches intermediate and negative responses. - [Automatic Re-signing](https://awesome-repositories.com/f/security-cryptography/dnssec-zone-signing/automatic-re-signing.md) — Automatically re-signs DNS zones on dynamic updates using NSEC and NSEC3 chain-of-trust validation. ([source](https://cdn.jsdelivr.net/gh/hickory-dns/hickory-dns@main/README.md)) - [DNSSEC Chain-of-Trust Validators](https://awesome-repositories.com/f/security-cryptography/dnssec-zone-signing/dnssec-chain-of-trust-validators.md) — Validates DNSSEC signatures by chaining from the root trust anchor for response authenticity. - [Encrypted DNS Resolvers](https://awesome-repositories.com/f/security-cryptography/encrypted-dns-resolvers.md) — Tunnels DNS requests over TLS or HTTPS to protect against eavesdropping and tampering. ([source](https://cdn.jsdelivr.net/gh/hickory-dns/hickory-dns@main/README.md))