TRust-DNS consists of essentially 3 components. The Server supports on-line DNSSec signing of all the current DNSSec standard algorithms, and some additional RFCs around limiting the response of those to what the client connection supports. It supports DNS over TLS as well. Recently I added support for TLSA and CAA records as well. There are definitely some more than can be supported.
The Client, which is for managing the server and performing raw connections to DNS servers for things like dynamic update, etc. It supports DNS over TLS, with three variant TLS impls for different combinations based on toolchain requirements. It also can perform DNSSec validation.
The Resolver, which is what I anticipate most people will use going into the future. This currently doesn't support DNS over TLS. I have plans to do that, but I haven't figured out the configuraton side of it yet. This also is capable of DNSSec validation. It has some neat features around DNS server selection specifically for ranking DNS servers and using the most responsive. I have some plans at some point to try and implement a caching resolver for the three major platforms, but haven't gotten there yet.
My goals with TRust-DNS are a little more than just shiny new language. I really want to leverage Rust's safety guarantees, especially in regards building high performance implementations for core tools like this. I believe that with Rust we can produce more hardened software and deliver at a faster pace than other more traditional low level languages.
I haven't yet had a chance to really optimize the library. In my measurements for example, BIND responds to queries in 100 micro-seconds, whereas TRust-DNS is now down to 250 (on my local system, YMMV). There are a couple of low-hanging fruit things that I hope to get to soon, that should bring that down significantly.
TRust-DNS has been coming along over the last couple of years, there've been a few discussion here about it, these ones had a lot of comments:
https://news.ycombinator.com/item?id=12332876
https://news.ycombinator.com/item?id=13099979
TRust-DNS consists of essentially 3 components. The Server supports on-line DNSSec signing of all the current DNSSec standard algorithms, and some additional RFCs around limiting the response of those to what the client connection supports. It supports DNS over TLS as well. Recently I added support for TLSA and CAA records as well. There are definitely some more than can be supported.
The Client, which is for managing the server and performing raw connections to DNS servers for things like dynamic update, etc. It supports DNS over TLS, with three variant TLS impls for different combinations based on toolchain requirements. It also can perform DNSSec validation.
The Resolver, which is what I anticipate most people will use going into the future. This currently doesn't support DNS over TLS. I have plans to do that, but I haven't figured out the configuraton side of it yet. This also is capable of DNSSec validation. It has some neat features around DNS server selection specifically for ranking DNS servers and using the most responsive. I have some plans at some point to try and implement a caching resolver for the three major platforms, but haven't gotten there yet.
Happy to answer any questions.