| Thanks for linking to the project. TRust-DNS has been coming along over the last couple of years, there've been a few discussion here about it, these ones had a lot of comments: https://news.ycombinator.com/item?id=12332876 https://news.ycombinator.com/item?id=13099979 TRust-DNS consists of essentially 3 components. The Server supports on-line DNSSec signing of all the current DNSSec standard algorithms, and some additional RFCs around limiting the response of those to what the client connection supports. It supports DNS over TLS as well. Recently I added support for TLSA and CAA records as well. There are definitely some more than can be supported. The Client, which is for managing the server and performing raw connections to DNS servers for things like dynamic update, etc. It supports DNS over TLS, with three variant TLS impls for different combinations based on toolchain requirements. It also can perform DNSSec validation. The Resolver, which is what I anticipate most people will use going into the future. This currently doesn't support DNS over TLS. I have plans to do that, but I haven't figured out the configuraton side of it yet. This also is capable of DNSSec validation. It has some neat features around DNS server selection specifically for ranking DNS servers and using the most responsive. I have some plans at some point to try and implement a caching resolver for the three major platforms, but haven't gotten there yet. Happy to answer any questions. |