dearsky/numa
1
0
Fork 0
Code Issues 10 Pull Requests 1 Actions Packages Projects Releases 25 Wiki Activity

feat: add DNS-over-TLS (DoT) listener (RFC 7858)

Browse Source 
Refactor handle_query into transport-agnostic resolve_query that returns
a BytePacketBuffer, keeping the UDP path zero-alloc. Add a TLS listener
on port 853 with persistent connections, idle timeout, connection limits,
and coalesced writes. Supports user-provided certs or self-signed CA
fallback. Includes 5 integration tests.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Razvan Dimescu
2026-03-30 00:36:26 +03:00
parent 766935ec97
commit e4350ae81c
7 changed files with 534 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/main.rs
View File

@@ -370,6 +370,9 @@ async fn main() -> numa::Result<()> {
);
}
}
if config.dot.enabled {
row("DoT", g, &format!("tls://:{}", config.dot.port));
}
if config.lan.enabled {
row("LAN", g, "mDNS (_numa._tcp.local)");
}
@@ -477,6 +480,15 @@ async fn main() -> numa::Result<()> {
});
}
// Spawn DNS-over-TLS listener (RFC 7858)
if config.dot.enabled {
let dot_ctx = Arc::clone(&ctx);
let dot_config = config.dot.clone();
tokio::spawn(async move {
numa::dot::start_dot(dot_ctx, &dot_config).await;
});
}
// UDP DNS listener
#[allow(clippy::infinite_loop)]
loop {