#dns #dnssec #bind #named #dig

bin+lib hickory-util

Utilities that complement Hickory DNS

3 unstable releases

new 0.24.1 Apr 18, 2024
0.24.0 Oct 14, 2023
0.1.0 Sep 26, 2023

#2201 in Network programming

Download history 6/week @ 2024-02-15 15/week @ 2024-02-22 8/week @ 2024-02-29 5/week @ 2024-03-07 15/week @ 2024-03-14 24/week @ 2024-03-28 16/week @ 2024-04-04

58 downloads per month


39K SLoC


Hickory DNS Util is a support library for the Hickory DNS libraries.


Useful for testing hickory-resolver and it's features via an independent CLI

$ cargo install --bin resolve hickory-util


$ resolve www.example.com.
Querying for www.example.com. A from udp:, tcp:, udp:, tcp:, udp:[2001:4860:4860::8888]:53, tcp:[2001:4860:4860::8888]:53, udp:[2001:4860:4860::8844]:53, tcp:[2001:4860:4860::8844]:53
Success for query name: www.example.com. type: A class: IN
        www.example.com. 21063 IN A


$ resolve -h
resolve 0.20.0-alpha.3
A CLI interface for the hickory-resolver.

This utility directly uses the hickory-resolver to perform a lookup to a set of nameservers. Many of the features can
be directly tested via the FLAGS and OPTIONS. By default (like hickory-resolver) the configured nameservers are the
Google provided ones. The system configured ones can be used with the `--system` FLAG. Other nameservers, as many as
desired, can be configured directly with the `--nameserver` OPTION.

    resolve [FLAGS] [OPTIONS] <domainname>

        --cloudflare    Use cloudflare resolvers
        --debug         Enable debug and all logging
        --error         Enable error logging
        --google        Use google resolvers, default
    -e, --happy         Happy eye balls lookup, ipv4 and ipv6
    -h, --help          Prints help information
        --info          Enable info + warning + error logging
        --ipv4          Use ipv4 addresses only, default is both ipv4 and ipv6
        --ipv6          Use ipv6 addresses only, default is both ipv4 and ipv6
        --quad9         Use quad9 resolvers
    -s, --system        Use system configuration, e.g. /etc/resolv.conf, instead of defaults
        --tcp           Use only TCP, default to UDP and TCP
        --udp           Use only UDP, default to UDP and TCP
    -V, --version       Prints version information
        --warn          Enable warning + error logging

    -n, --nameserver <nameserver>...    Specify a nameserver to use, ip and port e.g. or
                                        [2001:4860:4860::8888]:53 (port required)
    -t, --type <ty>                     Type of query to issue, e.g. A, AAAA, NS, etc [default: A]

    <domainname>    Name to attempt to resolve, if followed by a '.' then it's a fully-qualified-domain-name


This will take a private DNSKEY as generated by BIND9 and output an OpenSSL compatible PEM formatted file. WARNING this will contain private key material.

$ cargo run --bin pem-to-public-dnskey -- --help
Hickory DNS dnskey-to-pem 0.11.3
Benjamin Fry <benjaminfry@me.com>
Converts a dnskey, as generated from BIND's dnssec-keygen, into pem format

    dnskey-to-pem [OPTIONS] <PRIVATE_KEY_FILE>

    -h, --help       Prints help information
    -V, --version    Prints version information

    -o, --output <OUTPUT_FILE>    Output FILE to write to [default: out.pem]

    <PRIVATE_KEY_FILE>    Input FILE from which to read the DNSSEC private key


This utility can be used to output raw bytes in the DNSKEY RDATA format. This is useful for associating custom public keys with the TrustAnchor facility in Hickory DNS.

$ cargo run --bin pem-to-public-dnskey -- --help
Hickory DNS pem-to-public-dnskey 0.11.3
Benjamin Fry <benjaminfry@me.com>
Converts a PEM formatted public key into a raw public dnskey (this is not the inverse of bind_dnskey_to_pem). This can be used to create a dnskey in the TrustAnchor internal

    pem-to-public-dnskey [OPTIONS] <PEM_KEY_FILE>

    -h, --help       Prints help information
    -V, --version    Prints version information

    -o, --output <OUTPUT_FILE>    Output FILE to write to [default: out.dnskey]

    <PEM_KEY_FILE>    Input PEM FILE from which to read the public key


Hickory DNS does it's best job to follow semver. Hickory DNS will be promoted to 1.0 upon stabilization of the publicly exposed APIs. This does not mean that Hickory DNS will necessarily break on upgrades between 0.x updates. Whenever possible, old APIs will be deprecated with notes on what replaced those deprecations. Hickory DNS will make a best effort to never break software which depends on it due to API changes, though this can not be guaranteed. Deprecated interfaces will be maintained for at minimum one major release after that in which they were deprecated (where possible), with the exception of the upgrade to 1.0 where all deprecated interfaces will be planned to be removed.


~421K SLoC