Since leaving my job at the end of August, I figured I would try to write up a report of most of the open source stuff I worked on (see previous month). Turns out writing these is a lot of work, so it took me a while to write up October’s activity – I ultimately wrote this with the help of some tooling I wrote.
Hickory DNS
Hickory DNS is a project to build a comprehensive suite of Rust libraries to build DNS services on top of. Because the project is nearing a (fairly large) feature release, I’ve been trying to make a number of improvements to the project, cle…
Since leaving my job at the end of August, I figured I would try to write up a report of most of the open source stuff I worked on (see previous month). Turns out writing these is a lot of work, so it took me a while to write up October’s activity – I ultimately wrote this with the help of some tooling I wrote.
Hickory DNS
Hickory DNS is a project to build a comprehensive suite of Rust libraries to build DNS services on top of. Because the project is nearing a (fairly large) feature release, I’ve been trying to make a number of improvements to the project, cleaning up the API and moving code around to reduce complexity.
- I removed the synchronous client API, which was a thin, not very well maintained wrapper around the larger, more capable async API. This entailed porting some tests and also removing the synchronous resolver API.
- I started looking at the DNSSEC cryptography API to figure out what needed to be done to both support ring as a full-fledged replacement for OpenSSL and add support for the ring-like aws-lc-rs provider. The DNSSEC API wasn’t very well-designed, so this took quite some efforts. I started by looking at the KeyPair type which had a lot of functionality attached to it, and cleaned it up by moving code out of it and clarifying private/public key responsibilities.
- Improved CI cycle times by avoiding unnecessary release builds.
- Made a number of generic code quality/API improvements, like simplifying socket address literals, moving StoreConfig to bin crate, making error modules private, switching to using doc_auto_cfg, cleaning up rustdoc warnings, and replacing TryParseIp trait with IntoName::to_ip().
- Simplified rustls usage by leveraging the new PEM reading API.
Notable PRs I reviewed:
- Start propagating NX domain and no record found errors.
- Marcus addressed a very old request to enable blackholing DNS requests.
- Someone contributed an implementation of the CERT record type from RFC 4398 for storing certificates in the DNS (likely with some LLM help).
- David added configuration to avoid specific UDP ports on outbound traffic.
tracing-opentelemetry
For lack of anyone else doing the work, I maintain the tracing-opentelemetry integration crate that allows the tracing project to work with the opentelemetry crates. The OpenTelemetry Rust SIG have been increasing the pace of semver-incompatible releases, but unfortunately missed some things.
- As such, I cleaned up their tonic code generation to use the right crate versions and bumped their MSRV to match the new dependencies.
- I wrote up a note in the tracing-opentelemetry README on version compatibility between the opentelemetry-* crates and tracing-opentelemetry.
- Reviewed the upgrade to opentelemetry 0.26.
- Reviewed a locking efficiency improvement.
- Reviewed optional attaching the level of exported spans.
instant-acme
instant-acme is a RFC 8555 client for provisioning TLS certificates.
Reviewed a contributed PR to expose account IDs, which can be used in CAA records to restrict which account can request certificates.
gcp_auth
gcp_auth is a simple API for authenticating to Google Cloud Platform services. It supports both production and development environments, similar to official Google SDKs for other languages (though likely more limited in scope).
In October, someone contributed support for setting the audience in custom service account token providers, which had been asked for a few times.
chrono
chrono is one of the most popular date/time libraries in the Rust ecosystem. I took over maintenance because the previous maintainers didn’t want to maintain it anymore, so I support the community by reviewing incoming pull requests.
This month, someone contributed support for OpenHarmony OS.
On sustainability
Since my last post, a few more companies started sponsoring my work, for which I am very grateful. For now, I’m still funding most of my open source activity from contract work, though I’m currently talking to some organizations that are looking to more directly fund open source work. Excited to see how that goes!
Many thanks to these sponsors (5 USD/month or more):
- syntaxfm
- getsentry
- denoland
- ctz
- astral-sh
- bdaehlie
- Quad9DNS
- thomaseizinger
- stepfunc
- tweedegolf
- codecov
- repi
- MJDSys
- mstange
- stackabletech
- dimlev
- Shnatsel
- eightseventhreethree
- malyn
- dconnolly
- paolobarbolini
- block