feat(dnsserver): Enhance DNSSEC RRset signing and add configurable primary nameserver

- Fix DNSSEC to properly sign entire RRsets together instead of individual records - Implement proper SOA record serialization according to RFC 1035 - Add primaryNameserver option to IDnsServerOptions for customizable SOA mname field - Add comprehensive tests for DNSSEC RRset signing and SOA record handling - Update documentation with v7.4.3 improvements Co-Authored-By: User <user@example.com>
2025-05-30 18:20:55 +00:00
parent 4e37bc9bc0
commit b87cbbee5c
6 changed files with 871 additions and 46 deletions
--- a/readme.hints.md
+++ b/readme.hints.md
@@ -104,8 +104,12 @@ The test suite demonstrates:
 - Let's Encrypt integration requires proper domain authorization
 - Handler patterns should be carefully designed to avoid open resolvers

-## Known Issues
+## Recent Improvements (v7.4.3)

-1. **DNSSEC RRSIG Generation**: When multiple records of the same type are returned, DNSSEC signing may encounter issues with the current implementation
-2. **SOA Record Prefix**: The server hardcodes 'ns1.' prefix for SOA mname field which may not match actual nameserver names
-3. **Handler Deduplication**: If the same handler is registered multiple times, it will contribute duplicate records
+1. **DNSSEC RRset Signing**: Fixed to properly sign entire RRsets together instead of individual records
+2. **SOA Record Serialization**: Implemented proper SOA record encoding for DNSSEC compatibility
+3. **Configurable Primary Nameserver**: Added `primaryNameserver` option to customize SOA mname field
+
+## Known Limitations
+
+1. **Handler Deduplication**: If the same handler is registered multiple times, it will contribute duplicate records (this may be desired behavior for some use cases)