feat(dnsserver): Enhance DNSSEC RRset signing and add configurable primary nameserver

- Fix DNSSEC to properly sign entire RRsets together instead of individual records
- Implement proper SOA record serialization according to RFC 1035
- Add primaryNameserver option to IDnsServerOptions for customizable SOA mname field
- Add comprehensive tests for DNSSEC RRset signing and SOA record handling
- Update documentation with v7.4.3 improvements

Co-Authored-By: User <user@example.com>

test/example.primaryns.ts

@@ -0,0 +1,123 @@
+import * as smartdns from '../ts_server/index.js';
+
+// Example: Using custom primary nameserver
+async function exampleCustomNameserver() {
+  const dnsServer = new smartdns.DnsServer({
+    httpsKey: 'your-https-key',
+    httpsCert: 'your-https-cert',
+    httpsPort: 8443,
+    udpPort: 8053,
+    dnssecZone: 'example.com',
+    // Custom primary nameserver for SOA records
+    primaryNameserver: 'ns-primary.example.com',
+  });
+
+  // Register some handlers
+  dnsServer.registerHandler('example.com', ['NS'], (question) => {
+    return {
+      name: question.name,
+      type: 'NS',
+      class: 'IN',
+      ttl: 3600,
+      data: 'ns-primary.example.com',
+    };
+  });
+
+  dnsServer.registerHandler('example.com', ['NS'], (question) => {
+    return {
+      name: question.name,
+      type: 'NS',
+      class: 'IN',
+      ttl: 3600,
+      data: 'ns-secondary.example.com',
+    };
+  });
+
+  await dnsServer.start();
+  console.log('DNS server started with custom primary nameserver');
+  
+  // SOA records will now use 'ns-primary.example.com' instead of 'ns1.example.com'
+}
+
+// Example: DNSSEC with multiple records (proper RRset signing)
+async function exampleDnssecMultipleRecords() {
+  const dnsServer = new smartdns.DnsServer({
+    httpsKey: 'your-https-key',
+    httpsCert: 'your-https-cert',
+    httpsPort: 8443,
+    udpPort: 8053,
+    dnssecZone: 'secure.example.com',
+  });
+
+  // Register multiple A records for round-robin
+  const ips = ['192.168.1.10', '192.168.1.11', '192.168.1.12'];
+  for (const ip of ips) {
+    dnsServer.registerHandler('www.secure.example.com', ['A'], (question) => {
+      return {
+        name: question.name,
+        type: 'A',
+        class: 'IN',
+        ttl: 300,
+        data: ip,
+      };
+    });
+  }
+
+  await dnsServer.start();
+  console.log('DNS server started with DNSSEC and multiple A records');
+  
+  // When queried with DNSSEC enabled, all 3 A records will be signed together
+  // as a single RRset with one RRSIG record (not 3 separate RRSIGs)
+}
+
+// Example: Multiple TXT records for various purposes
+async function exampleMultipleTxtRecords() {
+  const dnsServer = new smartdns.DnsServer({
+    httpsKey: 'your-https-key',
+    httpsCert: 'your-https-cert',
+    httpsPort: 8443,
+    udpPort: 8053,
+    dnssecZone: 'example.com',
+  });
+
+  // SPF record
+  dnsServer.registerHandler('example.com', ['TXT'], (question) => {
+    return {
+      name: question.name,
+      type: 'TXT',
+      class: 'IN',
+      ttl: 3600,
+      data: ['v=spf1 include:_spf.google.com ~all'],
+    };
+  });
+
+  // DKIM record
+  dnsServer.registerHandler('example.com', ['TXT'], (question) => {
+    return {
+      name: question.name,
+      type: 'TXT',
+      class: 'IN',
+      ttl: 3600,
+      data: ['v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4...'],
+    };
+  });
+
+  // Domain verification
+  dnsServer.registerHandler('example.com', ['TXT'], (question) => {
+    return {
+      name: question.name,
+      type: 'TXT',
+      class: 'IN',
+      ttl: 3600,
+      data: ['google-site-verification=1234567890abcdef'],
+    };
+  });
+
+  await dnsServer.start();
+  console.log('DNS server started with multiple TXT records');
+  
+  // All TXT records will be returned when queried
+}
+
+// Export examples for reference
+export { exampleCustomNameserver, exampleDnssecMultipleRecords, exampleMultipleTxtRecords };