From ecf00ec9f478986f2cad3c9b0eeaa8b6004c89ad Mon Sep 17 00:00:00 2001 From: "dreadnode-renovate-bot[bot]" <184170622+dreadnode-renovate-bot[bot]@users.noreply.github.com> Date: Sun, 17 May 2026 00:31:26 +0000 Subject: [PATCH 1/2] chore(deps): update rust crate hickory-resolver to 0.26 | datasource | package | from | to | | ---------- | ---------------- | ------ | ------ | | crate | hickory-resolver | 0.24.4 | 0.26.1 | --- Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Cargo.toml b/Cargo.toml index a94a921c..84e18709 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -21,7 +21,7 @@ serde_yaml = "0.9" regex = "1" sqlx = { version = "0.8", features = ["runtime-tokio", "postgres", "chrono", "json", "uuid"] } tera = "1" -hickory-resolver = { version = "0.24", default-features = false, features = ["tokio-runtime", "system-config"] } +hickory-resolver = { version = "0.26", default-features = false, features = ["tokio-runtime", "system-config"] } # OpenTelemetry opentelemetry = "0.31" From a817b32c2f8e28a87d9495af79a2ee8b7f805f94 Mon Sep 17 00:00:00 2001 From: Jayson Grace Date: Sun, 17 May 2026 09:25:57 -0600 Subject: [PATCH 2/2] refactor: update DNS resolver usage and dependencies for hickory 0.26 **Changed:** - Switched DNS resolver implementation from `TokioAsyncResolver` to `TokioResolver` in the domain probe logic to match hickory-resolver 0.26 API updates - Updated error handling to use new error types (`DnsError`, `NetError`) and methods consistent with hickory 0.26 - Adjusted code to build the resolver with the new builder pattern and runtime provider - Modified feature flags in Cargo.toml for hickory-resolver to use `tokio` instead of `tokio-runtime` in accordance with upstream changes - Updated Cargo.lock to: - Remove deprecated/unused dependencies (enum-as-inner, lru-cache, linked-hash-map) - Add new transitive dependencies (moka, crossbeam-channel, prefix-trie, etc.) - Consolidate and update hickory-resolver, hickory-proto, and hickory-net to 0.26.x - Standardize on `thiserror` 2.x and remove explicit version qualifiers from dependencies - Add new system-configuration dependencies required by hickory-resolver **Removed:** - Removed legacy resolver construction patterns and error kinds no longer present in hickory 0.26 from the DNS SRV probe implementation - Eliminated references to now-removed dependency versions in Cargo.lock (e.g., "thiserror 1.0.69") to align with the updated dependency graph --- Cargo.lock | 223 ++++++++++++------ Cargo.toml | 2 +- .../state/domain_probe/dns_srv.rs | 35 +-- 3 files changed, 168 insertions(+), 92 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 50f4b9d3..d82c5b15 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -131,7 +131,7 @@ dependencies = [ "serde_yaml", "sqlx", "tempfile", - "thiserror 2.0.18", + "thiserror", "tokio", "tracing", "tracing-subscriber", @@ -163,7 +163,7 @@ dependencies = [ "sqlx", "tempfile", "tera", - "thiserror 2.0.18", + "thiserror", "tokio", "tracing", "tracing-opentelemetry", @@ -185,7 +185,7 @@ dependencies = [ "serde_json", "tempfile", "tera", - "thiserror 2.0.18", + "thiserror", "tokio", "tracing", "tracing-subscriber", @@ -250,7 +250,7 @@ dependencies = [ "serde_json", "serde_nanos", "serde_repr", - "thiserror 2.0.18", + "thiserror", "time", "tokio", "tokio-rustls", @@ -556,6 +556,16 @@ version = "0.10.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a6ef517f0926dd24a1582492c791b6a4818a4d94e789a334894aa15b0d12f55c" +[[package]] +name = "core-foundation" +version = "0.9.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "91e195e091a93c46f7102ec7818a2aa394e1e1771c3ab4825963fa03e45afb8f" +dependencies = [ + "core-foundation-sys", + "libc", +] + [[package]] name = "core-foundation" version = "0.10.1" @@ -605,6 +615,21 @@ version = "2.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "217698eaf96b4a3f0bc4f3662aaa55bdf913cd54d7204591faa790070c6d0853" +[[package]] +name = "critical-section" +version = "1.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "790eea4361631c5e7d22598ecd5723ff611904e3344ce8720784c93e3d83d40b" + +[[package]] +name = "crossbeam-channel" +version = "0.5.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "82b8f8f868b36967f9606790d1903570de9ceaf870a7bf9fbbd3016d636a2cb2" +dependencies = [ + "crossbeam-utils", +] + [[package]] name = "crossbeam-deque" version = "0.8.6" @@ -860,18 +885,6 @@ dependencies = [ "serde", ] -[[package]] -name = "enum-as-inner" -version = "0.6.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a1e6a265c649f3f5979b601d26f1d05ada116434c87741c9493cb56218f76cbc" -dependencies = [ - "heck", - "proc-macro2", - "quote", - "syn", -] - [[package]] name = "equivalent" version = "1.0.2" @@ -1232,46 +1245,71 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70" [[package]] -name = "hickory-proto" -version = "0.24.4" +name = "hickory-net" +version = "0.26.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "92652067c9ce6f66ce53cc38d1169daa36e6e7eb7dd3b63b5103bd9d97117248" +checksum = "e2295ed2f9c31e471e1428a8f88a3f0e1f4b27c15049592138d1eebe9c35b183" dependencies = [ "async-trait", "cfg-if", "data-encoding", - "enum-as-inner", "futures-channel", "futures-io", "futures-util", + "hickory-proto", "idna", "ipnet", - "once_cell", - "rand 0.8.6", - "thiserror 1.0.69", + "jni", + "rand 0.10.1", + "thiserror", "tinyvec", "tokio", "tracing", "url", ] +[[package]] +name = "hickory-proto" +version = "0.26.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0bab31817bfb44672a252e97fe81cd0c18d1b2cf892108922f6818820df8c643" +dependencies = [ + "data-encoding", + "idna", + "ipnet", + "jni", + "once_cell", + "prefix-trie", + "rand 0.10.1", + "ring", + "thiserror", + "tinyvec", + "tracing", + "url", +] + [[package]] name = "hickory-resolver" -version = "0.24.4" +version = "0.26.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cbb117a1ca520e111743ab2f6688eddee69db4e0ea242545a604dce8a66fd22e" +checksum = "f0d58d28879ceecde6607729660c2667a081ccdc082e082675042793960f178c" dependencies = [ "cfg-if", "futures-util", + "hickory-net", "hickory-proto", "ipconfig", - "lru-cache", + "ipnet", + "jni", + "moka", + "ndk-context", "once_cell", "parking_lot", - "rand 0.8.6", + "rand 0.10.1", "resolv-conf", "smallvec", - "thiserror 1.0.69", + "system-configuration", + "thiserror", "tokio", "tracing", ] @@ -1618,6 +1656,9 @@ name = "ipnet" version = "2.12.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d98f6fed1fde3f8c21bc40a1abb88dd75e67924f9cffc3ef95607bad8017f8e2" +dependencies = [ + "serde", +] [[package]] name = "is_terminal_polyfill" @@ -1652,7 +1693,7 @@ dependencies = [ "jni-sys", "log", "simd_cesu8", - "thiserror 2.0.18", + "thiserror", "walkdir", "windows-link", ] @@ -1760,12 +1801,6 @@ dependencies = [ "vcpkg", ] -[[package]] -name = "linked-hash-map" -version = "0.5.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0717cef1bc8b636c6e1c1bbdefc09e6322da8a9321966e8928ef80d20f7f770f" - [[package]] name = "linux-raw-sys" version = "0.12.1" @@ -1804,15 +1839,6 @@ version = "0.4.29" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5e5032e24019045c762d3c0f28f5b6b8bbf38563a65908389bf7978758920897" -[[package]] -name = "lru-cache" -version = "0.1.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "31e24f1ad8321ca0e8a1e0ac13f23cb668e6f5466c2c57319f6a5cf1cc8e3b1c" -dependencies = [ - "linked-hash-map", -] - [[package]] name = "lru-slab" version = "0.1.2" @@ -1865,6 +1891,29 @@ dependencies = [ "windows-sys 0.61.2", ] +[[package]] +name = "moka" +version = "0.12.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "957228ad12042ee839f93c8f257b62b4c0ab5eaae1d4fa60de53b27c9d7c5046" +dependencies = [ + "crossbeam-channel", + "crossbeam-epoch", + "crossbeam-utils", + "equivalent", + "parking_lot", + "portable-atomic", + "smallvec", + "tagptr", + "uuid", +] + +[[package]] +name = "ndk-context" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "27b02d87554356db9e9a873add8782d4ea6e3e58ea071a9adb9a2e8ddb884a8b" + [[package]] name = "neli" version = "0.7.4" @@ -1994,6 +2043,10 @@ name = "once_cell" version = "1.21.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9f7c3e4beb33f85d45ae3e3a1792185706c8e16d043238c593331cc7cd313b50" +dependencies = [ + "critical-section", + "portable-atomic", +] [[package]] name = "once_cell_polyfill" @@ -2017,7 +2070,7 @@ dependencies = [ "futures-sink", "js-sys", "pin-project-lite", - "thiserror 2.0.18", + "thiserror", "tracing", ] @@ -2047,7 +2100,7 @@ dependencies = [ "opentelemetry_sdk", "prost", "reqwest 0.12.28", - "thiserror 2.0.18", + "thiserror", "tokio", "tonic", "tracing", @@ -2078,7 +2131,7 @@ dependencies = [ "opentelemetry", "percent-encoding", "rand 0.9.4", - "thiserror 2.0.18", + "thiserror", ] [[package]] @@ -2304,6 +2357,17 @@ dependencies = [ "zerocopy", ] +[[package]] +name = "prefix-trie" +version = "0.8.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4cf6e3177f0684016a5c209b00882e15f8bdd3f3bb48f0491df10cd102d0c6e7" +dependencies = [ + "either", + "ipnet", + "num-traits", +] + [[package]] name = "prettyplease" version = "0.2.37" @@ -2391,7 +2455,7 @@ dependencies = [ "rustc-hash", "rustls", "socket2", - "thiserror 2.0.18", + "thiserror", "tokio", "tracing", "web-time", @@ -2413,7 +2477,7 @@ dependencies = [ "rustls", "rustls-pki-types", "slab", - "thiserror 2.0.18", + "thiserror", "tinyvec", "tracing", "web-time", @@ -2829,7 +2893,7 @@ version = "0.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "26d1e2536ce4f35f4846aa13bff16bd0ff40157cdb14cc056c7b14ba41233ba0" dependencies = [ - "core-foundation", + "core-foundation 0.10.1", "core-foundation-sys", "jni", "log", @@ -2905,7 +2969,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b7f4bc775c73d9a02cde8bf7b2ec4c9d12743edf609006c7facc23998404cd1d" dependencies = [ "bitflags", - "core-foundation", + "core-foundation 0.10.1", "core-foundation-sys", "libc", "security-framework-sys", @@ -3218,7 +3282,7 @@ dependencies = [ "serde_json", "sha2 0.10.9", "smallvec", - "thiserror 2.0.18", + "thiserror", "tokio", "tokio-stream", "tracing", @@ -3302,7 +3366,7 @@ dependencies = [ "smallvec", "sqlx-core", "stringprep", - "thiserror 2.0.18", + "thiserror", "tracing", "uuid", "whoami", @@ -3341,7 +3405,7 @@ dependencies = [ "smallvec", "sqlx-core", "stringprep", - "thiserror 2.0.18", + "thiserror", "tracing", "uuid", "whoami", @@ -3367,7 +3431,7 @@ dependencies = [ "serde", "serde_urlencoded", "sqlx-core", - "thiserror 2.0.18", + "thiserror", "tracing", "url", "uuid", @@ -3433,6 +3497,33 @@ dependencies = [ "syn", ] +[[package]] +name = "system-configuration" +version = "0.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a13f3d0daba03132c0aa9767f98351b3488edc2c100cda2d2ec2b04f3d8d3c8b" +dependencies = [ + "bitflags", + "core-foundation 0.9.4", + "system-configuration-sys", +] + +[[package]] +name = "system-configuration-sys" +version = "0.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8e1d1b10ced5ca923a1fcb8d03e96b8d3268065d724548c0211415ff6ac6bac4" +dependencies = [ + "core-foundation-sys", + "libc", +] + +[[package]] +name = "tagptr" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7b2093cf4c8eb1e67749a6762251bc9cd836b6fc171623bd0a9d324d37af2417" + [[package]] name = "tempfile" version = "3.27.0" @@ -3468,33 +3559,13 @@ dependencies = [ "unicode-segmentation", ] -[[package]] -name = "thiserror" -version = "1.0.69" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b6aaf5339b578ea85b50e080feb250a3e8ae8cfcdff9a461c9ec2904bc923f52" -dependencies = [ - "thiserror-impl 1.0.69", -] - [[package]] name = "thiserror" version = "2.0.18" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4288b5bcbc7920c07a1149a35cf9590a2aa808e0bc1eafaade0b80947865fbc4" dependencies = [ - "thiserror-impl 2.0.18", -] - -[[package]] -name = "thiserror-impl" -version = "1.0.69" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4fee6c4efc90059e10f81e6d42c60a18f76588c3d74cb83a0b242a2b6c7504c1" -dependencies = [ - "proc-macro2", - "quote", - "syn", + "thiserror-impl", ] [[package]] diff --git a/Cargo.toml b/Cargo.toml index 84e18709..ead221c8 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -21,7 +21,7 @@ serde_yaml = "0.9" regex = "1" sqlx = { version = "0.8", features = ["runtime-tokio", "postgres", "chrono", "json", "uuid"] } tera = "1" -hickory-resolver = { version = "0.26", default-features = false, features = ["tokio-runtime", "system-config"] } +hickory-resolver = { version = "0.26", default-features = false, features = ["tokio", "system-config"] } # OpenTelemetry opentelemetry = "0.31" diff --git a/ares-cli/src/orchestrator/state/domain_probe/dns_srv.rs b/ares-cli/src/orchestrator/state/domain_probe/dns_srv.rs index 15827b89..0b8086c1 100644 --- a/ares-cli/src/orchestrator/state/domain_probe/dns_srv.rs +++ b/ares-cli/src/orchestrator/state/domain_probe/dns_srv.rs @@ -6,7 +6,7 @@ //! AD domain?" probe. //! //! Resolver behavior: -//! - We construct a `TokioAsyncResolver` from the system resolv.conf so we +//! - We construct a `TokioResolver` from the system resolv.conf so we //! pick up whatever recursive resolver the operator has configured (often //! the same DNS server an attacker would query during real-world recon). //! - NXDOMAIN / NoRecordsFound → `Rejected` (the suffix is definitely not AD). @@ -14,15 +14,16 @@ //! - I/O / timeout / refused → `Indeterminate` (we'll retry next tick). use async_trait::async_trait; -use hickory_resolver::config::{ResolverConfig, ResolverOpts}; -use hickory_resolver::error::ResolveErrorKind; -use hickory_resolver::TokioAsyncResolver; +use hickory_resolver::config::ResolverConfig; +use hickory_resolver::net::runtime::TokioRuntimeProvider; +use hickory_resolver::net::{DnsError, NetError}; +use hickory_resolver::TokioResolver; use super::{DomainProber, ProbeOutcome}; -/// Real DNS prober. Wraps a hickory `TokioAsyncResolver`. +/// Real DNS prober. Wraps a hickory `TokioResolver`. pub struct DnsSrvProber { - resolver: TokioAsyncResolver, + resolver: TokioResolver, } impl DnsSrvProber { @@ -31,13 +32,17 @@ impl DnsSrvProber { /// — we still need *something* to query in container environments where /// /etc/resolv.conf may be missing. pub fn from_system() -> Self { - let resolver = match TokioAsyncResolver::tokio_from_system_conf() { - Ok(r) => r, - Err(e) => { + let resolver = TokioResolver::builder_tokio() + .and_then(|b| b.build()) + .unwrap_or_else(|e| { tracing::warn!(err = %e, "DNS SRV prober: system resolver unreadable, falling back to defaults"); - TokioAsyncResolver::tokio(ResolverConfig::default(), ResolverOpts::default()) - } - }; + TokioResolver::builder_with_config( + ResolverConfig::default(), + TokioRuntimeProvider::default(), + ) + .build() + .expect("default ResolverConfig should always build") + }); Self { resolver } } } @@ -48,14 +53,14 @@ impl DomainProber for DnsSrvProber { let query = format!("_ldap._tcp.dc._msdcs.{}.", fqdn.trim_end_matches('.')); match self.resolver.srv_lookup(&query).await { Ok(answer) => { - if answer.iter().next().is_some() { + if !answer.answers().is_empty() { ProbeOutcome::Confirmed } else { ProbeOutcome::Rejected("no SRV records") } } - Err(e) => match e.kind() { - ResolveErrorKind::NoRecordsFound { .. } => { + Err(e) => match &e { + NetError::Dns(DnsError::NoRecordsFound(_)) => { ProbeOutcome::Rejected("NXDOMAIN / no _ldap._tcp.dc._msdcs SRV") } _ => {