The Story
DNS is as critical as Internet infrastructure gets. DNS translates domain names into IP addresses, so just about every client and server depends on making frequent DNS lookups. DNS implementations need to be secure.
While there are many DNS implementations out there, including some memory safe ones, there are no open source, high performance, memory safe, fully recursive DNS resolvers. Until that exists, many DNS operators will continue to deploy DNS software written in languages that are not memory safe, putting critical Internet infrastructure at risk.
ISRG's Let's Encrypt certificate authority would be amongst the first to deploy it. Making many recursive requests per second, Let’s Encrypt can help prove Trust-DNS’s performance at scale. Meanwhile, Trust-DNS will harden a critical part of the Let’s Encrypt infrastructure stack thanks to its use of a memory safe language.
What's Next
Trust-DNS is one of the most promising memory safe resolver projects out there. It’s an open-source project started in 2015 by Benjamin Fry as an exploration of a memory safe DNS implementation in the Rust programming language. Trust-DNS has become a useful piece of software in production environments for stub resolution, simple authority use cases, and cache warming for DNS providers.
We will be investing in it per our work plan.