LLT-7052: DNS packet codec by tomasz-grz · Pull Request #1688 · NordSecurity/libtelio

tomasz-grz · 2026-02-20T09:17:21Z

Problem

We want to get rid of all hickory_server dependencies, because it set's up a full blown DNS server, we maintain our own (outdated) fork of, and it was source of a lot of bugs.

As a first step we need to decide if DNS requests are related to .nord zone.
If they are, they should handled by our local resolver, and we need to serve the response packet back.
If not, the request is forwarded and resolved by the upstream nameservers.

Solution

This module incorporates:

a lightweight decoder, that converts DNS request bytes into a DnsPacket<'_> struct, and exposes a helper functions like parse_dns_packet(), find_nord_query() and normalize_qname() to simplify with the correct request handling.
A packet builder specific for the local resolver use case, that converts a ResponseKind enum into appropriate DNS response bytes.

☑️ Definition of Done checklist

Commit history is clean (requirements)
README.md is updated
Functionality is covered by unit or integration tests

stalowyjez

I have mixed feeling for this PR, reducing dependencies is always nice, but it feels a bit like reinventing the wheel. We also have some code in libfirewall which does some DNS parsing, maybe we should create some public DNS helper crate for pnet which would address our needs?

stalowyjez

Looks good enough, +1

tomaszklak · 2026-03-16T10:49:28Z

I have mixed feeling for this PR, reducing dependencies is always nice, but it feels a bit like reinventing the wheel.

I have the same feeling, and I'm also missing explanation why we want to "get rid of all hickory_server dependencies."

tomaszklak · 2026-03-16T11:00:51Z

If they are, they should handled by our local resolver, and we need to serve the response packet back.

And what if they are not?

tomaszklak · 2026-03-17T09:53:26Z

Please, remember to cleanup (squash?) commits.

tomaszklak · 2026-03-17T15:07:03Z

+1

Jauler · 2026-03-18T08:44:47Z

Next time: It would be really nice to include ticket number in the branch name 🙏 🙏 🙏

Jauler

+1.0

mathiaspeters

+1

This module incorporates: - a lightweight decoder, that converts DNS request bytes into a `DnsPacket<'_>`, and exposes a helper functions like `parse_dns_query_packet()`, `find_nord_query()` and `normalize_qname()` to simplify with the correct request handling. - A packet builder specific for the local resolver use case, that converts a `ResponseKind` enum into appropriate DNS response bytes.

tomasz-grz self-assigned this Feb 20, 2026

tomasz-grz changed the title ~~DNS packet codec~~ LLT-7052: DNS packet codec Feb 20, 2026

tomasz-grz force-pushed the packet_codec branch from 8bc69ea to 50ec209 Compare February 23, 2026 12:03

tomasz-grz temporarily deployed to Internal February 23, 2026 12:04 — with GitHub Actions Inactive

tomasz-grz force-pushed the packet_codec branch from 50ec209 to b87a3d4 Compare February 23, 2026 12:26

tomasz-grz temporarily deployed to Internal February 23, 2026 12:26 — with GitHub Actions Inactive

tomasz-grz force-pushed the packet_codec branch from b87a3d4 to 9bbe892 Compare February 23, 2026 12:50

tomasz-grz temporarily deployed to Internal February 23, 2026 12:51 — with GitHub Actions Inactive

tomasz-grz commented Feb 24, 2026

View reviewed changes

Comment thread crates/telio-dns/src/packet_encoder.rs Outdated

tomasz-grz force-pushed the packet_codec branch from 9bbe892 to 87a56cb Compare February 24, 2026 12:01

tomasz-grz temporarily deployed to Internal February 24, 2026 12:01 — with GitHub Actions Inactive

tomasz-grz marked this pull request as ready for review February 24, 2026 12:01

tomasz-grz requested a review from a team as a code owner February 24, 2026 12:01

tomasz-grz force-pushed the packet_codec branch from 87a56cb to 1f03629 Compare February 24, 2026 13:42

tomasz-grz temporarily deployed to Internal February 24, 2026 13:42 — with GitHub Actions Inactive

stalowyjez reviewed Feb 26, 2026

View reviewed changes

tomasz-grz temporarily deployed to Internal February 27, 2026 12:48 — with GitHub Actions Inactive

stalowyjez reviewed Feb 27, 2026

View reviewed changes

Comment thread crates/telio-dns/src/packet_decoder.rs Outdated

Comment thread crates/telio-dns/src/packet_encoder.rs Outdated

Comment thread crates/telio-dns/src/packet_encoder.rs

tomasz-grz temporarily deployed to Internal March 2, 2026 11:44 — with GitHub Actions Inactive

tomasz-grz temporarily deployed to Internal March 2, 2026 11:57 — with GitHub Actions Inactive

tomasz-grz temporarily deployed to Internal March 2, 2026 12:23 — with GitHub Actions Inactive

tomasz-grz temporarily deployed to Internal March 2, 2026 14:50 — with GitHub Actions Inactive

stalowyjez reviewed Mar 3, 2026

View reviewed changes

Comment thread crates/telio-dns/src/packet_decoder.rs Outdated

Comment thread crates/telio-dns/src/packet_encoder.rs Outdated

Comment thread crates/telio-dns/src/packet_encoder.rs Outdated

tomasz-grz temporarily deployed to Internal March 3, 2026 15:57 — with GitHub Actions Inactive

tomasz-grz temporarily deployed to Internal March 4, 2026 13:24 — with GitHub Actions Inactive

tomasz-grz temporarily deployed to Internal March 4, 2026 13:44 — with GitHub Actions Inactive

tomasz-grz force-pushed the packet_codec branch from d457050 to d2f23c2 Compare March 6, 2026 11:24

tomasz-grz temporarily deployed to Internal March 6, 2026 11:25 — with GitHub Actions Inactive

tomaszklak reviewed Mar 17, 2026

View reviewed changes

Comment thread crates/telio-dns/src/packet_encoder.rs Outdated

Comment thread crates/telio-dns/src/packet_encoder.rs Outdated

tomasz-grz force-pushed the packet_codec branch from 408a415 to 327fb7f Compare March 17, 2026 14:47

tomasz-grz temporarily deployed to Internal March 17, 2026 14:47 — with GitHub Actions Inactive

tomasz-grz force-pushed the packet_codec branch from 327fb7f to 8c89718 Compare March 17, 2026 15:09

tomasz-grz temporarily deployed to Internal March 17, 2026 15:09 — with GitHub Actions Inactive