fix(p2p/dns): greatly simplify DNS TXT lookup

[sdbondi]

Description

• simplify DNS txt lookup code by using hickory resolver
• upgrade hickory to 0.25.0-alpha.4 (from alpha.2)
• update tari pulse implementation

Motivation and Context

Hickory-client includes many breaking changes with practically every update (0.25.0-alpha.2 -> 4 is no exception), and this is a burden to maintain.
The hickory-resolver is a higher-level crate that abstracts away (hopefully most) breaking changes.

The main reason for this PR is that I am updating the feature-dan2 branch to latest development, this led to the need to update our libp2p fork both to update tari-crypto and because libp2p also uses hickory and their version conflicts with the base layer version 0.25.0-alpha.2 . I have updated to 0.25.0-alpha.4 (what libp2p currently uses) instead of 0.25.1 for this reason. Future hickory upgrades should be simple to implement.

How Has This Been Tested?

Peer seed unit test that queries real DNS

What process can a PR reviewer use to test or verify this change?

Autoupdate, peer seeds and tari pulse should work as before

Breaking Changes

• None
• Requires data directory on base node to be deleted
• Requires hard fork
• Other - Please specify

Summary by CodeRabbit

Summary by CodeRabbit

• Chores
  • Removed deprecated dependencies and updated versions of key components to improve system stability.
• Refactor
  • Simplified DNS connectivity and resolution processes for a more efficient networking experience.
  • Enhanced clarity and maintainability of the DNS client code by transitioning to a struct-based design.
• Tests
  • Consolidated testing efforts by removing outdated test code, focusing verification on essential functionality, resulting in reduced test coverage for certain features.

Overall, these improvements enhance performance and reliability while reducing complexity.

[coderabbitai]

Walkthrough

The pull request removes the obsolete dependency hickory-client from both core and P2P modules and updates the hickory-proto and hickory-resolver versions to 0.25.0-alpha.4. Two RSA files containing base64-encoded configuration and a public key have been deleted. The DNS handling code is refactored in the Tari pulse service and P2P DNS modules by simplifying types and method signatures, eliminating the trust anchor parameter, and consolidating enum-based clients into a unified struct. Several test and mock modules have also been removed.

Changes

File(s)	Change Summary
base_layer/core/Cargo.toml base_layer/p2p/Cargo.toml	Removed hickory-client dependency; updated hickory-proto and hickory-resolver to 0.25.0-alpha.4 with revised features for resolver.
base_layer/core/.../tari_pulse_service/20326.rsa base_layer/core/.../tari_pulse_service/38696.rsa	Deleted RSA files: one containing base64-encoded binary data and one with a public key.
base_layer/core/.../tari_pulse_service/mod.rs	Changed DNS name handling: updated get_network_dns_name return type to &'static str and revised DNS client usage by removing extraneous abstraction.
base_layer/p2p/.../auto_update/dns.rs	Removed default_trust_anchor() parameter from connect_secure method call and pruned several related tests.
base_layer/p2p/.../dns/client.rs .../dns/error.rs .../dns/mod.rs .../dns/roots/mod.rs	Refactored DNS client: replaced enum with a struct; removed trust anchor parameters; updated error variants; deleted mock implementations and exports related to trust anchors.
base_layer/p2p/src/lib.rs base_layer/p2p/src/peer_seeds.rs	Made the dns module public and removed unused constants and test functions from peer seeds.
.license.ignore	Removed paths for 20326.rsa and 38696.rsa from the ignore list.
supply-chain/config.toml	Updated exemption entries: removed some, added new ones, and updated versions for hickory-proto and hickory-resolver.

Sequence Diagram(s)

sequenceDiagram
    participant App as Application
    participant DNS as DnsClient
    participant Resolver as TokioResolver

    App->>DNS: connect_secure(name_server)
    DNS->>Resolver: connect_dnssec(name_server)
    Resolver-->>DNS: Connection established
    DNS->>Resolver: lookup_txt(name)
    Resolver-->>DNS: TXT record response
    DNS-->>App: Return DNS response

Loading

sequenceDiagram
    participant Pulse as TariPulseService
    participant DnsCli as DnsClient

    Pulse->>DnsCli: get_dns_client()
    DnsCli->>DnsCli: query_txt(name)
    DnsCli-->>Pulse: Return TXT result

Loading

Suggested reviewers

• SWvheerden

Poem

In the code fields I hop with glee,
Old dependencies gone, now clean and free,
RSA files hopped away like leaves in the breeze,
DNS flows streamlined with elegant ease,
Upgraded features make my heart tap dance—
A rabbit’s cheer for a refactored advance! 🐇
CodeRabbit leaps to celebrate the chance!

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 6e71b0d and cfd4eef.

⛔ Files ignored due to path filters (1)

• supply-chain/imports.lock is excluded by !**/*.lock

📒 Files selected for processing (1)

• supply-chain/config.toml (7 hunks)

⏰ Context from checks skipped due to timeout of 90000ms (6)

• GitHub Check: cargo check with stable
• GitHub Check: test (mainnet, stagenet)
• GitHub Check: Cucumber tests / Base Layer
• GitHub Check: test (nextnet, nextnet)
• GitHub Check: test (testnet, esmeralda)
• GitHub Check: ci

🔇 Additional comments (7)

supply-chain/config.toml (7)

827-829: New Exemption for generator Added

A new exemption for the generator dependency has been introduced with version "0.8.4" and marked as "safe-to-deploy". Please confirm that this version meets our internal security and compatibility guidelines.

---

919-921: Update for hickory-proto Version

The exemption for hickory-proto has been updated to version "0.25.0-alpha.4". This update is in line with the PR objectives to upgrade the dependency and standardize the versions across the project. Please verify its consistency with related modules.

---

923-925: Update for hickory-resolver Version

The exemption for hickory-resolver is now set to version "0.25.0-alpha.4". This change supports the simplification of the DNS TXT lookup code by relying on the higher-level hickory resolver. Ensure that all dependent components are compatible with this updated version.

---

1186-1189: Replacement of lru-cache with loom

An exemption for loom has been introduced with version "0.7.2", which replaces the previously removed lru-cache entry. Please confirm that this substitution is intentional and that loom fully addresses the intended functionality and security requirements.

---

1282-1285: New Exemption for moka Added

A new exemption for moka has been added with version "0.12.10", declared as "safe-to-deploy". Verify that this version is correct and aligns with other dependency revisions in the project.

---

2018-2021: New Exemption for tagptr Added

A new exemption for tagptr is introduced with version "0.2.0", marked as "safe-to-deploy". This addition supports broader dependency management updates. Please ensure that it complies with our deployment and security criteria.

---

2414-2437: Windows Exemptions Update

Multiple Windows-related exemptions have been updated/added:

• windows now has version "0.58.0".
• windows-core is updated to version "0.58.0".
• windows-implement is added with version "0.58.0".
• windows-interface is added with version "0.58.0".
• windows-result is added with version "0.2.0".
• windows-strings is added with version "0.1.0".

These modifications align with the updated dependency requirements and our overall strategy for consistent versioning across the Windows ecosystem. Please double-check that these versions work as expected within our Windows build framework.

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai plan to trigger planning for file edits and PR creation.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (4)

base_layer/p2p/Cargo.toml (1)

62-62: Update comment to reflect current version

The cargo-machete comment is outdated as it still references alpha.2 while the code now uses alpha.4.

-ignored = ["hickory-proto"] #fix hickory-proto version to same alpha.2
+ignored = ["hickory-proto"] #fix hickory-proto version to same alpha.4

base_layer/core/Cargo.toml (1)

132-132: Update comment to reflect current version

The cargo-machete comment is outdated as it still references alpha.2 while the code now uses alpha.4.

-ignored = ["hickory-proto"] #fix hickory-proto version to same alpha.2
+ignored = ["hickory-proto"] #fix hickory-proto version to same alpha.4

base_layer/core/src/base_node/tari_pulse_service/mod.rs (1)

180-189: Parsing DNS TXT records for checkpoints.

This uses split_once(':') and discards invalid entries silently. If you need more insights on malformed records, consider logging parse failures.

base_layer/p2p/src/dns/client.rs (1)

50-71: query_txt parsing may benefit from multi-chunk handling.

Currently, only the first length byte is stripped. DNS TXT records can contain multiple segments. If you anticipate multi-part TXT records, consider handling them accordingly.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between cef46a5 and 8107a07.

⛔ Files ignored due to path filters (1)

• Cargo.lock is excluded by !**/*.lock

📒 Files selected for processing (13)

• base_layer/core/Cargo.toml (1 hunks)
• base_layer/core/src/base_node/tari_pulse_service/20326.rsa (0 hunks)
• base_layer/core/src/base_node/tari_pulse_service/38696.rsa (0 hunks)
• base_layer/core/src/base_node/tari_pulse_service/mod.rs (4 hunks)
• base_layer/p2p/Cargo.toml (1 hunks)
• base_layer/p2p/src/auto_update/dns.rs (3 hunks)
• base_layer/p2p/src/dns/client.rs (2 hunks)
• base_layer/p2p/src/dns/error.rs (1 hunks)
• base_layer/p2p/src/dns/mock.rs (0 hunks)
• base_layer/p2p/src/dns/mod.rs (0 hunks)
• base_layer/p2p/src/dns/roots/mod.rs (0 hunks)
• base_layer/p2p/src/lib.rs (1 hunks)
• base_layer/p2p/src/peer_seeds.rs (2 hunks)

💤 Files with no reviewable changes (5)

• base_layer/core/src/base_node/tari_pulse_service/38696.rsa
• base_layer/p2p/src/dns/mod.rs
• base_layer/core/src/base_node/tari_pulse_service/20326.rsa
• base_layer/p2p/src/dns/roots/mod.rs
• base_layer/p2p/src/dns/mock.rs

🧰 Additional context used

🧬 Code Definitions (2)

base_layer/p2p/src/auto_update/dns.rs (3)

common/src/configuration/name_server.rs (2)

• dns (125-125)
• from_str (68-87)

base_layer/p2p/src/dns/client.rs (1)

• connect_secure (40-43)

base_layer/p2p/src/auto_update/mod.rs (2)

• version (171-173)
• hash (162-164)

base_layer/core/src/base_node/tari_pulse_service/mod.rs (5)

applications/minotari_node/src/config.rs (1)

• network (75-77)

applications/minotari_node/src/builder.rs (2)

• network (148-150)
• config (89-91)

base_layer/core/src/base_node/service/service.rs (1)

• new (108-128)

base_layer/p2p/src/dns/client.rs (2)

• connect (45-48)
• connect (104-123)

base_layer/p2p/src/auto_update/dns.rs (1)

• connect (47-56)

⏰ Context from checks skipped due to timeout of 90000ms (5)

• GitHub Check: test (nextnet, nextnet)
• GitHub Check: test (testnet, esmeralda)
• GitHub Check: cargo check with stable
• GitHub Check: Cucumber tests / FFI
• GitHub Check: Cucumber tests / Base Layer

🔇 Additional comments (19)

base_layer/p2p/src/lib.rs (1)

42-42: API visibility change is appropriate

Making the DNS module public aligns with the PR objective of simplifying DNS handling. This change allows the module to be accessed directly from outside the p2p crate, supporting better reusability of the DNS functionality.

base_layer/p2p/Cargo.toml (1)

42-43: Dependency upgrade and feature changes look good

The changes correctly implement the PR objective:

1. Upgrading hickory-resolver and hickory-proto to version 0.25.0-alpha.4
2. Switching from dns-over-rustls to more feature-rich options (tokio-runtime, dns-over-tls, dns-over-native-tls)
3. Removing the hickory-client dependency

This will provide better abstraction and reduce maintenance burden from frequent breaking changes.

base_layer/core/Cargo.toml (1)

99-99: Dependency update looks good

Correctly removed hickory-client dependency and upgraded hickory-proto to version 0.25.0-alpha.4, which aligns with the PR objective of simplifying DNS TXT lookup.

base_layer/p2p/src/dns/error.rs (2)

25-26: Import statement cleanup is appropriate

The simplified import statement aligns with the removal of hickory-client dependency and reflects the more streamlined approach to error handling.

---

29-30: Error handling simplification looks good

Properly removed the ClientError variant and updated the ProtoError variant to use the fully qualified path from hickory-proto. The error message has been simplified which maintains clarity while reducing verbosity.

base_layer/p2p/src/peer_seeds.rs (2)

41-41: Use of DnsClient import looks correct.

The new import aligns well with the secure connection calls below.

---

55-55: Verify security implications of removing custom trust anchors.

This call to DnsClient::connect_secure no longer takes a trust anchor parameter. Please confirm that default or system trust anchors meet your security requirements.

base_layer/p2p/src/auto_update/dns.rs (2)

36-36: New DnsClient import usage is consistent.

The added use crate::dns::DnsClient; import is properly referenced below.

---

50-50: Confirm removal of trust anchor from secure connection.

Previously, the secure connection also used a custom trust anchor. Now it strictly relies on system defaults. Ensure that this aligns with your overall security posture.

base_layer/core/src/base_node/tari_pulse_service/mod.rs (5)

23-37: Imports updated for new DNS approach.

All newly added imports (e.g., tari_common::DnsNameServer, tari_p2p::dns::DnsClient) and references to MissedTickBehavior integrate cleanly with the existing code.

---

55-62: Returning static DNS checkpoint domains.

Switching from inferred or dynamically constructed DNS names to fixed string literals simplifies maintenance. However, please confirm these domain strings are correct for each network.

---

67-67: dns_name is now a static string reference.

This choice is simpler than building up a String or similar structure at runtime. No issues found.

---

74-74: Minimal overhead in cloning config, but acceptable.

Cloning config only to access its network is minor. No immediate concerns.

---

83-86: Direct system DNS usage in get_dns_client.

Falling back to DnsNameServer::System is straightforward. Just confirm you don’t require DNSSEC or custom trust anchors here.

base_layer/p2p/src/dns/client.rs (5)

23-29: New hickory resolver imports.

Imports from hickory_proto and hickory_resolver reflect the updated library usage. No concerns.

---

35-37: Refactor to a single DnsClient struct.

Consolidating multiple variants into a single struct design clarifies usage across the codebase.

---

40-43: connect_secure no longer takes a trust anchor.

Confirm that relying on system or default trust anchors still meets your DNSSEC requirements.

---

77-101: Client connection logic consolidated.

Both connect_dnssec and connect are straightforward. The trust_negative_responses is set to false, which may be appropriate, though confirm negative response handling is desired.

---

127-129: New lookup_txt wrapper is clean.

This minimal wrapper over resolver.txt_lookup is consistent with the new design.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

base_layer/core/src/base_node/tari_pulse_service/mod.rs (1)

74-74: Replaced manual DNS name assignment with the get_network_dns_name helper.
This cleanly retrieves the DNS endpoint.

You can avoid cloning the entire config if only config.network is required:

-        let dns_name = get_network_dns_name(config.clone().network);
+        let dns_name = get_network_dns_name(config.network);

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 8107a07 and da7d544.

⛔ Files ignored due to path filters (1)

• Cargo.lock is excluded by !**/*.lock

📒 Files selected for processing (14)

• .license.ignore (0 hunks)
• base_layer/core/Cargo.toml (1 hunks)
• base_layer/core/src/base_node/tari_pulse_service/20326.rsa (0 hunks)
• base_layer/core/src/base_node/tari_pulse_service/38696.rsa (0 hunks)
• base_layer/core/src/base_node/tari_pulse_service/mod.rs (4 hunks)
• base_layer/p2p/Cargo.toml (1 hunks)
• base_layer/p2p/src/auto_update/dns.rs (3 hunks)
• base_layer/p2p/src/dns/client.rs (2 hunks)
• base_layer/p2p/src/dns/error.rs (1 hunks)
• base_layer/p2p/src/dns/mock.rs (0 hunks)
• base_layer/p2p/src/dns/mod.rs (0 hunks)
• base_layer/p2p/src/dns/roots/mod.rs (0 hunks)
• base_layer/p2p/src/lib.rs (1 hunks)
• base_layer/p2p/src/peer_seeds.rs (2 hunks)

💤 Files with no reviewable changes (6)

• base_layer/p2p/src/dns/mod.rs
• base_layer/core/src/base_node/tari_pulse_service/20326.rsa
• .license.ignore
• base_layer/core/src/base_node/tari_pulse_service/38696.rsa
• base_layer/p2p/src/dns/roots/mod.rs
• base_layer/p2p/src/dns/mock.rs

🚧 Files skipped from review as they are similar to previous changes (4)

• base_layer/core/Cargo.toml
• base_layer/p2p/src/lib.rs
• base_layer/p2p/src/dns/error.rs
• base_layer/p2p/Cargo.toml

🧰 Additional context used

🧬 Code Definitions (3)

base_layer/p2p/src/auto_update/dns.rs (4)

common/src/configuration/name_server.rs (2)

• dns (125-125)
• from_str (68-87)

base_layer/p2p/src/peer_seeds.rs (2)

• connect_secure (54-57)
• from_str (111-125)

base_layer/p2p/src/dns/client.rs (1)

• connect_secure (44-47)

base_layer/p2p/src/auto_update/mod.rs (2)

• version (171-173)
• hash (162-164)

base_layer/p2p/src/peer_seeds.rs (2)

common/src/configuration/name_server.rs (1)

• dns (125-125)

base_layer/p2p/src/dns/client.rs (1)

• connect_secure (44-47)

base_layer/core/src/base_node/tari_pulse_service/mod.rs (3)

base_layer/p2p/src/initialization.rs (1)

• future (514-536)

base_layer/p2p/src/dns/client.rs (2)

• connect (49-52)
• connect (108-127)

base_layer/p2p/src/auto_update/dns.rs (1)

• connect (47-56)

⏰ Context from checks skipped due to timeout of 90000ms (4)

• GitHub Check: test (testnet, esmeralda)
• GitHub Check: test (mainnet, stagenet)
• GitHub Check: ci
• GitHub Check: cargo check with stable

🔇 Additional comments (18)

base_layer/p2p/src/peer_seeds.rs (2)

41-41: Importing DnsClient directly from crate::dns is clean and consistent.
No issues here.

---

55-55: Removal of trust anchor parameter in connect_secure improves simplicity.
This change aligns with the updated DNS client API and reduces complexity.

base_layer/p2p/src/auto_update/dns.rs (2)

36-36: Importing DnsClient centralizes DNS functionality.
This is a straightforward import addition.

---

50-50: Simplifying connect_secure call by removing trust anchor parameter.
Matches the refactor in the DNS client and keeps code DRY.

base_layer/core/src/base_node/tari_pulse_service/mod.rs (5)

23-23: New imports for DNS and async utilities.
These additions (e.g., DnsNameServer, DnsClient, plus time-related imports) are correct and consistent with the rest of the module.

Also applies to: 28-29, 33-33

---

55-62: Refactoring get_network_dns_name to return a static string reference.
Returning &'static str instead of creating a dynamic Name object simplifies the code. Ensure you don’t need any dynamic DNS naming in the future.

---

67-67: Adopting a static string for dns_name.
Aligns with the revised function signature in get_network_dns_name.

---

83-84: Switching get_dns_client to return DnsClient.
This matches the new DNS client approach and removes unneeded trust anchor handling.

---

180-186: Streamlined TXT record retrieval using query_txt and split_once.
The approach is readable and concise, returning a collection of (height, hash) tuples. Consider additional checks if multiple colons are expected or if data could contain more than one delimiter.

base_layer/p2p/src/dns/client.rs (9)

23-33: Import changes align well with the PR objective

The updated imports show the transition from hickory-client to hickory-resolver and hickory-proto, which aligns with the PR's goal of simplifying DNS lookup by using a higher-level abstraction. The specific imports like TokioResolver and TxtLookup indicate a more targeted approach to DNS resolution.

---

38-41: Good simplification from enum to struct

Converting DnsClient from an enum with multiple variants to a simple struct with a single client field is a good architectural decision. This reduces complexity and eliminates the need for enum pattern matching throughout the codebase.

---

44-47: API simplification by removing trust_anchor parameter

Removing the trust_anchor parameter from connect_secure simplifies the API and reduces maintenance burden. This change aligns with the PR objective of reducing the impact of breaking changes in the underlying libraries.

---

54-56: Simplified query interface

The implementation now directly uses lookup_txt which provides a cleaner and more direct approach to TXT record lookups compared to the previous implementation.

---

80-83: Removed generic type parameter from Client struct

The removal of the generic type parameter from the Client struct simplifies the implementation. Using the concrete TokioResolver directly makes the code more straightforward and easier to understand.

---

86-106: Improved DNSSEC connection implementation

The new implementation of connect_dnssec handling both system and custom DNS configurations is well-structured and comprehensive. The code now:

1. Uses the system configuration when DnsNameServer::System is specified
2. Properly configures TLS for custom DNS servers
3. Handles error cases appropriately, such as missing DNS names for DNSSEC

This is a good improvement over the previous implementation.

---

108-127: Consistent implementation between connect methods

The connect method follows the same pattern as connect_dnssec, maintaining consistency in the codebase. The only difference is using Protocol::default() instead of Protocol::Tls, which is appropriate for non-secure connections.

---

130-135: Streamlined lookup implementation

The new lookup_txt method directly leverages the TokioResolver's built-in functionality, which simplifies the code significantly. This reduces the potential for bugs and makes future maintenance easier.

---

1-136:

Details

✅ Verification successful

Verify the functionality with existing consumers

The refactoring looks good overall. Since this is a significant API change, it would be beneficial to verify that all consumers of this API have been updated accordingly.

---

🏁 Script executed:

#!/bin/bash
# Find all places where the DnsClient is imported and used
echo "Searching for DnsClient usage in the codebase..."
rg -A 2 "use .*DnsClient" | grep -v "dns/client.rs"

echo "Searching for connect_secure calls that might still use trust_anchor..."
rg "connect_secure.*trust_anchor"

echo "Searching for places that might still use DnsClient as an enum..."
rg "DnsClient::(Secure|Normal|Mock)"

echo "Checking imports of Client struct..."
rg -A 2 "use .*Client" | grep -v "dns/client.rs"

Length of output: 75544

---

Action: Confirm Updated API Usage Across Consumers

I’ve verified that consumers of the DnsClient API now align with the refactored changes. Searches across the repository show that:

• Files such as base_layer/p2p/src/peer_seeds.rs, base_layer/p2p/src/auto_update/dns.rs, and base_layer/core/src/base_node/tari_pulse_service/mod.rs import and use DnsClient as expected.
• There are no remaining calls to connect_secure using trust_anchor.
• No legacy enum-like usage of DnsClient remains.

Based on these findings, the changes appear to be consistent with consumer expectations. However, please ensure that integration tests are run to validate runtime behavior.

[github-actions]

Test Results (CI)

    3 files    129 suites   47m 21s ⏱️
1 350 tests 1 350 ✅ 0 💤 0 ❌
4 048 runs  4 048 ✅ 0 💤 0 ❌

Results for commit cfd4eef.

♻️ This comment has been updated with latest results.

[github-actions]

Test Results (Integration tests)

36 tests   36 ✅  15m 51s ⏱️
11 suites   0 💤
 2 files     0 ❌

Results for commit cfd4eef.

♻️ This comment has been updated with latest results.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

base_layer/p2p/src/dns/client.rs (1)

109-129: Consider refactoring duplicated configuration code!

The implementation for standard DNS connection looks good. However, there's some duplication between this method and connect_dnssec in how the NameServerConfig is created.

Consider extracting the common configuration code to a private helper method to reduce duplication:

impl Client {
    pub async fn connect_dnssec(name_server: DnsNameServer) -> Result<Self, DnsClientError> {
        let resolver = match name_server {
            DnsNameServer::System => TokioResolver::from_system_conf(TokioConnectionProvider::default())?,
            DnsNameServer::Custom { addr, dns_name } => {
                let dns_name = dns_name.ok_or(DnsClientError::DnsNameRequiredForDnsSec)?;
-               let mut conf = ResolverConfig::new();
-               conf.add_name_server(NameServerConfig {
-                   socket_addr: addr,
-                   protocol: Protocol::Tls,
-                   tls_dns_name: Some(dns_name),
-                   http_endpoint: None,
-                   trust_negative_responses: false,
-                   bind_addr: None,
-                   tls_config: None,
-               });
-               let opts = ResolverOpts::default();
-               TokioResolver::tokio(conf, opts)
+               Self::create_resolver(addr, Some(dns_name), Protocol::Tls)
            },
        };

        Ok(Self { resolver })
    }

    pub async fn connect(name_server: DnsNameServer) -> Result<Self, DnsClientError> {
        let resolver = match name_server {
            DnsNameServer::System => TokioResolver::from_system_conf(TokioConnectionProvider::default())?,
            DnsNameServer::Custom { addr, dns_name } => {
-               let mut conf = ResolverConfig::new();
-               conf.add_name_server(NameServerConfig {
-                   socket_addr: addr,
-                   protocol: Protocol::default(),
-                   tls_dns_name: dns_name,
-                   http_endpoint: None,
-                   trust_negative_responses: false,
-                   bind_addr: None,
-                   tls_config: None,
-               });
-               let opts = ResolverOpts::default();
-               TokioResolver::tokio(conf, opts)
+               Self::create_resolver(addr, dns_name, Protocol::default())
            },
        };

        Ok(Self { resolver })
    }
    
+   fn create_resolver(
+       socket_addr: std::net::SocketAddr,
+       tls_dns_name: Option<String>,
+       protocol: Protocol
+   ) -> TokioResolver {
+       let mut conf = ResolverConfig::new();
+       conf.add_name_server(NameServerConfig {
+           socket_addr,
+           protocol,
+           tls_dns_name,
+           http_endpoint: None,
+           trust_negative_responses: false,
+           bind_addr: None,
+           tls_config: None,
+       });
+       let opts = ResolverOpts::default();
+       TokioResolver::tokio(conf, opts)
+   }
}

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between da7d544 and 428c88a.

⛔ Files ignored due to path filters (1)

• Cargo.lock is excluded by !**/*.lock

📒 Files selected for processing (14)

• .license.ignore (0 hunks)
• base_layer/core/Cargo.toml (1 hunks)
• base_layer/core/src/base_node/tari_pulse_service/20326.rsa (0 hunks)
• base_layer/core/src/base_node/tari_pulse_service/38696.rsa (0 hunks)
• base_layer/core/src/base_node/tari_pulse_service/mod.rs (4 hunks)
• base_layer/p2p/Cargo.toml (2 hunks)
• base_layer/p2p/src/auto_update/dns.rs (3 hunks)
• base_layer/p2p/src/dns/client.rs (2 hunks)
• base_layer/p2p/src/dns/error.rs (1 hunks)
• base_layer/p2p/src/dns/mock.rs (0 hunks)
• base_layer/p2p/src/dns/mod.rs (0 hunks)
• base_layer/p2p/src/dns/roots/mod.rs (0 hunks)
• base_layer/p2p/src/lib.rs (1 hunks)
• base_layer/p2p/src/peer_seeds.rs (2 hunks)

💤 Files with no reviewable changes (6)

• base_layer/core/src/base_node/tari_pulse_service/38696.rsa
• base_layer/core/src/base_node/tari_pulse_service/20326.rsa
• .license.ignore
• base_layer/p2p/src/dns/mod.rs
• base_layer/p2p/src/dns/roots/mod.rs
• base_layer/p2p/src/dns/mock.rs

🚧 Files skipped from review as they are similar to previous changes (3)

• base_layer/p2p/src/lib.rs
• base_layer/core/Cargo.toml
• base_layer/core/src/base_node/tari_pulse_service/mod.rs

🧰 Additional context used

🧬 Code Definitions (1)

base_layer/p2p/src/peer_seeds.rs (2)

common/src/configuration/name_server.rs (1)

• dns (125-125)

base_layer/p2p/src/dns/client.rs (1)

• connect_secure (44-47)

⏰ Context from checks skipped due to timeout of 90000ms (5)

• GitHub Check: test (nextnet, nextnet)
• GitHub Check: test (testnet, esmeralda)
• GitHub Check: test (mainnet, stagenet)
• GitHub Check: cargo check with stable
• GitHub Check: ci

🔇 Additional comments (17)

base_layer/p2p/src/dns/error.rs (2)

25-25: Updated resolver dependency reflects project simplification.

The import change from the previous resolver to hickory_resolver::ResolveError aligns with the PR objective to simplify DNS lookup by utilizing the hickory resolver.

---

29-30: Simplified error handling with updated hickory library.

The error message and type have been updated to reflect the change from using hickory-client to using hickory-proto directly. This is part of the simplification effort mentioned in the PR objectives.

base_layer/p2p/Cargo.toml (2)

36-38: Updated hickory dependencies as per PR objectives.

The dependency updates align perfectly with the PR objective to upgrade the hickory library to version 0.25.0-alpha.4. The addition of specific features for hickory-resolver (tokio-runtime, dns-over-tls, dns-over-rustls) supports the goal of simplifying DNS TXT lookup code.

---

57-57: Cleaned up cargo-machete metadata.

Removing hickory-proto from the ignored list in cargo-machete metadata is appropriate since the dependency is now correctly used in the codebase.

base_layer/p2p/src/peer_seeds.rs (2)

41-41: Simplified module imports.

Updated import to use the local DNS client implementation, which aligns with the overall code simplification objective.

---

54-56: Simplified DNS client connection API.

Removed the default_trust_anchor() parameter from the connect_secure method call, which streamlines the connection logic and aligns with the PR objective to simplify DNS TXT lookup using the hickory resolver.

base_layer/p2p/src/auto_update/dns.rs (2)

36-36: Simplified module imports.

Updated import to use the local DNS client implementation, consistent with changes in other files.

---

50-50: Simplified DNS client connection API.

Removed the default_trust_anchor() parameter from the connect_secure method call, maintaining consistency with similar changes in the peer_seeds.rs file.

base_layer/p2p/src/dns/client.rs (9)

23-33: Import updates look good!

The imports have been updated to properly reflect the transition from using hickory-client to hickory-resolver. This aligns with the PR objective of simplifying DNS TXT lookup by utilizing the hickory resolver directly.

---

38-41: Simplified design from enum to struct!

The change from an enum-based DnsClient with multiple variants to a simple struct with a Client field is a good architectural simplification. This design is cleaner, more maintainable, and aligns with the PR objective to simplify DNS lookups.

---

44-47: Improved API by removing unnecessary parameter!

Removing the trust_anchor parameter from connect_secure simplifies the API while maintaining functionality. The trust anchor handling is now likely handled internally by the hickory-resolver, which is a good abstraction.

---

49-52: Updated implementation is consistent with the new design!

The connect method has been properly updated to match the new struct-based design, maintaining consistent API while simplifying implementation.

---

54-56: Method now leverages the simplified client!

The query_txt method now properly delegates to the new lookup_txt method. This maintains the external API while benefiting from the internal simplification.

---

57-77: Processing logic preserved for compatibility!

The logic for processing TXT records is preserved, ensuring backward compatibility while working with the new underlying resolver. Good attention to detail in maintaining the same behavior.

---

80-83: Simplified Client struct by removing generic parameter!

The removal of the generic type parameter from the Client struct simplifies the implementation and likely makes it more straightforward to use. This is in line with the simplification goal.

---

86-107: Clear implementation of DNSSEC connection!

The connect_dnssec method now directly creates a TokioResolver based on the provided name_server, which simplifies the code. The handling of both system and custom DNS configurations is implemented clearly and effectively.

I see proper error handling for the case when a DNS name is missing for custom servers with DNSSEC.

---

132-137: Clean and direct implementation of TXT lookup!

The lookup_txt method provides a clear and direct way to query TXT records using the hickory resolver. This simpler implementation replaces the more complex manual query construction from the previous version.

[coderabbitai]

💡 Verification agent

❓ Verification inconclusive

Consider adding more test coverage for DNS client integration.

While the basic parsing test is maintained, it appears that several other test cases might have been removed. Consider adding tests for the new hickory-resolver integration to ensure the simplification doesn't introduce regressions.

---

🏁 Script executed:

#!/bin/bash
# Check if there were previously more tests in this file
git log -p -- base_layer/p2p/src/auto_update/dns.rs | grep -A 3 -B 3 "fn it_" | grep -v "it_parses_update_spec_string" | head -n 20

Length of output: 0

---

Action Required: Enhance Test Coverage for DNS Client Integration

After reviewing the git commit history for base_layer/p2p/src/auto_update/dns.rs, there’s no evidence of previously existing tests besides the maintained basic parsing test (it_parses_update_spec_string). It appears that tests covering the new hickory-resolver integration or other DNS client functionalities are missing. Please consider adding tests that verify:

• The correct integration and resolution behavior for hickory-resolver.
• Additional DNS client edge cases to catch potential regressions.

• File: base_layer/p2p/src/auto_update/dns.rs
• Current Test: it_parses_update_spec_string
• Suggestion: Add integration tests for hickory-resolver and expanded DNS client behaviors.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

base_layer/p2p/src/auto_update/dns.rs (1)

209-215: Basic test coverage is good—consider adding negative or edge-case tests.

This straightforward test validates parsing a single well-formed record. Adding tests for invalid parts, extra parts, or empty fields can help catch parsing errors early.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 9acfa77 and 223ea0b.

⛔ Files ignored due to path filters (1)

• Cargo.lock is excluded by !**/*.lock

📒 Files selected for processing (14)

• .license.ignore (0 hunks)
• base_layer/core/Cargo.toml (1 hunks)
• base_layer/core/src/base_node/tari_pulse_service/20326.rsa (0 hunks)
• base_layer/core/src/base_node/tari_pulse_service/38696.rsa (0 hunks)
• base_layer/core/src/base_node/tari_pulse_service/mod.rs (4 hunks)
• base_layer/p2p/Cargo.toml (2 hunks)
• base_layer/p2p/src/auto_update/dns.rs (3 hunks)
• base_layer/p2p/src/dns/client.rs (1 hunks)
• base_layer/p2p/src/dns/error.rs (1 hunks)
• base_layer/p2p/src/dns/mock.rs (0 hunks)
• base_layer/p2p/src/dns/mod.rs (0 hunks)
• base_layer/p2p/src/dns/roots/mod.rs (0 hunks)
• base_layer/p2p/src/lib.rs (1 hunks)
• base_layer/p2p/src/peer_seeds.rs (2 hunks)

💤 Files with no reviewable changes (6)

• base_layer/core/src/base_node/tari_pulse_service/20326.rsa
• .license.ignore
• base_layer/core/src/base_node/tari_pulse_service/38696.rsa
• base_layer/p2p/src/dns/mod.rs
• base_layer/p2p/src/dns/roots/mod.rs
• base_layer/p2p/src/dns/mock.rs

🚧 Files skipped from review as they are similar to previous changes (4)

• base_layer/p2p/src/dns/error.rs
• base_layer/p2p/src/lib.rs
• base_layer/p2p/src/peer_seeds.rs
• base_layer/core/src/base_node/tari_pulse_service/mod.rs

🧰 Additional context used

🧬 Code Definitions (2)

base_layer/p2p/src/auto_update/dns.rs (4)

common/src/configuration/name_server.rs (2)

• dns (125-125)
• from_str (68-87)

base_layer/p2p/src/peer_seeds.rs (2)

• connect_secure (54-57)
• from_str (111-125)

base_layer/p2p/src/dns/client.rs (1)

• connect_secure (46-53)

base_layer/p2p/src/auto_update/mod.rs (2)

• version (171-173)
• hash (162-164)

base_layer/p2p/src/dns/client.rs (4)

common/src/configuration/name_server.rs (1)

• DnsNameServer (128-128)

base_layer/p2p/src/peer_seeds.rs (3)

• connect_secure (54-57)
• connect (63-66)
• new (90-92)

base_layer/p2p/src/auto_update/mod.rs (1)

• default (80-91)

base_layer/p2p/src/auto_update/dns.rs (1)

• connect (47-56)

⏰ Context from checks skipped due to timeout of 90000ms (7)

• GitHub Check: test (testnet, esmeralda)
• GitHub Check: test (nextnet, nextnet)
• GitHub Check: test (mainnet, stagenet)
• GitHub Check: ci
• GitHub Check: cargo check with stable
• GitHub Check: Cucumber tests / FFI
• GitHub Check: Cucumber tests / Base Layer

🔇 Additional comments (13)

base_layer/core/Cargo.toml (1)

99-99: Dependency version alignment looks good.

Upgrading hickory-proto to =0.25.0-alpha.4 is consistent with the rest of the PR. No immediate issues found here.

base_layer/p2p/Cargo.toml (2)

37-38: Dependency updates are aligned with the resolver-based approach.

Switching to hickory-resolver = "=0.25.0-alpha.4" with TLS support and upgrading hickory-proto to the same version appears consistent with the removal of hickory-client. Ensure these features have been tested to confirm secure DNS lookups work as expected.

---

56-56: Removal of the cargo-machete ignore list is appropriate.

Clearing the ignore list for hickory-proto now that it’s updated makes sense, allowing consistent version handling within the workspace.

base_layer/p2p/src/auto_update/dns.rs (2)

36-36: New DNS client import is correct.

Importing DnsClient from the local crate aligns with the simplified resolver-based architecture.

---

50-50: Use of the new secure connection method.

The call to DnsClient::connect_secure(name_server) omits a trust anchor, matching the updated client API. Ensure no missed validations are required in your environment.

base_layer/p2p/src/dns/client.rs (8)

23-27: Introduction of hickory_proto imports is consistent.

These imports match the usage of IntoName, xfer::Protocol, and related features in the new resolver-based approach.

---

28-33: Resolver imports look correct.

Bringing in hickory_resolver and its config modules aligns with the new single client strategy.

---

38-38: Defined log target is clear.

Using a dedicated log target (tari::p2p::dns::client) aids in isolating DNS debug logs.

---

41-42: Unified struct-based client implementation is simpler and more maintainable.

Replacing the enum-based approach with a single DnsClient struct clarifies the DNS workflow.

---

46-52: Secure connect approach is streamlined.

Removing the trust anchor parameter reduces complexity. Verify any custom TLS requirements before provisioning in production.

---

55-61: Non-secure connect remains straightforward.

This method cleanly mirrors the secure connect approach without TLS overhead.

---

64-81: Centralized resolver creation.

create_resolver consolidates config for normal or TLS-based DNS usage. This promotes consistency and reduces duplication.

---

83-118: TXT query logic might need multi-chunk handling checks.

The code takes the first length byte as the claims for the entire record. Some DNS servers provide multiple segments per TXT record. Verify or document acceptance criteria for multi-chunk scenarios.

[hansieodendaal]

utACK

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

supply-chain/config.toml (1)

921-928: Verify Removal of hickory-client Exemption
As described in the PR objectives and AI summary, the obsolete hickory-client exemption has been removed from the configuration. Although no block for [[exemptions.hickory-client]] appears in the current file, please confirm that this removal does not affect any tools or dependencies still expecting it.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b6565df and 6e71b0d.

📒 Files selected for processing (1)

• supply-chain/config.toml (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms (4)

• GitHub Check: test (nextnet, nextnet)
• GitHub Check: test (testnet, esmeralda)
• GitHub Check: ci
• GitHub Check: cargo check with stable

🔇 Additional comments (2)

supply-chain/config.toml (2)

929-932: Update hickory-proto Version
The exemption for hickory-proto has been updated to version 0.25.0-alpha.4, which is in line with the PR objectives. This update helps keep the dependency aligned with the latest changes, simplifying maintenance and ensuring compatibility.

---

932-935: Update hickory-resolver Version
Similarly, the hickory-resolver exemption now reflects version 0.25.0-alpha.4. This consolidated version upgrade should reduce the impact of hickory updates on the codebase and maintain a smooth integration with the Tari pulse and P2P DNS modules.