►
Description
Benjamin Fry talks about TrustDNS (https://github.com/bluejekyll/trust-dns)
This talk was part of the Bay Area Rust meetup held on May 2018
Original at: https://watch.cloudflarestream.com/e14e0d2335ffb94ae505289f55552142
Slides: https://drive.google.com/drive/folders/1gQn9Uuj34TxS4cfUoW1Ng4o8axI9r8kq?usp=sharing
A
Thank
you,
I
have
to
say
this
is
pretty
nerve-wracking.
I
have
been
working
on
this
for
the
last
three
years
and
now
I'm
standing
in
CloudFlare,
who
is
a
big
DNS
provider
talking
about
this,
which
is
in
front
of
a
bunch
of
people
who
know
way
more
about
rust
than
I
do
so
it's
a
little
intimidating,
to
say
the
least.
A
A
I'm
also
not
a
security
expert
by
any
means.
I've
learned
way
more
about
security
by
working
on
this
project
and
I
knew
before,
which
is
kind
of
fun.
I
also
have
no
connection
with
CloudFlare,
though.
Thank
you
very
much
cloud
for
hosting
this.
They
appreciate
that,
and
also
for
1.1.1
I
have
no
connection
with
Google
Mozilla
or
quad
9,
though
we
do
have
configs
that
are
related
to
a
lot
of
those
guys,
so
I
just
want
to
make
that
clear.
Okay,.
A
Before
I
thank
all
of
these
people,
it's
important
to
thank
my
lovely
wife
who's
at
home
right
now,
putting
both
of
my
kids
to
bed
and
let
me
come
out
and
do
this
so
she's
awesome,
Thank,
You,
Lindsay
I
need
to
thank
everybody
on
this
list,
because
none
of
this
would
have
been
possible
without
the
hard
work.
That's
gone
into
first
language,
which
I
have
sadly
not
contributed
line
to
at
all
and
I'm.
Very
sad
about
that.
But
I
haven't
had
time
to
get
all
of
that.
A
I
only
have
about
two
hours
every
night
to
work
on
this
stuff
and
that's
maximum.
The
Toki
are
in
futures.
Work.
I
have
gotten
to
contribute
a
little
bit
to
this,
where,
where
I,
you
know
had
some
minor
problems,
but
these
have
been
excellent
for
all
the
async
that
goes
on
in
the
library,
OpenSSL
I
know
it
gets
a
lot
of
hate.
But
if
you've
looked
at
the
recent
code
in
the
C
library,
it's
actually
pretty
good,
but
all
of
the
contributors
there
and
also
the
bindings
and
rust,
are
really
nice.
A
The
ring
library
is
amazing
for
anybody
who
hasn't
used
it
yet
and
Brian
Smith
is
leading
a
really
awesome
effort.
There
I
highly
suggest
checking
that
out
all
of
the
DNS
RFC
authors
as
much
as
I
disliked
some
of
those
articles
that
I
had
to
read
and
how
confusing
they
were.
The
work
that
went
into
all
of
that
is
pretty
amazing
and
then
obviously,
all
of
my
contributors
when
I
first
put
this
together,
there
were
25
they're
now
27
and
thank
you
very
much
if
anybody's
in
this
room
has
contributed
to
library.
A
A
A
There
was
so
much
in
here
that
caught
my
attention
as
an
engineer
over
the
last
well,
when
this
was
written
fifteen
years
professionally,
where
I
had
dealt
with
every
problem
that
this
article
said
was
not
a
problem
and
rust.
It
was
just
kind
of
mind-boggling.
It
hooked
me
in
I,
immediately
decided
I
have
to
figure
out,
I
have
to
learn
about
this
language
and
I
have
to
start
working
with
it.
A
So,
as
I
became
a
Russ
station,
I
think
everybody
in
this
room
who
started
and
now
knows
rust,
has
become
a
fearless
programmer.
Like
me,
in
fact,
when
I
go
to
any
other
language,
I
no
longer
have
any
confidence
that
it's
doing
what
I
expect
it
to
do,
because
rust
has
given
me
so
much
confidence,
so
I'm
now
worst
programmer
in
every
other
language.
I
guess:
that's
it
Thank
You
Russ,
don't.
A
So
I
really
wanted
to
learn
the
language
and
I
needed
to
pull
something
down
substantial
in
order
to
do
that.
For
me,
I
took
a
look
at
the
ecosystem
when
I
was
starting
out
and
I
didn't
really
notice
much
going
on
in
the
DNS
area.
There
was
a
couple
of
things,
but
I
decided
right
about
that
time.
Bi9
had
some
major
security
announcement.
I
was
like
well
why
shouldn't
DNS
be
written
and
rust
I.
A
Think
a
good
question
at
this
point
is:
why
should
I
write
DNS
addressed
the
center
of
the
rust
universe
is
over
here?
This
is
my
little
diagram
up
here.
Center
of
the
DNS
universe
is
over
here
I'm
somewhere
around
here,
I,
don't
know
rust,
I've
used
DNS
in
the
past
at
on
some
infrastructure
projects,
in
fact,
buddy
mind
Paul's
here
who
I
worked
with
on
that
and
I
had
a
fairly
narrow
view
of
what
you
can
use
DNS
for,
although
from
my
experience
with
it,
I
wanted
it
to
be
way
better.
I
did
dynamic.
A
A
Anyway,
so
was
it
worthwhile
who
knows,
but
the
reason
I?
What
really
thought
all
of
this
stuff
would
be
really
interesting
is
from
my
experience
like
I
said,
dynamic,
DNS
was
always
really
interesting
to
me.
You
have
an
authority
sitting
out
here
and
you
have
some
computer
and
you
want
to
be
able
to
inject
records
into
it.
You
want
to
be
able
to
control
your
DNS.
You
may
want
to
direct
people,
two
different
areas
on
the
internet,
based
on
some
of
that.
A
So
my
my
pure
interest
in
all
of
this
has
always
been
I
want
to
make
this
authority
trustworthy.
I,
want
it
to
be
able
to
deliver
secure
packets
so
that
people
can
trust
what's
coming
back
from
it
and
I
want
it
to
be
easily
configurable
and
easily
manageable
I.
What
I
keep
imagining
here
is,
why
isn't
DNS
being
used
for
more
things?
Why
is
HTTP
the
crown
jewel
of
the
Internet?
Why
I've
never
completely
understood
that,
but
anyway?
A
So
that's
why
I'm
working
on
this,
but
it
turns
out
for
most
people
what
they
want
is
to
find
out
how
to
get
to
their
photo
site
and
and
figure
out
how
to
load
stuff
from
that
this
wasn't
a
big
goal
of
mine,
but
I
kept
getting
all
these
questions
hey.
How
do
I
do
a
record
lookups?
How
do
I
do
quad
a
record
lookups?
How
do
I
deal
with
this
stupid?
Cname
thing?
That's
coming
back
from
the
server
instead
of
the
actual,
a
and
quad
a
records,
I
was
like.
A
A
So
after
explaining
that
over
and
over
and
over
again
I
was
like
okay,
you
guys
want
to
resolver
I,
get
it
Oly
area,
so
I
started
working
on
a
project
the
trusty
NS
resolver
I
was
like
this
is
only
gonna.
Take
a
couple
of
weeks.
Right
I
mean
it
can't
be
that
hard
and
the
stub
resolver
czar
responsible
for
communicating
with
you,
recursive,
resolver
and
CloudFlare
runs
this
nice
one
now
which
kind
of
cool
stuff
the
recursive
resolver
is
responsible
for
doing
some
magic.
I
haven't
built
that
part.
A
Yet
so
I,
don't
I
couldn't
get
into
the
details
of
exactly
how
that
works,
but
just
imagine
lots
of
graft
reversals
and
going
back
to
other
cached
nodes
out
there
and
everything
until
it
finally
gets
to
your
authority
that
has
the
zone
records
for
your
example.com.
So
that's
that's
kind
of
this
is
the
picture
of
DNS.
A
So
about
a
year
later
now,
I
have
right
two
weeks
year.
I
finally
have
something
that
I
would
be
happy
for
anybody
in
this
room
to
use.
It
may
not
have
the
best
ergonomics,
but
I
definitely
appreciate
the
usage.
If
people
do
it
that
stub
resolver
now
can
give
you
your
a
records
and
your
quad-a
records
or
whatever
it
is,
you
want
to
look
up
and
it
properly
does
all
the
cname
chaining
and
everything
else
that
you
might
need.
So
that's
that's
the
trust,
DNS
resolver!
That's
what
we're
talking
about
today.
A
This
is
a
little
graph
of
what
you
get
when
you
actually
build
something
that
people
want.
So
this
is
about
three
months
ago
before
this,
when
things
weren't
working
quite
as
well
as
they
are
now,
it
wasn't
getting
much
usage.
Then
the
h2
library
came
out
and
Jowell
mosted
this
this
artery
this
on
the
announcement
in
the
reddit
pages,
where
he
said:
hey,
we
don't
have
an
asynchronous
DNS
resolver
in
this
h2
example
that
you
guys
have
posted
so
I
implemented.
A
One
and
I
posted
an
example
of
it
and
all
of
a
sudden
right
about
that
point.
That
was
three
months
ago,
approximately,
maybe
a
little
bit
more.
Now,
all
of
a
sudden,
everybody
started
using
this,
and
this
is
really
what
happens
when
you
actually.
Would
you
give
users
what
they
want?
They
actually
start
using
your
software,
which
is
kind
of
cool
and
I,
think
that
numbers
now
up
to
20,000
I
checked
today,
so
that's
fun.
So
thank
you.
This
is
why
I
actually
work
on
the
software.
A
That
reminds
me
of
my
favorite
computer
scientist,
whose
Dijkstra
every
time
I
read
anything
from
Dijkstra
I,
just
feel
like
he's
speaking
directly
to
me
about
my
career
and
what
I
do
but
I
love.
This
quote
that
you
can't
programs
like
a
poem.
You
can't
write
a
poem
without
writing
it,
which
is
almost
then
but
and
I,
put
the
article
here
because
you,
when
you
actually
punch
this
into
Google
you'll
only
get
back
quote
sites
instead
of
the
actual
document.
But
this
document
is
great
to
read.
A
It
was
a
transcription
I
think
of
a
letter
of
his
from
years
ago,
written
in
like
1982,
but
the
entire
premise
of
this
article
and
I
think
it's
important
to
the
rustic
community.
Is
you
can't
you
have
to
build
software
to
know
how
it's
going
to
work?
You
can't
go
around
telling
people
hey
your
software's
gonna
work
better.
If
you
build
it
in
rust,
if
you
just
rewrite
this
in
rust,
you
get
all
your
problems
are
gonna
go
away.
You
have
to
show
people
that
that's
true
and
I
hope
with
the
stuff
that
I've
done.
A
I
might
actually
be
showing
people
that,
because
I'm,
not
a
systems
programmer
I,
the
last
time
I
actually
wrote
for
a
company
any
systems.
Software
was
in
2000
2001
about
some
Corbis
stuff.
Nobody
even
uses
Korb
anymore,
sadly,
and
we've
gone
to
G
RPC,
which
somebody
can
explain
the
difference
to
me.
I'd
love
it
anyway,
but
Korb
is
dead.
I
stopped
using
C++
about
that
time
and
I
never
went
back.
I
started
using
Java
I
had
no
intention
of
ever
touching
C
or
C++
again.
A
At
that
point,
it's
just
too
painful
if
you've
ever
had
to
debug
stir
stir
without
a
proper
null-terminated
stream.
You
wouldn't
either
anyway,
so
I
thought
at
this
point.
It
would
be
good
to
actually
show
some
code,
because
this
is
a
rust,
meetup
and
I
find
that
everybody
shows
code
at
these
things.
So
I
hope
you
guys
are
following
along
at
this
point.
A
What
I
wanted
to
show
is
just
two
examples:
I
had
three
and
then
I
kind
of
practiced.
This
talk
and
it's
gonna
be
way
too
long
if
I
tried
to
walk
through
three.
But
the
two
examples
that
I
have
here
are
one
is
multiple
IP
lookup
strategies.
This
is
an
interesting
demonstration
of
why
the
futures
library
is
actually
pretty
cool.
A
A
For
for
the
lookup
strategies
in
DNS,
as
we've
moved
into
an
era
where
everything's,
ipv6
and
ipv4,
it's
become
important
to
be
able
to
deliver
either
address.
Now,
in
my
opinion,
if
you
care
about
which
type
of
IP
address
you
have
are
getting
or
and
using
then
you're
doing
something
wrong,
you
shouldn't
care
whether
you're
getting
ipv4
ipv6.
You
just
be
trying
to
connect
to
a
server
upstream,
but
sometimes
people
do
and
I
got
some
feedback
for
that,
because
originally
I
had
started
with,
what's
known
as
the.
A
Hammer
the
name
of
it
right
now,
happy
eyeballs!
Thank
you,
happy
eyeballs
RFC,
which
is
I,
think
ipv4
and
ipv6,
which,
according
to
these
strategies
and
when
I,
had
released
that
I
immediately
got
some
feedback,
that
it
was
a
little
confusing
for
people
because
they
were
weren't.
They
didn't
know
what
IP
address.
They're
gonna
be
getting
back
first
and
they
didn't
know
how
to
deal
with
that
so
I
I
gave
in,
but
so
now
the
default
is
first
to
look
for
ipv4
and
then
look
probably
v6.
A
A
I'm
not
gonna,
do
a
tremendously
deep
thing:
a
code
walkthrough
here
we're
gonna
just
skip
through
bunch.
So
this
yeah
this
is
the
happy
eyeballs
and
what
I
wanted
to
show
here
is
not
the
boxes.
You'll
see
a
lot
of
boxes
in
my
software
I,
regretfully
I'm
here,
to
inform
you
that
I
am
a
true
believer
in
making
something
work
before
you
make
it
correct
and
well
before
you
make
it
fast,
and
most
of
my
libraries
are
now
in
somewhere
on
the
order
of
make
it
correct.
A
So
you'll
see
a
lot
of
boxing
and
I'm,
probably
not
going
to
remove
these
for
a
while,
because
I
might
as
well
just
move
to
infiltrate
which
is
pretty
awesome
and
got
released
today
with
1.26,
which
I'm
very
excited
about.
So
if
we
look
at
this
into
a
couple
of
months,
this
will
all
look
different.
But
anyway
the
point
is
we're.
Looking
at
futures
and
the
futures
library
has
a
bunch
of
nice
Combinator's
much
like
iterators
right.
A
So
you
do
the
host
lookup.
You
can
do
a
single,
a
record
lookup
and
a
quad
a
lookup.
You
do
this
select
on
it.
It
would
seem
natural
that
you'd
want
to
do
a
join
here
because
you're
doing
an
end.
But
really
you
want
this
to
succeed
whether
or
not
one
of
them
fails.
So,
even
though
it's
an
and
you're
technically
hoping
that
one
of
them
succeeds,
even
if
the
other
one's
not
there,
so
that's
what
this
is
doing.
It's
doing
a
select.
A
A
And
then
this
is
just
an
example
of
one
of
the
other
strategies
which
is
ipv4
and
then
ipv6,
and
the
only
difference
here
is
that
we're
not
doing
a
select
now
we're
first
doing
a
lookup
and
I
made
this
function,
generic
over
either
ipv4,
first
or
ipv6.
First,
so
there's
there's
actually
a
higher
order
function
that
flips
between
those
depending
on
your
settings
and
then
this
just
does
the
host
lookup
and
then
does.
Does
the
then
the
reason
that
host
lookup
isn't
what
that
function
does
I
should
have
defined
said
that
earlier?
A
A
So
that's
I
think
a
fun
example
of
how
combinators
work
in
futures
we'll
see
what
that
stuff
looks
like
as
they
sink
the
new
way.
Sync
features
start
landing.
I
have
no
idea
how
that's
gonna
look
but
I'm
excited
for
them
and
also
a
little
trepidatious,
because
it
means
a
lot
of
work
to
refactor
all
this
but
anyway.
A
So
the
next
example
here
is
how
we
deal
with
cname
in
SRV
chaining.
If
you're
not
familiar
with
SRV,
it's
service
record.
It's
instead
of
just
a
standard.
A
record
in
your
DNS
SRB
allows
you
to
associate
a
port
as
well,
which
can
be
very
handy.
A
lot
of
people
still
assume
what
port
they
actually
need
to
connect
to
on
a
server.
A
A
Okay,
so
this
is,
this
is
literally
just
iterator
logic,
so
there's
no
futures
work
going
on
here.
What
this
code
example
has
is,
at
the
very
beginning,
we've
gotten
a
response
from
an
upstream
server
or
maybe
multiple
upstream
servers,
because
we
might
have
done
one
of
our
selects
and
gotten
an
ipv4
and
ipv6
back.
So
that's
why
there's
multiple
messages
associated
with
that?
A
We
then
flatten
that
into
just
pulling
out
the
answers
from
that
those
messages
and
in
DNS
you
have
three
fields
associated
to
a
message.
You
have
your
answers
section
you
have
an
additional
section
and
then
you
have
a
name
servers
or
authorities
section
that
comes
after
that
and
for
the
RFC's.
The
only
place
that
I
should
be
looking
at.
This
point
is
in
the
answers
section.
So
that's
what
we're
doing
here.
A
So
we
pull
all
the
answers
out
and
then
Brian
Smith
came
in
and
refactored
this
for
me,
because
I
was
doing
a
lot
more
cloning
before
so
he
added
the
cow
borrowed.
So
you
can
thank
Brian
for
a
little
less
allocation
here,
but
anyway,
what
this
is
doing
is
folding.
All
of
those
answers
into
a
final
result
where
we're
looking
for
any
C
name
or
SRV
chains,
and
actually
there
should
only
be
one
first
record
in
SRV,
but
I'm,
not
enforcing
that.
A
So,
if
that
annoys,
you
you'll
have
to
file
a
PR
for
the
C
names,
though
what
we,
what
we're
doing
is
we're
just
iterating
over
the
entire
set
of
answers
that
we
got
in
those
messages
until
we
fold
them
down
into
the
just
the
final
C
name
that
we're
looking
for.
Does
that
make
sense?
Everybody
following
this
is
boring.
A
So
after
we
find
those
C
names,
what
we
jump
into
is
actually
grabbing
the
records
that
you're
looking
for.
So
what
we've
done
there
is
we've
gone
back.
Let
me
just
flip
back
for
a
second.
What
we've
done
is
we've
followed
a
chain
of
Records
all
the
way
down
to
the
last
cname
record
that
might
exist
in
these
messages
and
we
folded
that
down
to
one
just
one
name
now
and
also
a
TTL
l,
it's
our
TTL
and
and
some
other
things
like
was
it
a
cname?
So
this
is
actually
our
final
result.
A
What
was
the
search
name?
What's
the
seat,
that
final
TTL,
that
we
would
have
calculated
from
that
whole
chain,
which
is
going
to
be
the
minimum
TTL
of
the
entire
chain?
And
then
this
is
just
a
nice
little
flag
that
tells
us
whether
or
not
we
started
with
a
cname
and
that'll
come
in
that's
important
later
so
anyway,
what
we
do
is
we
then
combine
all
of
our
answers
in
our
additionals
if
it
was
a
cname
record
that
had
come
back
in
this
response.
A
A
We
pull
the
answers
into
an
iterator.
We
do
a
chain
on
the
additionals.
We
then
filter
this
down
to
and
I've
simplified
these.
If
statements
a
little
bit
for
this
for
this
talk,
because
they
are
somewhat
large
but
they're
enforcing
that
the
name
is
equal,
that
our
query
type
that
we're
searching
for
is
equal,
and
this
is
the
original
query
type
that
you're
looking
for.
So
if
this
was
an
a
record,
then
what
we're
looking
for
is
now
the
a
record
or
it's
in
any
search.
A
So
you
actually
add
ask
DNS
to
get
any
record
that
you
could
possibly
find,
and
otherwise
it's
an
SRV
record
and
we
do
a
slightly
different
look
up
here.
But,
finally,
after
we
filter
that
down
to
just
the
names
that
we're
looking
for,
we
do
a
collect,
write
into
a
vector
that
has
all
of
those
records
in
it.
At
this
point,
we
should
have
the
final.
A
A
records
or
quad-a
records,
or
whatever
it
was
that
you're
looking
for
in
our
results,
which
is
cool,
but
sometimes
you
don't
get
all
your
records
and
sometimes
you're,
dealing
with
an
authority
upstream,
that's
actually
too
simple,
and
it's
not
capable
of
giving
you
additional
sections
with
your
actual
a
records
in
them,
and
so
we
have
to
check
for
that.
We
have
to
say:
hey:
did
we
actually
get
anything
returned?
A
If
so,
if
our
records
aren't
empty,
then
we
get
to
just
we
return
or
async
ready
and
here's
all
the
records
that
we
found
otherwise
I'm
not
going
to
explain
all
the
object,
types
there's
a
whole
bunch
of
layered
objects
here
for
futures
and
other
things,
but
anyway,
so
that
first
one
is
just
returning
our
records.
The
next
one
is
if
it
was
a
cname
and
we
didn't
find
all
the
records,
then
what
we
know
at
this
point
is
that
we
didn't
get
the
final
record
in
that
initial
response.
A
And
so
what
we
have
to
do
is
do
an
recursive
query,
and
so
this
actually
fires
off
an
additional
query
out
to
the
internet
or
your
network
to
do
another.
Lookup
in
the
neck,
it's
garden
goes
through
the
whole
cycle
again,
so
there
is
a
cap.
I
think
I've
capped
it
to
a
maximum
of
eight
lookups
for
any
single
resolution
period
before
it'll
give
up
anyway.
A
If
we
get
to
the
end
and
we're
still
not
able
to
find
anything,
then
we
essentially
return
an
error.
It's
sorry,
not
an
error,
but
a
no
an
NX
domain,
meaning
that
we're
not
we
weren't
able
to
find
it,
which
isn't
an
error.
You
can
see
it's
actually
an
okay
and
everything's
good.
At
that
point,
it's
okay,
that
the
server's
didn't
respond.
What
you
didn't
get
was
a
network
error
and
that's
handled
through
an
entirely
different
set
of
logic.
A
Anyway,
that's
just
two
examples
of
how
I
think
rust
helps
with
the
building
of
DNS,
but
I
thought
since
I
was
going
to
be
here
CloudFlare,
we
could
talk
about
one
last
thing,
and
this
is
something
that
I'm
kind
of
excited
to
announce
that
in
the
0.9
release,
when
it's
coming
well
now
have
whoops
I,
don't
think
you
guys
had
the
font
that
I
was
using.
That
blue
should
be
a
little
to
the
left.
A
Anyway,
there
you
now
have
a
resolver
configuration
that
allows
you
to
use
TLS
with
CloudFlare,
which
so
you
can
now
use
TLS
with
the
trusty
NS
resolver
I
built
DNS
over
TLS
into
the
libraries
about
a
year
ago,
almost
immediately
after
the
RFC
was
complete,
but
nobody
had
implemented
it
anywhere.
So
I'd
never
figured
a
it's
worth,
putting
it
into
the
resolver
until
CloudFlare
made
its
announcement
and
also
quad
nine.
So
you
can
either
use
cloud
floor
cloud
line,
I'd
start
quad,
nine
or
you
can
just
join
those
together
and
use
both.
A
If
you
want
it
doesn't
matter,
although
I
bet
the
CloudFlare,
people
would
like
it.
If
you
just
feel
clever
anyway,
this
is
feature
flagged
off,
mostly
because
it
pulls
in
either
open
SSL
or
your
native
TLS
libraries
or
or
the
ring
libraries
I,
have
support
for
both
OpenSSL
and
native
TLS
and
then
also
Russ,
Russell's
I
would
recommend
using
Russell's
for
the
easiest
path.
A
If
you're
going
to
use
this
mostly
because
it
all
gets
compiled
and
statically,
and
it's
and
you
don't
have
to
worry
about
your
build
chains
too
much,
the
other
one
would
be
native
TLS.
If
you
try
to
use
open
ssl
directly,
you
have
to
go
through
a
bit
more
configuration
because
you
have
to
pass
in
things
like
cas
and
all
sorts
of
other
stuff
anyway,
but
what
about
DNS
server?
Ti
https!
A
I
don't
have
a
lot
of
use
for
this,
because
I'm
working
on
a
software
I'm
not
working
in
a
browser,
I
think
this
is
pretty
valuable
to
people
are
working
inside
browsers
and
you
need
the
endpoint
that
you're
communicating
with
to
also
speak
HTTP
and
and
encapsulate
all
of
that
in
HTTP
packets
and
for
me,
I.
Just
don't
I
haven't
I.
Don't
have
a
need
for
that.
If
people
want
to
add
this
to
the
library,
it
would
be
pretty
easy
with
h2
library.
It
should
be
fairly
easy
to
wrap
all
the
other
TLS
stuff.
A
That's
already
been
built
into
the
h2
library,
and
if
somebody
wants
to
do
that
and
contribute,
it
back,
I'd
be
happy
to
accept
it.
But
for
me
right
now,
the
only
way
that
I
see
this
being
valuable
is
if
you're,
actually
inside
of
a
browser
section
and
until
I
hear
somebody's
like
using
trusty
and
s.
Inside
of
a
browser
like
I,
haven't
integrated
into
server
or
anything,
but
that
would
be
cool
so
until
then,
I
don't
really
see
much
need
for
implementing
this
in
the
library
anyway.
A
D
So
this
is
something
I've
hated
about
lots
of
programming
language,
the
implicit
return,
the
last
value.
The
value
of
the
last
statement
is:
what
gets
returned
rust?
Actually
does
it
well
and
I
found
it
works
very
well
if
I
accidentally
put
an
extra
line
and
it
won't
compile,
because
the
previous
one
doesn't
have
a
semicolon,
and
so
I
yeah,
but
I've
never
made
that
mistake
because
of
that
that
convention
of
the
semicolon,
the
absence
of
the
semicolon
only
makes
sense
on
the
last
line.
C
D
Because
within
the
block,
I
have
to
leave
off
the
semicolon,
if
I'm
going
to
get
a
return
value
out
of
it,
so
I.
If
you
know
foo,
then
else
bar
if
I
have
a
semicolon
I
get
unit
return.
If
I,
don't
I
get
the
value,
if
I
add
an
extra
line
that
won't
compile
anymore
I
have
to
put
a
semicolon
at
the
end
of
those
lines.
I.
A
Yeahit's
I,
initially
when
I
came
to
rust,
I
actually
didn't
use
that
convention
a
lot
and
specifically
because
from
other
languages
I
got
and
I
was
very
worried
about
what
would
happen
but
yeah
the
compiler
catches,
all
that
for
you,
you'd,
never
I've,
never
made
a
mistake
in
rust
with
that.
Yes,
pearl.
E
Hi,
thanks
for
the
talk,
was
really
cool,
I'm
interested
here
a
little
bit
more
about
your
motivation
to
build
this.
You
talked
a
lot
about
kind
of
using
it
as
a
proving
ground
for
how
rust
can
do
it
better,
I'm
curious
about
what
sort
of
applications
you
have
in
mind
yourself
once
this
gets
to
a
more
or
less
stable,
State
sure.
A
A
A
A
All
of
my
experience
with
DNS
was
all
like
I
had
said
mainly
from
this
infrastructure
project
that
I
had
been
working
on
where
DNS
was
a
substantive
problem
and
hard
to
manage,
and
it
was
hard
to
distribute
records
to
a
lot
of
different
DNS
servers
if
you
had
them
on
a
network
and
all
sorts
of
other
dynamic
problems
when
you
were
trying
to
dynamically
configure
it
a
lot.
So
that
was
my
initial
motivation
was
just
to
come
into
it
and
I.
What
I
wanted
was
a
very
good
client
library,
initially
I.
A
Actually,
my
the
server
aspect
of
it
was
going
to
generally
be
simple
from
my
initial
standpoint,
so
a
lot
of
it
was
around
that
dynamic
stuff
and
so
I
added
some
features
to
the
client
library.
Initially,
that
I
found
were
missing
and
almost
every
other
client
library
that
ever
seen
so
things
like
atomic
adds
in
an
atomic
replaces
and
all
all
of
those
features
which
DNS
supports
in
all
the
RFC's,
but
I've
never
seen
client
libraries
that
actually
implement
that
obviously
you're
relying
on
the
server
improperly
enforcing
that
for
you.
A
But
but
those
were
my
initial
reasons
as
I've
built.
All
of
this,
like
I,
was
saying
earlier
in
that
picture,
the
I
actually
think
we
can
do
a
lot
more
with
DNS
and
in
kind
of
IOT
type
spaces
and
I.
This
library
can't
get
to
you
know:
thumbnail-sized
IOT
devices,
at
least
not
in
its
current
state
we'd,
have
to
do
a
lot
of
work
to
to
slim
it
down,
but
but
for
you
know,
bricks
and
things
of
that
size.
A
But
for
my
next
thing
that
I
want
to
work
on
and
and
distribute
a
library
for,
since
the
resolver
is
now
in
a
pretty
decent
state.
I
want
to
merge
that
into
the
authority
code
that
I've
written
and
build
a
server
that
we
can
run
as
Damons
on
any
machine
and
then
use
that
for
doing
on
all
of
our
DNS
lookups.
So
you
can
now
have
a
secure,
and
you
know,
use
DNS
over
TLS
over
on
any
platform
that
you
want
to
deploy
this
on.
A
Those
servers
based
on
which
ones
performing
the
best
eventually
I
want
to
add
latency
as
a
measurement
into
that
and
I
haven't
for
no
good
reason.
I
haven't
had
time
to
get
back
into
it
and
add
that.
But
so
at
that
point
I
feel,
like
the
library
itself
could
start
being
used
more
for
applications
like
lookups
on
anybody's
machine.
It
said
answer
your
question.