Prossimo Logo
Support this Work

Hickory DNS

Prossimo Initiative
Hickory DNS logo

The Story

DNS is as critical as Internet infrastructure gets. DNS translates domain names into IP addresses, so just about every client and server depends on making frequent DNS lookups. DNS implementations need to be secure.

While there are many DNS implementations out there, including some memory safe ones, there are no open source, high performance, memory safe, fully recursive DNS resolvers. Until that exists, many DNS operators will continue to deploy DNS software written in languages that are not memory safe, putting critical Internet infrastructure at risk.

We are investing in a DNS implementation called Hickory DNS, started in 2015 by Benjamin Fry. Our goal is to make Hickory the most secure high performance resolver out there.

What We've Done

  • During 2023 Prossimo provided support for rebranding to Hickory DNS.
  • In November of 2024 a third party security audit was completed and issues found were remediated.
  • In December of 2024 Ferrous Systems completed a contract in which they made huge improvements to DNSSEC and NSEC3 support for the recursive resolver.
  • ISRG staff developer David Cook started working on Hickory DNS in 2024 and his work is ongoing. David is focused on preparing Hickory DNS for use by Let's Encrypt.
  • In January of 2025 Dirkjan Ochtman was given a contract to work on improving Hickory DNS part time during the first half of the year, with a focus on preparing it for use at Let's Encrypt.
  • In July of 2025 Dirkjan Ochtman and Daniel McCarney were given a contract funded by ICANN to add support for RFC 9539 opportunistic encryption in Hickory DNS and contribute to efforts to prepare Hickory DNS for deployment at Let's Encrypt.

We'd also note that while we have been making our investments, the Hickory DNS community has grown rapidly. We're excited to see all of the new contributors and the great work they are doing!

What's Next

We are working hard to get Hickory ready for deployment at Let's Encrypt in the first half of 2026. Making many thousands of recursive requests per second, Let’s Encrypt can help prove Hickory’s performance at scale. Meanwhile, Hickory will harden a critical part of the Let’s Encrypt infrastructure stack thanks to its use of a memory safe language. We maintain a list of issues we need to resolve for deployment at Let's Encrypt.

Links

More from the Prossimo blog

July 30, 2025

Opportunistic Encryption Is Coming to Hickory DNS

Hickory DNS is getting support for RFC 9539 opportunistic encryption.

February 11, 2025

Hickory DNS is Moving Toward Production Readiness

A high performance, memory safe, and open source recursive DNS resolver now has improved DNSSEC support, NSEC3 support, and new features.

October 5, 2023

Announcing Hickory DNS

We are proud to announce that Trust-DNS has a new name!

Funders

Sovereign-Tech-Agency
ICANN