Migrate hickory_dns.rs to hickory-resolver/hickory-proto 0.26.1 API

[Copilot]

After bumping hickory-resolver/hickory-proto to 0.26.1 (RUSTSEC-2026-0118/0119), hickory_dns.rs was left on the old 0.25 API and fails to compile. This migrates all affected call sites to the 0.26 API with no behavior changes.

API changes

• TokioConnectionProvider removed — provider type is now TokioRuntimeProvider directly:

  // before
  type TokioResolver = hickory_resolver::Resolver<hickory_resolver::name_server::TokioConnectionProvider>;
  // after
  type TokioResolver = hickory_resolver::Resolver<hickory_resolver::net::runtime::TokioRuntimeProvider>;

• NameServerConfig restructured — no longer takes SocketAddr + Protocol; now takes IpAddr + Vec<ConnectionConfig> with port set on the connection:

  // before
  NameServerConfig::new(socket_addr, Protocol::Tls);
  ns.tls_dns_name = Some(server_name);
  // after
  let mut conn = ConnectionConfig::tls(Arc::from(server_name.as_str()));
  conn.port = port;
  NameServerConfig::new(ip, true, vec![conn])

• proto::xfer::Protocol — import dropped; protocol is now expressed via ConnectionConfig builder methods (::udp(), ::tcp(), ::tls(), ::https())

• ResolverConfig::new() → ResolverConfig::default()

• ResolveError → hickory_resolver::net::NetError

• Lookup::records() → Lookup::answers(); record fields data/ttl are now public struct fields rather than getter methods; pattern match RData::A/RData::AAAA directly

• opts.cache_size type changed usize → u64

• builder.build() now returns Result — unwrapped with the error included in the panic message

Original prompt

Context

PR envoyproxy#44858 bumps hickory-proto/hickory-resolver to 0.26.1 to fix RUSTSEC-2026-0118 and RUSTSEC-2026-0119. The bump itself is correct, but the file source/extensions/dynamic_modules/builtin_extensions/hickory_dns.rs was not migrated to the 0.26 API and CI fails to compile with:

error[E0432]: unresolved import `hickory_resolver::name_server::TokioConnectionProvider`
   --> source/extensions/dynamic_modules/builtin_extensions/hickory_dns.rs:212:7
    |
212 |   use hickory_resolver::name_server::TokioConnectionProvider;
    |       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^-----------------------
    |       |                              |
    |       |                              help: a similar name exists in the module: `ConnectionProvider`
    |       no `TokioConnectionProvider` in `name_server`

error[E0432]: unresolved import `hickory_resolver::proto::xfer`
   --> source/extensions/dynamic_modules/builtin_extensions/hickory_dns.rs:213:32
    |
213 |   use hickory_resolver::proto::xfer::Protocol;
    |                                ^^^^ could not find `xfer` in `proto`

error[E0412]: cannot find type `TokioConnectionProvider` in `hickory_resolver::name_server`
   --> source/extensions/dynamic_modules/builtin_extensions/hickory_dns.rs:149:61
    |
149 |   hickory_resolver::Resolver<hickory_resolver::name_server::TokioConnectionProvider>;

Goal

Update source/extensions/dynamic_modules/builtin_extensions/hickory_dns.rs so it builds against hickory-resolver / hickory-proto 0.26.1, preserving existing behavior (system DNS, custom resolvers, DNS-over-TLS, DNS-over-HTTPS, DNSSEC, cache size, query timeout/tries, dual-stack lookups). No behavior changes other than what's required by the API.

Required migration

1. TokioConnectionProvider removed

In 0.26 the connection provider is generic; the Tokio runtime provider lives at hickory_resolver::proto::runtime::TokioRuntimeProvider and must be wrapped in hickory_resolver::name_server::GenericConnector. Investigate the exact location/spelling in 0.26.1 (it may also be re-exported as a TokioConnectionProvider type alias in some patch versions — confirm against the actual 0.26.1 docs before choosing).

The current type alias:

type TokioResolver =
  hickory_resolver::Resolver<hickory_resolver::name_server::TokioConnectionProvider>;

needs to become something like:

type TokioResolver = hickory_resolver::Resolver<
  hickory_resolver::name_server::GenericConnector<
    hickory_resolver::proto::runtime::TokioRuntimeProvider,
  >,
>;

And construction in build_resolver() (currently let provider = TokioConnectionProvider::default();) needs to be updated accordingly, e.g.:

let provider = hickory_resolver::name_server::GenericConnector::new(
  hickory_resolver::proto::runtime::TokioRuntimeProvider::new(),
);

2. proto::xfer::Protocol moved

use hickory_resolver::proto::xfer::Protocol; no longer compiles. In 0.26 Protocol is reachable via hickory_resolver::config::Protocol (or hickory_resolver::proto::Protocol). Update the import. All Protocol::Udp | Tcp | Tls | Https usages should remain valid.

3. Verify other 0.26 API surface used in this file still works

While editing, please double-check (and adapt if necessary) the following call sites against 0.26.1:

• NameServerConfig::new(socket_addr, Protocol::Udp/Tcp/Tls/Https) — signature/fields. Confirm tls_dns_name: Option<String> and http_endpoint: Option<String> field names still exist; if renamed, update accordingly.
• ResolverConfig::new(), ResolverConfig::default(), add_name_server.
• ResolverOpts fields used: timeout, attempts, cache_size, validate.
• hickory_resolver::Resolver::builder_with_config(...).options_mut() = opts; .build() flow.
• resolver.lookup(name, RecordType::A/AAAA) returning Result<Lookup, ResolveError> and record.data().as_a() / as_aaaa().
• system_conf::read_system_conf().
• resolver.clear_cache() for reset_networking.

If any of these have been renamed/restructured in 0.26.1, update to the equivalent API. Do not change behavior beyond what the new API requires.

Constraints

• Do not modify Cargo.toml/Cargo.lock dependency versions — they are already set on this branch.
• Keep the file's public structure (HickoryDnsResolverImpl, DnsResolverConfig/DnsResolverInstance/DnsActiveQuery impls, declared init functions) unchanged.
• Preserve comments and unsafe/Send + Sync assertions.
• Run cargo check / cargo build for the dynamic modules crate locally if possible to validate the fix.
• Keep coding style consistent with the rest of the file (2-space indent, existing import grouping).

Files likely to change

• source/extensions/dynamic_modules/builtin_extensions/hickory_dns.rs

(No test file changes are expected — but if there are companion tests that import the same removed paths, fix them too.)

Acceptance

• `bazel build /...

This pull request was created from Copilot chat.