Use `hickory_resolver` to resolve DNS entries

crates/cdk-integration-tests/src/init_pure_tests.rs

@@ -55,10 +55,6 @@ impl Debug for DirectMintConnection {
 /// Convert the requests and responses between the [String] and [Uuid] variants as necessary.
 #[async_trait]
 impl MintConnector for DirectMintConnection {
-    async fn resolve_dns_txt(&self, _domain: &str) -> Result<Vec<String>, Error> {
-        panic!("Not implemented");
-    }
-
     async fn get_mint_keys(&self) -> Result<Vec<KeySet>, Error> {
         Ok(self.mint.pubkeys().keysets)
     }

crates/cdk/Cargo.toml

@@ -16,7 +16,7 @@ wallet = ["dep:futures", "dep:reqwest", "cdk-common/wallet", "dep:rustls"]
 nostr = ["wallet", "dep:nostr-sdk"]
 mint = ["dep:futures", "dep:reqwest", "cdk-common/mint", "cdk-signatory"]
 auth = ["dep:jsonwebtoken", "cdk-common/auth", "cdk-common/auth"]
-bip353 = ["dep:trust-dns-resolver"]
+bip353 = ["dep:hickory-resolver"]
 # We do not commit to a MSRV with swagger enabled
 swagger = ["mint", "dep:utoipa", "cdk-common/swagger"]
 bench = []
@@ -44,7 +44,6 @@ url.workspace = true
 utoipa = { workspace = true, optional = true }
 uuid.workspace = true
 jsonwebtoken = { workspace = true, optional = true }
-trust-dns-resolver = { version = "0.23.2", optional = true }
 nostr-sdk = { optional = true, version = "0.43.0", default-features = false, features = [
     "nip04",
     "nip44",
@@ -58,6 +57,7 @@ bech32 = "0.9.1"
 arc-swap = "1.7.1"
 zeroize = "1"
 tokio-util.workspace = true
+hickory-resolver = { version = "0.25.2", optional = true, features = ["dnssec-ring"] }
 
 [target.'cfg(not(target_arch = "wasm32"))'.dependencies]
 tokio = { workspace = true, features = [

crates/cdk/examples/mint-token-bolt12-with-custom-http.rs

@@ -40,10 +40,6 @@ impl Default for CustomHttp {
 #[cfg_attr(target_arch = "wasm32", async_trait::async_trait(?Send))]
 #[cfg_attr(not(target_arch = "wasm32"), async_trait::async_trait)]
 impl HttpTransport for CustomHttp {
-    async fn resolve_dns_txt(&self, _domain: &str) -> Result<Vec<String>, Error> {
-        panic!("Not implemented");
-    }
-
     fn with_proxy(
         &mut self,
         _proxy: Url,

crates/cdk/src/wallet/mint_connector/http_client.rs

@@ -187,6 +187,7 @@ impl<T> MintConnector for HttpClient<T>
 where
     T: Transport + Send + Sync + 'static,
 {
+    #[cfg(feature = "bip353")]
     #[instrument(skip(self), fields(mint_url = %self.mint_url))]
     async fn resolve_dns_txt(&self, domain: &str) -> Result<Vec<String>, Error> {
         self.transport.resolve_dns_txt(domain).await

crates/cdk/src/wallet/mint_connector/mod.rs

@@ -28,8 +28,11 @@ pub type HttpClient = http_client::HttpClient<transport::Async>;
 #[cfg_attr(target_arch = "wasm32", async_trait(?Send))]
 #[cfg_attr(not(target_arch = "wasm32"), async_trait)]
 pub trait MintConnector: Debug {
+    #[cfg(feature = "bip353")]
     /// Resolve the DNS record getting the TXT value
-    async fn resolve_dns_txt(&self, domain: &str) -> Result<Vec<String>, Error>;
+    async fn resolve_dns_txt(&self, _domain: &str) -> Result<Vec<String>, Error> {
+        todo!()
+    }
 
     /// Get Active Mint Keys [NUT-01]
     async fn get_mint_keys(&self) -> Result<Vec<KeySet>, Error>;

crates/cdk/src/wallet/mint_connector/transport.rs

@@ -2,13 +2,15 @@
 use std::fmt::Debug;
 
 use cdk_common::AuthToken;
+#[cfg(feature = "bip353")]
+use hickory_resolver::config::ResolverConfig;
+#[cfg(feature = "bip353")]
+use hickory_resolver::name_server::TokioConnectionProvider;
+#[cfg(feature = "bip353")]
+use hickory_resolver::Resolver;
 use reqwest::Client;
 use serde::de::DeserializeOwned;
 use serde::Serialize;
-#[cfg(feature = "bip353")]
-use trust_dns_resolver::config::{ResolverConfig, ResolverOpts};
-#[cfg(feature = "bip353")]
-use trust_dns_resolver::TokioAsyncResolver;
 use url::Url;
 
 use super::Error;
@@ -18,8 +20,11 @@ use crate::error::ErrorResponse;
 #[cfg_attr(target_arch = "wasm32", async_trait::async_trait(?Send))]
 #[cfg_attr(not(target_arch = "wasm32"), async_trait::async_trait)]
 pub trait Transport: Default + Send + Sync + Debug + Clone {
+    #[cfg(feature = "bip353")]
     /// DNS resolver to get a TXT record from a domain name
-    async fn resolve_dns_txt(&self, domain: &str) -> Result<Vec<String>, Error>;
+    async fn resolve_dns_txt(&self, _domain: &str) -> Result<Vec<String>, Error> {
+        todo!()
+    }
 
     /// Make the transport to use a given proxy
     fn with_proxy(
@@ -112,11 +117,13 @@ impl Transport for Async {
     /// DNS resolver to get a TXT record from a domain name
     #[cfg(feature = "bip353")]
     async fn resolve_dns_txt(&self, domain: &str) -> Result<Vec<String>, Error> {
-        // Create a new resolver with DNSSEC validation
-        let mut opts = ResolverOpts::default();
-        opts.validate = true; // Enable DNSSEC validation
+        let resolver = Resolver::builder_with_config(
+            ResolverConfig::default(),
+            TokioConnectionProvider::default(),
+        )
+        .build();
 
-        Ok(TokioAsyncResolver::tokio(ResolverConfig::default(), opts)
+        Ok(resolver
             .txt_lookup(domain)
             .await
             .map_err(|e| Error::Custom(e.to_string()))?
@@ -128,12 +135,7 @@ impl Transport for Async {
                     .collect::<Vec<_>>()
                     .join("")
             })
-            .collect())
-    }
-
-    #[cfg(not(feature = "bip353"))]
-    async fn resolve_dns_txt(&self, _domain: &str) -> Result<Vec<String>, Error> {
-        Err(Error::Internal)
+            .collect::<Vec<_>>())
     }
 
     async fn http_get<R>(&self, url: Url, auth: Option<AuthToken>) -> Result<R, Error>