DNS ​

How DNS Works is great. dnsx is great tool.

Notes ​

• dig +noall +answer DOMAIN will get just the DNS info you want.
• Can get your IP using DNS instead of HTTP: dig +short -4 A myip.opendns.com @resolver1.opendns.com. For IPv6: dig +short -6 AAAA myip.opendns.com @resolver1.ipv6-sandbox.opendns.com
• The fact that half of Silicon Valley is working hard on "web3" crypto scams while DNS - literally the backbone of almost every Internet query remains insecure, unverified with records taking days to update via TTL is probably the most absurd thing in modern tech.

Links ​

• How DNS works - Fun and colorful explanation of how DNS works.
• Quad9
• Pi-hole - Can be used as DNS server. (Lobsters)
• Tenta DNS - Recursive and authoritative DNS server in go, including DNSSEC and DNS-over-TLS.
• Trust-DNS - Rust based DNS client, server, and resolver.
• AdGuardHome - Network-wide ads & trackers blocking DNS server.
• PowerDNS - Sources for the PowerDNS Recursor, the PowerDNS Authoritative Server, and dnsdist (a powerful DNS loadbalancer). (Go API)
• Hello, and welcome to DNS! - Attempts to provide a correct introduction to the Domain Name System as of 2018.
• A Cat Explains DNS (2017)
• octoDNS - Tools for managing DNS across multiple providers.
• Gobuster - Directory/File, DNS and VHost busting tool written in Go.
• CoreDNS - DNS server that chains plugins. (Web)
• How we optimized our DNS server using go tools (2020)
• A warm welcome to DNS - Attempts to provide a correct introduction to the Domain Name System as of 2018.
• Public Zone Database (ZoneDB) - Contains a list and associated metadata of public DNS zones.
• ExternalDNS - Synchronizes exposed Kubernetes Services and Ingresses with DNS providers.
• dnslookup - Simple command line utility to make DNS lookups to the specified server.
• Nslookup.io - Find DNS records. (Article) (HN)
• c-ares - C library for asynchronous DNS requests.
• DNS over Wikipedia - Redirect .idk domains using the official link found on a topic's Wikipedia page. (HN) (HN) (HN)
• dns-proxy-server - Solve your DNS hosts from your docker containers, then from your local configuration, then from internet.
• NextDNS - Block ads, trackers and malicious websites on all your devices. (Article) (HN) (Metadata)
• NextDNS CLI Client (DoH Proxy)
• grimd - Fast dns proxy that can run anywhere, built to black-hole internet advertisements and malware servers.
• Stubby - Application that acts as a local DNS Privacy stub resolver (using DNS-over-TLS).
• The case of the missing DNS packets: a Google Cloud support story (2020) (HN)
• DNS Proxy - Simple DNS proxy with DoH, DoT, and DNSCrypt support.
• Building a DNS server in Rust (HN)
• DNS-over-HTTPS - High performance DNS over HTTPS client & server.
• Beyond DNS over HTTPS: Trustless DNS Privacy (2020) (Lobsters)
• Where is the DNS Headed? (2020)
• What happens when you update your DNS? (2020) (HN)
• An interview with Paul Mockapetris, the creator of the DNS (2020) (HN)
• DNS Push Notifications (HN)
• DNS questions
• Under the Hood of a Simple DNS Server (2020)
• Understanding DNS—anatomy of a BIND zone file (2020)
• DNSLink - Simple protocol to link content and services directly from DNS.
• DNS flag day (Code)
• Secondary DNS – Deep Dive (2020)
• DNSimple - Secure & Simple DNS Hosting.
• Speeding up HTTPS and HTTP/3 negotiation with... DNS (2020) (Tweet)
• DNS Flag Day 2020
• Unbound - Validating, recursive, and caching DNS resolver. (Web)
• namebench - Open-source DNS Benchmark Utility.
• Yet Another Kubernetes DNS Latency Story (2020)
• Oblivious DoH Library
• Which DNS servers are you pointing to? (HN) (Code)
• Resolve.rs - Troubleshooting website for network and DNS issues. (Code)
• DNS Trends (2020)
• Dynroute53 - Dynamic DNS updater for AWS Route53. Like DDNS for AWS managed domains.
• Handshake - Experimental peer-to-peer root naming system. (Code (HN)
• What Does It Take To Resolve A Hostname (2020)
• dog - Command-line DNS client. (Web) (HN)
• Sad DNS - Revival of the classic DNS cache poisoning attack.
• SAD DNS Explained (2020)
• DNS Resolution: Optimization Tools and Opportunities (2020)
• Improving DNS Privacy with Oblivious DoH (2020) (HN)
• odoh-go - Oblivious DoH library in Go.
• odoh-server-go - Oblivious DoH server in Go.
• DNSTools - Perform DNS lookups, pings, traceroutes, and other utilities, from 24 locations around the world. (Code)
• DIY Dynamic DNS Using Netlify API (2020)
• dcompass - High-performance DNS server with rule matching/DoT/DoH functionality built-in.
• doggo - Command-line DNS Client for Humans. Written in Go. (Lobsters)
• Update your DNS records when abandoning servers (2021)
• nonymous + bore(1): DNS toys for Rust (2021)
• DNS Key Value Storage (HN)
• DNS-LG - REST API allowing to perform DNS queries over HTTP from multiple locations worldwide. (CLI)
• A Name Resolver for the Distributed Web (2021)
• Dns.Watch - Public DNS Servers. (HN)
• ZeroConf - MDNS / DNS-SD Service Discovery in pure Go.
• KadNode - P2P DNS with content key, crypto key and PKI support. DynDNS alternative.
• Container to update DNS records periodically with WebUI for many DNS providers
• Docker DNS server on steroids to access DNS-over-TLS
• DNS over TLS - Thoughts and Implementation (2018)
• DNSCrypt - Protocol that encrypts, authenticates and optionally anonymizes communications between a DNS client and a DNS resolver. (GitHub)
• dnscrypt-proxy - Flexible DNS proxy, with support for encrypted DNS protocols.
• Why updating DNS is slow (HN)
• Please do not put IP addresses into DNS MX records (2021) (HN) (Lobsters)
• Cloudflare DDNS - Access your home network remotely via a custom domain name without a static IP.
• DNS lookup tool (Code) (Article)
• dnc (Domain Name Checker) - CLI tool to check domain names configuration.
• ZDNS - Fast CLI DNS Lookup Tool.
• go-doh-client - Go client library implementation of DNS over HTTPS.
• RouteDNS - DNS stub resolver, proxy and router with support for DoT, DoH, DoQ, and DTLS.
• Stop using low DNS TTLs (2019) (HN)
• dnspeep - Lets you spy on the DNS queries your computer is making.
• hyper-dns - DNS lookup for dat/hyper archives.
• The Sisyphean Task Of DNS Client Config on Linux (2021) (HN) (Lobsters)
• We Built Our Own DNS Infrastructure (2021)
• DNS Violations - List of DNS violations by implementations, software and/or systems.
• dnspython - Powerful DNS toolkit for python.
• inadyn - Dynamic DNS client with SSL/TLS support. (Web)
• Anubis - Subdomain enumeration and information gathering tool.
• ddclient - Perl client used to update dynamic DNS entries for accounts on many dynamic DNS services.
• dnsharper - Small DNS server to lookup local network IPs by their MAC addresses.
• DNS Based Discovery (2020)
• Anatomy of a Linux DNS Lookup (HN)
• MaraDNS - Small open-source DNS server. (Web)
• odoh-client-rs - Oblivious DoH client application written in Rust.
• HN: DNS-powered website with no back end (2021)
• DNS Explained in 100 Seconds
• meshname - Universal naming system for all IPv6-based mesh networks, including CJDNS and Yggdrasil.
• dn42 - Big dynamic VPN.
• Bulldohzer - Performance measurement tool for DNS. It supports DNS-over-HTTPS (DoH) and DNS-over-UDP (Do53).
• (All) DNS Resource Records (2021) (HN) (Tweet)
• DNS Privacy Considerations (HN)
• HTML over DNS: Serving Blog Content over DNS (HN)
• nailgun - DNS performance testing client written in Rust.
• DNSTake - Fast tool to check missing hosted DNS zones that can lead to subdomain takeover.
• Cloudflare Dynamic DNS IP Updater - Script used to update dynamic DNS entries for accounts on Cloudflare.
• Faster Top Level Domain Name Extraction with Rust (2021)
• Decentralizing the Internet's Root (2021) (HN)
• DNS Record Types (HN)
• localtls - DNS server for providing TLS to webservices on local addresses.
• dnsjit - Engine for capturing, parsing and replaying DNS.
• Knot Resolver - Caching full resolver implementation written in C and LuaJIT, both a resolver library and a daemon. (Web)
• DNS-OARC - DNS Operations, Analysis and Research Center. (GitHub)
• dnsfs - Store your data in others DNS resolvers cache.
• Facebook-owned sites are down due to DNS (Tweet) (Tweet) (Tweet) (Tweet) (Tweet) (HN) (HN) (HN) (Reddit) (HN) (Reddit)
• Understanding How Facebook Disappeared from the Internet (2021) (HN)
• Why was Facebook down for five hours? (2021) (Lobsters)
• Running BGP in Data Centers at Scale (2021)
• What is BGP? | BGP routing explained (HN)
• Tools to explore BGP (HN)
• Simple, fast DNS-over-TLS forwarding server - Forwards to an user-specified list of upstream DNS-over-TLS servers in parallel, returning and caching the first result received.
• A short overview of DNS (2021) (Lobsters)
• SubBrute - DNS meta-query spider that enumerates DNS records, and subdomains.
• DNS-client - Implementation of a DNS-client using a socket library.
• Reserved Top Level DNS Names
• Fixing reachability to 1.1.1.1, Globally (2018)
• Bob Wallet - Desktop application for DNS management and name auctions on Handshake. (Code)
• shakedex - Decentralized exchange for Handshake names.
• LLMNR, Multicast DNS and names on your LAN (2021)
• Google Public DNS
• dnstrace - DNS resolution tracing tool.
• Lepus - Subdomain finder.
• Hunting Newly Registered Domains
• q - Tiny command line DNS client with support for UDP, DoT, DoH, DoQ, and ODoH. (HN)
• PacketFrame - Open Source CDN for authoritative DNS and HTTP caching. (Web)
• How do you tell if a problem is caused by DNS? (2021) (Lobsters)
• DNS Comparison - Enter a domain to compare it on different DNS providers. (Code)
• nip.io - Wildcard DNS for any IP Address. (Code)
• sslip.io - Go-based DNS server which maps DNS records with embedded IP addresses to those addresses. (Code)
• DNSControl - Opinionated platform for seamlessly managing your DNS configuration across any number of DNS hosts, both in the cloud or in your own infrastructure. (Code)
• Minica - Small, simple CA intended for use in situations where the CA operator also operates each host where a certificate will be used.
• LDNS - DNS library that facilitates DNS tool programming. (Web)
• Go-Wild-DNS - Micro DNS-server that implements wildcard-ip DNS magic functionality.
• The case of the recursive resolvers: What happened during Slack’s DNSSEC rollout (2021) (HN)
• It is always the DNS (2021) (HN)
• domain - DNS library for Rust.
• NLnet Labs - Serving the Internet community since 1999 with core infrastructure tools for DNS and BGP. (GitHub)
• How to use Dig (2021) (HN)
• DNS doesn't "propagate" (2021)
• Learning DNS by modeling it with ALloy
• DNS Test Suite - Erlang app for testing authoritative DNS servers for compliance.
• Mess with DNS (2021) (Code) (HN)
• knary - Simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams/Lark & Pushover support.
• dns-packet - Abstract-encoding compliant module for encoding / decoding DNS packets.
• ocaml-dns - OCaml implementation of the DNS protocol.
• Cloudflare Dynamic DNS - Updates a given a DNS record with your current IP.
• dns2 - DNS Server and Client Implementation in Pure JavaScript with no dependencies.
• Overture - Customized DNS relay server.
• dns-exfil - Run a DNS server for the purpose of logging DNS questions.
• Why might you run your own DNS server? (2022)
• iodine - Tunnel IPv4 data through a DNS server. (Web)
• encrypted-dns-configs - Configuration profiles for DNS over HTTPS and DNS over TLS.
• How to find a domain's authoritative nameservers (2022) (HN)
• Cloudflare DDNS - Small and fast DDNS updater for Cloudflare.
• Alternative DNS Roots (HN)
• DNS Collector - High speed passive DNS collector with dnstap support, dns traffic sniffer and more.
• Lexicon - Manipulate DNS records on various DNS providers in a standardized/agnostic way.
• Some ways DNS can break (2022) (HN)
• Noisy - Simple random DNS, HTTP/S internet traffic noise generator.
• DNS resolver in 80 lines of Go (2022) (HN)
• devdns - Automagic Docker DNS for local development.
• DNS lookup cache for Go
• Caching DNS Resolver - Cache DNS A and AAAA record resolutions.
• rustdns - Simple, fast, and fully fledged DNS library for interacting with domain name services at a high or low level.
• Some things about getaddrinfo that surprised me (2022)
• DNSRecon - DNS Enumeration Script.
• mdns - Multicast DNS client in Rust.
• Ask HN: Neutral DNS servers? (2022)
• Bunny DNS - Scriptable DNS platform. (HN)
• Haskell DNS - Highly concurrent DNS library purely in Haskell.
• DNS Transport over TCP - Operational Requirements
• How to Detect DNS Tunneling in the Network? (2021) (Reddit)
• certutils - Wildcard certificates tools: Obtain certbot's (Let's Encrypt) wildcard certificates by updating DNS TXT records and answering stupid certbot questions for you.
• DNS Leak Test - Shows DNS leaks and your external IP. If you use the same ASN for DNS and connection - you have no leak. (Code)
• Encrypted DNS Server - Easy to install, high-performance, zero maintenance proxy to run an encrypted DNS server.
• ZeroNS - DNS server for ZeroTier users.
• crt.sh - Certificate Search.
• cli53 - Command line tool for Amazon Route 53.
• What I learned from making a DNS client in Rust (HN) (Reddit)
• Dingo - Command-line DNS client using bitvec, nom and RFC 1035.
• Dynamic DNS with Docker, Go and Bind9
• Erlang DNS Server - Serve DNS authoritative responses with Erlang.
• libdns - Universal DNS provider APIs for Go.
• How DNS Works
• dness - Dynamic DNS client.
• dnsx - Fast and multi-purpose DNS toolkit allow to run multiple DNS queries.
• Wildcard proxy for everyone (2022)
• HAnoProxY - DNS server offering proxyless high availability and load balancing for applications.
• KittenDNS - Easy to setup, rule engine, LetsEncrypt compatible. (HN)
• Tsein DNS - Robust and high performance DNS resolver supporting multiple DNS protocols.
• Dename - DNS Server framework for Deno.
• ratelimit - CoreDNS plugin that enables response rate limiting to mitigate DNS attacks.
• DNS Toys - DNS server that offers useful utilities and services over the DNS protocol. (Code) (Lobsters) (HN)
• GoDNS - Dynamic DNS (DDNS) client tool.
• aardvark-dns - Authoritative DNS server for A/AAAA container records. Forwards other request to host's /etc/resolv.conf.
• Pion mDNS - Go implementation of mDNS.
• Wordle over DNS
• Resolvers - Most exhaustive list of reliable DNS resolvers.
• Ferret: Automatically finding RFC compliance bugs in DNS nameservers (2022)
• tolower() in bulk at speed (2022)
• A DNS name compression algorithm (2022)
• cacheable-lookup - Cacheable dns.lookup(…) that respects TTL.
• Apple NextDNS Configuration Profile
• DNS Esoterica – Why you can’t dig Switzerland (2022) (HN)
• doh-proxy - Fast, mature, secure DoH and ODoH server proxy written in Rust.
• PyDomainExtractor - Blazingly fast domain extraction library written in Rust.
• Serverless DNS - Self-Hosted DNS Resolver at the Edge. (HN)
• Building a Recursive DNS Resolver (2022) (HN)
• dnsv2 - Alternative (more granular) approach to a DNS library.
• Fast DNS package for Go - Tuned for high performance. Zero memory allocations in almost paths. Up to 1M QPS on a single host.
• What happens if you point two CNAMEs at each other? Not much, really (2022)
• Cheap DNS providers
• Why do domain names sometimes end with a dot? (2022)
• Asynchronous DNS in Rust
• SpyCast - Cross platform mDNS enumeration tool.
• Writing a toy DNS Server in Rust using Trust DNS (2022)
• Can I Take Over DNS? - List of DNS providers and whether their zones are vulnerable to DNS takeover.
• Let's Encrypt Wildcard Certificates Made Easy with Agnos (2022)
• Why it's called "MagicDNS" instead of "Magic DNS" (2022)
• MagicDNS is Generally Available (2022) (HN)
• Automated learning of regexes for DNS discovery
• DNS privacy with speed? Evaluating DNS over QUIC and its impact on web performance (2022)
• DNS Response Size (2022)
• Making a DNS query in Ruby from scratch (2022) (HN)
• Stop using low DNS TTLs (2019) (HN)
• macOS DNS resolving change in Go 1.20 (2022)
• Zig-DNS - Experimental DNS library implemented in Zig.
• DNS over Ping
• Faster DNS name decompression (2022)
• Subdomain Sleuth - Scanner to identify dangling DNS records and subdomain takeovers.
• acme-dns - Simplified DNS server with a RESTful HTTP API to provide a simple way to automate ACME DNS challenges.
• Agnos - Obtain (wildcard) certificates from let's encrypt using dns-01 without the need for API access to your DNS provider.
• NSD - Authoritative DNS name server.
• ctrld - Highly configurable, multi-protocol DNS forwarding proxy.
• DNS LOC (2022)
• mdns-sd - Rust library for mDNS based Service Discovery.
• doh - DNS over HTTPs command-line client.
• Can I takeover XYZ? - List of services and how to claim (sub)domains with dangling DNS records.
• MassDNS - High-performance DNS stub resolver.
• resolved - Simple DNS server for home networks.
• FaF DNS Proxy - DNS-over-TLS (DoT) Proxy, Engineered for Speed.
• Building a CoreDNS plugin (2023)
• dns-detector - Tiny Node cli tool to resolve host IPs and find the fastest IP.
• Bizarre and Unusual Uses of DNS (2023) (HN)
• How Rust and Wasm power Cloudflare's 1.1.1.1 (2023)
• sniproxy - SNI proxy with embedded DNS server that supports blocking and forwarding rules.
• Learning DNS in 10 Years (2023) (HN)
• State of DNS Rebinding in 2023
• Implement DNS in a Weekend (2023) (HN)
• Meta's DNS Go libraries
• Globalping - Global network of probes to run network tests like ping, traceroute and DNS resolve.
• assetfinder - Find domains and subdomains potentially related to a given domain.
• netns-proxy - Automated configuration of network namespaces with tun2socks TUN-ified socks5 proxies as default gateways. Dnsproxy is run in each netns. Gost for proxy-chaining.
• Simple and secure DNS client crate for Rust
• Brute-forcing a macOS user’s real name from a browser using mDNS (2023)
• odoh-rs - Oblivious DoH library in Rust.
• Why is DNS still hard to learn? (2023) (HN)
• vodo - Primitive DNS server written in Rust.
• puredns - Fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries.
• mDNS Primer (2023)
• libmdns - mDNS Responder library for building discoverable LAN services in Rust.