return to table of content

Show HN: DN$ – an innovative, ad-supported DNS resolver

yonatan8070
4 replies
6d

Great execution, one of my queries showed this, idk what it means

```dig @35.223.197.204 google.com ;; Warning: ID mismatch: expected ID 37255, got 53558```

Great project, I found out about a course that'll help me make 100,000 USD a month!

nablags
3 replies
6d

An ID mismatch occurs when the ID on your DNS query differs from the ID on your DNS response. Queries & Responses should share the same ID - either this has been done intentionally or it's a sign that something is buggy with the resolver.

This sounds like a serious, security vulnerability. We'll investigate it in 3-5 years

yonatan8070
2 replies
6d

Given that the server is written in Rust, it is perfect and has no bugs. This must be a cosmic ray that hit a router on the way

loa_in_
0 replies
5d19h

If it's written on rust then the spec is buggy

KomoD
0 replies
5d22h

It's a feature!

Semaphor
4 replies
6d2h

Can recommend! I tried it, and it only took 11.423 seconds to resolve reddit.com!

nablags
3 replies
6d1h

this is likely user error, our resolver was programmed in Rust, therefore it's blazingly fast

toomuchtodo
0 replies
6d1h

Web scale.

klyrs
0 replies
5d20h

I died

bigblind
0 replies
5d19h

Needs MongoDB

naikrovek
2 replies
6d

I hate April Fool’s day so much.

No, this didn’t trick me.

Lying and pranking are both bad things to do, and they’re bad on 1 April, too.

If you find this kind of thing fun, we can’t be friends and I will forever look down at you.

It’s my problem, I know, I just can’t condone pranking or deception for any reason.

bee_rider
1 replies
5d23h

Harmless pranks are good. They are our way of vaccinating people against real lies.

naikrovek
0 replies
5d18h

STRONG disagree. I have been pranked many, many times.

People want pranking to be ok because they want to have the license to prank someone.

In my experience, it is the pranksters I have known who have been most easily fooled by scams and misinformation.

Assholes hide behind pranks believing that saying “it’s just a prank, bro” afterwards frees them from the “asshole” label, or that it somehow excuses the whole exercise. It does not. It makes them a coward for trying to hide behind the “harmless prank” label.

Also, you can’t know a prank is harmless until after it has concluded. Any number of unpredictable things can go wrong during a prank that are subtly and unpredictably harmful in ways that the prankster could never know beforehand.

The only good pranks are the ones in which the pranked, after the pranking, wishes it happened more often. Never in my life have I witnessed such a prank, and I spent years in the military: pranksters paradise.

eddd-ddde
2 replies
6d2h

Built in rust? This needs to be at the top of my resolv.conf immediately!

rpigab
1 replies
6d1h

You mean resolv.conf.ron? And why would you need anything else in that file, DN$ is all you need!

1oooqooq
0 replies
5d21h

you mean etc/systemd/resolv.conf.d/new.conf

get on with the times, gramps.

PreInternet01
2 replies
6d2h

DN$ only supports DNSSEC for customers in the ENTERPRISE tier

OK, so how much do I pay you to change that message to "DNSSEC is pointless and you should feel bad for making this request"?

nablags
0 replies
6d1h

If you join our pre-pre-seed fundraising round, I'm sure we can work something out

chuckadams
0 replies
5d23h

Why change the message instead of adding another? Any smart company should be able to offer support contracts for pointless things.

Mathnerd314
2 replies
6d2h

From the article link in the readme, this is a dig at Facebook.

nablags
0 replies
6d1h

We take inspiration from several tech companies - current and bankrupt

WorldMaker
0 replies
6d1h

That specific bullet point was definitely a jab at Meta, but the whole thing is not just Meta.

Ad-supported DNS is already a common problem of the major Consumer ISPs, which is part of the reason it is often suggested to own your own home router, and to use a DNS provider of your own choice in your router (depending on who you trust to not also eventually add ads to their DNS, often the choices are Google or Cloudflare or DIY things like PiHoles).

silisili
1 replies
6d2h

Gotta admit, the title got my blood pressure going a little bit, until I clicked and read through. Really well done, and nice working demo!

bevekspldnw
0 replies
5d22h

Same!

rpigab
1 replies
6d1h

  $ dig @35.223.197.204 hackernews.com
  < HTTP 402 error.
Wierd, it shouldn't even use HTTP. Something's fishy.

bombcar
0 replies
6d1h

Your dig is dug.

    $ dig @35.223.197.204 hackernews.com
    
    ; <<>> DiG 9.10.6 <<>> @35.223.197.204 hackernews.com
    ; (1 server found)
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63493
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 2
    
    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 65494
    ;; QUESTION SECTION:
    ;hackernews.com.   IN A
    
    ;; ANSWER SECTION:
    hackernews.com.  46 IN A 13.249.141.50
    hackernews.com.  46 IN A 13.249.141.113
    hackernews.com.  46 IN A 13.249.141.98
    hackernews.com.  46 IN A 13.249.141.39
    
    ;; ADDITIONAL SECTION:
    hackernews.com.  7200 IN TXT "Need to launder some money? Invest in our cryptocurrency!"

proactivesvcs
1 replies
5d23h

Here's me, a Uniformly Dopey Peasant.

  nmap -sV -p 53 35.223.197.204
  Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-04-01 20:16 BST
  Nmap scan report for 204.197.223.35.bc.googleusercontent.com (35.223.197.204)
  Host is up (0.11s latency).

  PORT   STATE SERVICE VERSION
  53/tcp open  domain?
  1 service unrecognized despite returning data. If you know the service/version, please submit the
  following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
  SF-Port53-TCP:V=7.94SVN%I=7%D=4/1%Time=660B081A%P=x86_64-pc-linux-gnu%r(DN
  SF:SVersionBindReqTCP,4F,"\0M\0\x06\x81\x05\0\x01\0\x01\0\0\0\0\x07version
  SF:\x04bind\0\0\x10\0\x03\xc0\x0c\0\x10\0\x01\0\0\0d\0#\"TCP\x20is\x20for\
  SF:x20enterprise\x20clients\x20only")%r(DNSStatusRequestTCP,3D,"\0;\0\0\x9
  SF:0\x05\0\0\0\x01\0\0\0\0\xc0\x0c\0\x10\0\x01\0\0\0d\0#\"TCP\x20is\x20for
  SF:\x20enterprise\x20clients\x20only");

nablags
0 replies
5d21h

Our company culture codifies that our free and enterprise customers are uniformly referred to as peasants.

Enterprise customers are called "Top Customer Peasants"

mtillman
0 replies
6d1h

so good: "Meet hot, lonely DNS records in your area tonight"

KomoD
1 replies
5d22h

When are you going to implement the dark blockchain into this!?

nablags
0 replies
5d17h

Blockchain technology is on our roadmap for Q4 20XX

IX-103
1 replies
6d1h

;; ADDITIONAL SECTION

TXT "Meet hot, lonely DNS records in you area tonight"

tgeorge
0 replies
6d1h

;; ADDITIONAL SECTION: news.ycombinator.com. 7200 IN TXT "CONSUME CONSUME CONSUME CONSUME CONSUME CONSUME CONSUME CONSUME CONSUME"

xyst
0 replies
5d15h

No plans to IPO, then sell off shares and causing the entire stock to free fall and leaving retail investors to hold the bag?

Rookie.

pierat
0 replies
6d1h

Hah! LZMAO!

nottorp
0 replies
6d

That... made my day. Brilliant from top to bottom.

Hmm. I'm starting on a new project tomorrow. Perhaps I should mail the customer and tell them I decided to rewrite the whole project in Rust?

nickburns
0 replies
5d23h

this project needs to be stickied. can we do that around here?

#intedwetrust

nablags
0 replies
5d15h

April 2nd 2024 Update: THIS PROJECT IS DEPRECATED

Due to several lawsuits and criminal investigations, DN$ needs to shutdown. Source code to setup your own DN$ resolver is here.

medellin
0 replies
6d1h

Little over the top. Sometimes subtle is better/more entertaining.

iamawacko
0 replies
6d2h

Seems legit!

estebarb
0 replies
6d1h

But where is the serverless blockchain?

binarysneaker
0 replies
6d2h

Good one

bevekspldnw
0 replies
5d22h

FWIW, I’ve looked at Cloudflare pretty closely and I don’t think they are monetizing - but given the potential rewards it’s always going to be a “break glass in case of quarterly revenue dip” type situation.

Google is…Google.

StinkyTechBros
0 replies
6d1h

Is this to be associated with "M$?" B/c there are still dorks writing things with a cash sign.

RedShift1
0 replies
6d

Already saw a job posting requiring 5 years of experience with DN$.

Melatonic
0 replies
5d18h

Should have called it "B$ DNS" hahaha

KaiserPro
0 replies
5d21h

I was using shitty wifi provided by the hotel for free, and was a bit mystified as to what the fuss was about. Turns out they were fucking with the replies, because of course they were.

Trying again on a network thats well setup lets me actually see the proper replies.