Unlike a simple DNS forwarder, this server doesn't just "ask someone else." It implements the full hierarchy: Root → TLD → Authoritative → Final Answer.
Key Technical Challenges I tackled:
Iterative Navigation: Setting RecursionDesired = false so that upstream servers treat the project as a peer resolver.
The "Glue Record" Problem: Implementing sub-resolution where the resolver has to pause the main query to resolve a nameserver's hostname before it can continue.
TTL-Aware Concurrency: Using sync.Map for a thread-safe cache that automatically respects record expiration.
State Management: Handling referrals and avoiding infinite loops in heavily nested zones.
Architecture: The server is built using raw UDP sockets and the dnsmessage package for packet parsing. It handles thousands of concurrent requests using Go’s concurrency primitives.
UDP Listener: Standard net.PacketConn loop.
Resolver Engine: Recursive logic that walks the hierarchy starting from A.ROOT-SERVERS.NET.
Local Overrides: A JSON-based configuration for authoritative local records (useful for dev environments or ad-blocking).
I’d love to hear from anyone who has worked on DNSSEC or handled high-traffic DNS infrastructure. What are the common pitfalls when moving from a "toy" resolver to a production-grade one?
Source Code: https://github.com/Jyotishmoy12/go-dns-server
bahador•47m ago