frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Open in hackernews

Show HN: I built a DNS resolver from scratch in Rust – no DNS libraries

https://github.com/razvandimescu/numa
43•rdme•5h ago
I built a DNS resolver that lets me use https://frontend.numa instead of localhost:5173 — auto-generated TLS certs, WebSocket passthrough, path routing. No mkcert, no nginx, no /etc/hosts.

Comments

rdme•5h ago
Since I needed it to be my primary DNS, I also added: recursive resolution from root nameservers, DNSSEC chain-of-trust validation, ad blocking (385K+ domains), and LAN service discovery.

I wrote about the DNSSEC implementation here: https://numa.rs/blog/posts/dnssec-from-scratch.html It's now my daily system DNS. Single binary (~8MB), macOS/Linux/Windows.

`sudo numa install`

rdme•4h ago
Thanks! If you hit any issues during setup, feel free to open an issue — happy to help debug. The dashboard at localhost:5380 shows what's happening in real time.
siruwastaken•1h ago
Why are you replying to your own coment?
happytoexplain•59m ago
I think it's a bot? There's an identical version of this comment in another reply, except it cuts off half way through a sentence.
rdme•47m ago
I hit reply on the wrong post and you can't delete comments or at least I don't see how it can be done
rdme•48m ago
because I clicked reply on the wrong one and you can't delete it...
pyprism•30m ago
Very interesting project! I have a couple of questions. With all the default blocked domains loaded, what is the average memory usage? Currently, I am using Pi-hole on a low memory single board computer. Is it possible to use this instead of Pi-hole? If so, I’d like to use it for all of my devices."
rdme•20m ago
With 390K blocked domains: ~31MB total process footprint. Breakdown: - Blocklist: 23.4MB (390K domains) - Cache: 3.8MB (4.4K entries) - Query log, SRTT, runtime: ~4MB

It binds to 0.0.0.0:53 by default, so just point your devices' DNS to the board's IP

rbluethl•5h ago
Cool idea, every developer running apps in dev on their machine knows this pain for sure. I'll give it a spin and let you know how it goes!
rdme•2h ago
Thanks! If you hit any issues during setup, feel free to open an issue — happy to help debug. The dashboard at localhost:5380 (or at https://numa.numa)
lyfeninja•5h ago
I think I need to give this a go. Cool project.
rdme•4h ago
Thanks! Let me know how it goes.
_kidlike•2h ago
very interesting. how does the blocklist work? can one manage the lists? like StevenBlack or others.
rdme•2h ago
Yes, it is configurable as a list https://github.com/razvandimescu/numa/blob/main/numa.toml#L4...

There's also a per-domain allowlist and you can pause/unpause blocking from the dashboard or API.

Here's how the resolution pipeline looks like: https://numa.rs/blog/posts/dns-from-scratch.html#the-resolut...

6r17•1h ago
Same hack here ; I have no DSN running by default - much more handy than having to set up nginx as it has no opinion on the targeted infrastructure. And the bonus point is that you can see every sneaky request that happens when you browse ; so another side-project connected to this is to make an inventory and policy filter
rdme•1h ago
Yes sir! The query log is at GET /querylog (or on the dashboard) shows every request with domain, type, path (forwarded/recursive/cached/blocked) and latency
voltagex_•1h ago
Great idea, pity about the slop.
bahador•1h ago
feature request: libnuma so i can use it programmatically with configuration. also, multiple user defined blocklists.
rdme•40m ago
Multiple blocklists already work -https://github.com/razvandimescu/numa/blob/main/numa.toml#L4... The pieces are already there for libnuma, it could be done, would you share what use case you have in mind?
EdoardoIaga•1h ago
Rust it’s crazy good
arafeq•1h ago
this is really clean. the auto-TLS for local dev is the killer feature imo, so many hours wasted fighting mkcert and nginx configs. do you plan to support docker/container networking? being able to resolve service names across docker compose setups would make this a no-brainer for teams.
rdme•57m ago
Actually, if you point a container's DNS at the host (dns: [host.docker.internal] in compose), it works for resolution + ad blocking for the reverse however, I've added it on the radar, thanks!
Kaliboy•17m ago
How does auto-TLS work? It makes a self signed certificate automatically?
rdme•15m ago
Yes — numa install generates a local CA and stores it in the system trust store. When you register a .numa service, it generates a per-service TLS cert signed by that CA
p2hari•1h ago
Nice idea. To test I ran a simple nextjs on port 3000. Added the service via the dashboard. However, when I visit the url, (using chrome latest version), https://{mygivenname}.numa/ I hit a DNS resolution fail error. If I do not use a trailing '/' then it is going to google search for {mygivenname}.numa and shows me some search results. Should I open an issue?
rdme•53m ago
Is it possible you didn't start it as root ( sudo numa install)? Does dig {mygivenname}.numa @127.0.0.1 return 127.0.0.1 ? What OS are you on? Maybe you report it as an issue?
p2hari•45m ago
Thanks for quick response. It started to work. I think it must be some caching issue. But it needs a trailing '/' . Maybe will raise the issue for this. Cool.
arcaen•11m ago
I believe that is actually browser specific behavior. I sometimes use a fake TLD for stuff hosted at home, and both chrome and firefox resort to search if I don't include a trailing '/'. My assumption is the browser does a quick match against known TLDs and if it doesn't match then it resorts to search.
goodpoint•15m ago
we need a [slop] flag in the headlines
voxadam•11m ago
It's neither here nor there but can I ask about the name? I only ask because when I see "numa" in relation to computing I immediately think "Non-Uniform Memory Access".

Very cool project by the way. I wonder how this would run on an OpenWRT device.

I see in your install.sh that you support Linux and Darwin/MacOS, do you think there would be any major hurdles in supporting FreeBSD?

camdv•10m ago
On the web site, it's named after the second King of Rome
rdme•7m ago
also in romanian nume = name(dns) and I also get the easter egg of that well known Romanian song numa numa :) https://www.youtube.com/watch?v=YnopHCL1Jk8

LinkedIn Is Illegally Searching Your Computer

https://browsergate.eu/
636•digitalWestie•2h ago•301 comments

Qwen3.6-Plus: Towards Real World Agents

https://qwen.ai/blog?id=qwen3.6
63•pretext•51m ago•27 comments

Lemonade by AMD: a fast and open source local LLM server using GPU and NPU

https://lemonade-server.ai
194•AbuAssar•4h ago•52 comments

Inside Nepal's Fake Rescue Racket

https://kathmandupost.com/money/2026/03/27/inside-nepal-s-fake-rescue-racket
122•lode•3h ago•34 comments

IBM Announces Strategic Collaboration with Arm

https://newsroom.ibm.com/2026-04-02-ibm-announces-strategic-collaboration-with-arm-to-shape-the-f...
189•bonzini•6h ago•119 comments

Sweden goes back to basics, swapping screens for books in the classroom

https://undark.org/2026/04/01/sweden-schools-books/
390•novaRom•4h ago•209 comments

Significant Raise of Reports

https://lwn.net/Articles/1065620/
133•stratos123•6h ago•67 comments

Bringing Clojure programming to Enterprise (2021)

https://blogit.michelin.io/clojure-programming/
126•smartmic•7h ago•63 comments

'Backrooms' and the Rise of the Institutional Gothic

https://thereader.mitpress.mit.edu/backrooms-and-the-rise-of-the-institutional-gothic/
24•anarbadalov•2h ago•5 comments

Gone (Almost) Phishin'

https://ma.tt/2026/03/gone-almost-phishin/
106•luu•2d ago•53 comments

Enabling Codex to Analyze Two Decades of Hacker News Data

https://modolap.com/publication/hn-analysis-1
41•ronfriedhaber•4h ago•16 comments

Email obfuscation: What works in 2026?

https://spencermortensen.com/articles/email-obfuscation/
250•jaden•11h ago•74 comments

Emacs-libgterm: Terminal emulator for Emacs using libghostty-vt

https://github.com/rwc9u/emacs-libgterm
42•signa11•4d ago•12 comments

The SpaceX IPO: retail investor notes

https://report.bearblog.dev/the-spacex-ipo-will-be-the-perfect-storm-of-retail-investor-fallacies/
24•u1hcw9nx•4h ago•10 comments

Mercor says it was hit by cyberattack tied to compromise LiteLLM

https://techcrunch.com/2026/03/31/mercor-says-it-was-hit-by-cyberattack-tied-to-compromise-of-ope...
104•jackson-mcd•1d ago•31 comments

Show HN: I built a DNS resolver from scratch in Rust – no DNS libraries

https://github.com/razvandimescu/numa
43•rdme•5h ago•32 comments

On the trail of ancient art, deep in the Sahara

https://www.ft.com/content/524ed21e-5c35-489e-ae0b-90d40b4cf28a
4•bookofjoe•2d ago•1 comments

Quantum computing bombshells that are not April Fools

https://scottaaronson.blog/?p=9665
228•Strilanc•14h ago•72 comments

Steam on Linux Use Skyrocketed Above 5% in March

https://www.phoronix.com/news/Steam-On-Linux-Tops-5p
586•hkmaxpro•12h ago•270 comments

Telli (YC F24) is hiring engineers, designers, and more (on-site, Berlin)

http://hi.telli.com/join-us
1•sebselassie•8h ago

EmDash – A spiritual successor to WordPress that solves plugin security

https://blog.cloudflare.com/emdash-wordpress/
634•elithrar•23h ago•472 comments

Subscription bombing and how to mitigate it

https://bytemash.net/posts/subscription-bombing-your-signup-form-is-a-weapon/
240•homelessdino•11h ago•153 comments

Artemis II Launch Day Updates

https://www.nasa.gov/blogs/missions/2026/04/01/live-artemis-ii-launch-day-updates/
1012•apitman•22h ago•885 comments

Built a cheap DIY fan controller because my motherboard never had working PWM

https://www.himthe.dev/blog/msi-forgot-my-fans
57•bobsterlobster•2d ago•18 comments

Reinventing the Pull Request

https://lubeno.dev/blog/reinventing-the-pull-request
48•bkolobara•6d ago•40 comments

A new C++ back end for ocamlc

https://github.com/ocaml/ocaml/pull/14701
220•glittershark•15h ago•19 comments

DRAM pricing is killing the hobbyist SBC market

https://www.jeffgeerling.com/blog/2026/dram-pricing-is-killing-the-hobbyist-sbc-market/
563•ingve•17h ago•491 comments

New laws to make it easier to cancel subscriptions and get refunds

https://www.bbc.co.uk/news/articles/cvg0v36ek2go
123•chrisjj•6h ago•53 comments

Fast and Gorgeous Erosion Filter

https://blog.runevision.com/2026/03/fast-and-gorgeous-erosion-filter.html
209•runevision•2d ago•20 comments

Artemis computer running two instances of MS outlook; they can't figure out why

https://bsky.app/profile/nikigrayson.com/post/3miik2wzosk25
5•mooreds•11m ago•2 comments