Blog
-
Fixing DNS tail latency with a 5-line config and a 50-line functionPeriodic 40-140ms DoH spikes from hyper's dispatch channel. The fix was reqwest window tuning and request hedging — Dean & Barroso's "The Tail at Scale," applied to a DNS forwarder. Same ideas took cold recursive p99 from 2.3 seconds to 538ms.April 2026
-
DNS-over-TLS from Scratch in RustBuilding RFC 7858 on top of rustls — length-prefix framing, ALPN cross-protocol defense, and two bugs that only the strict clients caught.April 2026
-
Implementing DNSSEC from Scratch in RustRecursive resolution from root hints, chain-of-trust validation, NSEC/NSEC3 denial proofs, and what I learned implementing DNSSEC with zero DNS libraries.March 2026
-
I Built a DNS Resolver from Scratch in RustHow DNS actually works at the wire level — label compression, TTL tricks, DoH, and what surprised me building a resolver with zero DNS libraries.March 2026