Location: Tacoma, WA, USA
Remote: Sure, that's an option.
Willing to relocate: No, but willing to drive around the greater Pacific Northwest.
Technologies: Python, Redis, C, DNS, Ignition SCADA / HMI, SQL, Bash, Linux, TCP/UDP,
old school ML & numerical methods, threat hunting, electronics, handy
with a wrench, dangerous with acetylene.
Résumé/CV: https://github.com/m3047 https://www.linkedin.com/in/fred-morris-03b6952/
Email: m3047-wantstobehired-t5b@m3047.net
Let's have a conversation, I like working with people. Not looking for the same old thing, have had a business license since 1984; prior to 2000 about a third of my work was firm bid (why did that go out of fashion?). Technologist and problem solver. Cloud skeptic, but I use what works. I prefer contracts to promises. W2 / contract: it depends, let's choose the correct vehicle for the scenario, and risk has a lot to do with it. Part time, seasonal, campaign... it's all good.
It's been over 20 years, but I used to build batch processing pipelines using SMTP (not Outlook). Biggest "choose your own adventure" aspect is accounting / auditing (making sure you didn't lose batches). I still joke about it as an option; although if somebody took me up on it I'd write up at least a semi-serious proposal.
In the middle are Mule, Rabbit, Kafka, ZMQ.
At the other end is UDP multicast, and I still use that for VM hosts or where I can trust the switch.
DNS is utilized for many things besides looking up web sites (and consequently ads on web sites). DNS was used for many things etcd was invented to solve, and still is by many. Adblocking is kidstuff; the bearded, motorcycle riding, gun-shooting, jumping out of airplanes and hanging off of rocks jackals use a "DNS firewall" (just posted this the other day): https://www.dnsrpz.info/ and Dnstap for application-level DNS logging.
Absolutely — DNS goes way beyond just resolving websites. It’s been used for service discovery and coordination long before tools like etcd came along, and still is in many systems today. Adblocking is one use case, but DNS firewalls (like RPZ) and logging frameworks such as Dnstap show how powerful DNS can be at the infrastructure level. Thanks for sharing the link — it’s a great reminder that benchmarking speed is only one piece of the bigger DNS picture.
Things built with asyncio and dnspython are close to my heart. ;-)
So, my impression from the doc (and a quick browse of the code) is that this is a tool for monitoring DNS caching / recursing resolver (RD) performance, not authoritative. If performance really matters to you, you should be running your own resolver(s). [0] Granted, you will quickly realize that some outfits running auth servers seem to understand that they're dependent on caching / recursing resolvers, and some are oblivious. Large public servers (recursing and auth) tend to "spread the pain" and so most people don't feel the bumps; but when they fall over they fall over large, and they bring some principles (and thereby create "vulnerabilities") at odds with what the DNS was architected for and throw the mitigation on the other operators, including operators who never accepted these self-anointed principles to begin with.
I have a hard time understanding how DNS is adding 300ms to every one of your API requests... unless DNS is both the API and transport, or you're using negative TTLs /s.
Thanks for the thoughtful read — and yes, the tool is focused on caching / recursing resolver performance, not authoritative. The asyncio + dnspython stack makes it easy to script and monitor those behaviors over time. Running your own resolver is definitely the gold standard if performance and control really matter, but benchmarking public ones helps surface the trade‑offs users face in practice. The 300ms example was more about illustrating how ads and systemic factors can dwarf raw resolver speed, not a claim about per‑request DNS overhead. Appreciate the detailed perspective and glad the doc came across clearly.
Upvoted not because the internet has ever been a safe haven, but for simply taking a moment to document the issue. But then again, I can't even give away a feed of what's bouncing off of my walls, drowning in my moat.
(An Alibaba /16? I block not just 3/8, but every AWS range I can find.)
It might be easier to block by ASN rather than hard-coding IP ranges. Something as simple as this in cron every 24 hours will help (adjust the ASNs in the bzgrep to your taste - and couple with occasional persistence so you don't get hit every reboot):
I have noticed (with my intergenerational, perpetual flock) that different behaviors come and go. There seems to be a current one where if I feed them mixed scratch grains then when it's rainy they eat the corn and leave the wheat / barley to sprout before eating. I wish they wouldn't, it attracts rats!
reply