From 09d20192c5168cb09bc2a8037a9c13acfa4d2a1d Mon Sep 17 00:00:00 2001
From: bert hubert <bert.hubert@netherlabs.nl>
Date: Thu, 29 Mar 2018 22:36:26 +0200
Subject: [PATCH] initial words on resolver

---
 resolver.md | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/resolver.md b/resolver.md
index dc337c7..a12957a 100644
--- a/resolver.md
+++ b/resolver.md
@@ -2,6 +2,22 @@
                             **A warm welcome to DNS**
 
 # Resolver
-...
+Writing a modern resolver is the hardest part of DNS. A fully standards
+compliant DNS resolver is not a resolver that can be used in practice.
+
+In reality, resolvers are expected to process malformed queries coming from
+clients (stub-resolvers).  Furthermore, many authoritative servers respond
+incorrectly to modern DNS queries.  Zones are frequently misconfigured on
+authoritative servers but still expected to work correctly.
+
+Meanwhile, operators desire top performance, with individual CPU cores
+expected to satisfy the DNS needs of hundreds of thousands of users.
+
+To top this off, a modern DNS resolver will have to validate DNSSEC
+correctly. This may be among the hardest challenges of any widely used
+Internet protocol.
+
+So in short, before attempting to write a DNS resolver, ponder if you really
+need to.
 
 <!-- Markdeep: --><style class="fallback">body{visibility:hidden;white-space:pre;font-family:monospace}</style><script src="markdeep.min.js"></script><script src="https://casual-effects.com/markdeep/latest/markdeep.min.js"></script><script>window.alreadyProcessedMarkdeep||(document.body.style.visibility="visible")</script>
\ No newline at end of file