38 lines
1.6 KiB
Markdown
38 lines
1.6 KiB
Markdown
<meta charset="utf-8" emacsmode="-*- markdown -*-">
|
|
**A warm welcome to DNS**
|
|
|
|
Note: this page is part of the
|
|
'[hello-dns](https://powerdns.org/hello-dns/)' documentation effort.
|
|
|
|
# Resolver
|
|
Writing a modern resolver is the hardest part of DNS. A fully standards
|
|
compliant DNS resolver is not a resolver that can be used in practice.
|
|
|
|
In reality, resolvers are expected to process malformed queries coming from
|
|
clients (stub-resolvers). Furthermore, many authoritative servers respond
|
|
incorrectly to modern DNS queries. Zones are frequently misconfigured on
|
|
authoritative servers but still expected to work correctly.
|
|
|
|
Meanwhile, operators desire top performance, with individual CPU cores
|
|
expected to satisfy the DNS needs of hundreds of thousands of users.
|
|
|
|
To top this off, a modern DNS resolver will have to validate DNSSEC
|
|
correctly. This may be among the hardest challenges of any widely used
|
|
Internet protocol.
|
|
|
|
Excellent resolvers that are freely available and open source include:
|
|
|
|
* [BIND 9](https://www.isc.org/downloads/bind/)
|
|
* [Knot resolver](https://www.knot-resolver.cz/)
|
|
* [Unbound](https://www.unbound.net/)
|
|
* [PowerDNS Recursor](https://www.powerdns.com/recursor.html)
|
|
|
|
So in short, before attempting to write a DNS resolver, ponder if you really
|
|
need to.
|
|
|
|
# Resolver algorithm
|
|
|
|
TBC..
|
|
|
|
<!-- Markdeep: --><style class="fallback">body{visibility:hidden;white-space:pre;font-family:monospace}</style><script src="ext/markdeep.min.js"></script><script>window.alreadyProcessedMarkdeep||(document.body.style.visibility="visible")</script>
|