Hacker News: rdme

New comment by rdme in "Show HN: Running the second public ODoH relay"

rdme — Thu, 14 May 2026 16:59:23 +0000

actually that is exactly how i am currently running it - dogfooding from my Mac

sudo numa install handles launchd, numa then becomes tailscale's fallback resolver

docker socket service discovery - on the roadmap

New comment by rdme in "Show HN: Running the second public ODoH relay"

rdme — Thu, 14 May 2026 15:01:01 +0000

honestly, nothing major, just deployed the docker-compose to a hetzner $5 instance https://github.com/razvandimescu/numa/tree/main/packaging/re...

then submit a pr to Frank https://github.com/DNSCrypt/dnscrypt-resolvers/blob/master/v...

New comment by rdme in "Show HN: Running the second public ODoH relay"

rdme — Thu, 14 May 2026 14:34:19 +0000

sovereign naming without ICANN or registrars - pkarr through DHT (not blockchain)

New comment by rdme in "Show HN: Running the second public ODoH relay"

rdme — Thu, 14 May 2026 12:36:34 +0000

no, you are actually telling the relay where to redirect your question from the start (because you are encrypting the question with the public key of the destination resolver) - the relay sending the question where it wants would result in the destination to not be able to decrypt it

New comment by rdme in "Show HN: Running the second public ODoH relay"

rdme — Thu, 14 May 2026 12:30:59 +0000

The relay sees IP + ciphertext, the target sees question + relay's IP. No single party gets both

New comment by rdme in "Show HN: Running the second public ODoH relay"

rdme — Thu, 14 May 2026 12:29:34 +0000

I agree with you, however that's a separate problem that needs to be solved

New comment by rdme in "Show HN: Running the second public ODoH relay"

rdme — Thu, 14 May 2026 11:44:40 +0000

They solve different things. ODoH hides your question, not who you're talking to.

New comment by rdme in "Show HN: Running the second public ODoH relay"

rdme — Thu, 14 May 2026 10:50:15 +0000

The relay is a systemd unit on a VPS, Caddy for TLS, SSRF-hardened (regex-strict hostnames, no IP literals). eTLD+1 same-operator check rejects relay+target run by the same org by default. HPKE is odoh-rs from Cloudflare

``` cargo install numa

# set mode = "odoh" in numa.toml ```

Repo: https://github.com/razvandimescu/numa

Show HN: Running the second public ODoH relay

rdme — Thu, 14 May 2026 10:44:50 +0000

Every privacy-focused DNS service requires an account: NextDNS, Cloudflare for Families, Apple's iCloud Private Relay (paid, iOS-only). The protocol that doesn’t require one - ODoH - had basically one well-known public relay operator (Frank Denis on Fastly Compute, default in dnscrypt-proxy). I built a second one and the client to talk to it.

Comments URL: https://news.ycombinator.com/item?id=48133561

Points: 124

# Comments: 41

New comment by rdme in "Reddit Starts Blocking Mobile Website, Pushing Users to App Instead"

rdme — Tue, 12 May 2026 04:55:51 +0000

this must be some a/b testing as i’m not seeing anything different

actually it does have a dismissable banner i haven’t even noticed

New comment by rdme in "Show HN: Daemons – we pivoted from building agents to cleaning up after them"

rdme — Tue, 21 Apr 2026 18:08:36 +0000

How would this work? One would connect it's repository to a cloud platform that would then act based on the existing daemons of the repo?

New comment by rdme in "Ask HN: What Are You Working On? (April 2026)"

rdme — Mon, 13 Apr 2026 12:25:10 +0000

Just shipped numa v0.13.0: added request hedging (fires a parallel query after 10ms if the primary stalls, inspired by Google's Tail at Scale paper) wire-level cache with serve-stale (RFC 8767) and a DoT client for encrypted upstream.

Wrote about the tail latency investigation: https://numa.rs/blog/posts/fixing-doh-tail-latency.html

New comment by rdme in "Show HN: I built a DNS resolver from scratch in Rust – no DNS libraries"

rdme — Fri, 10 Apr 2026 06:40:26 +0000

should be fixed by #54 in 0.10.3 thanks again!

New comment by rdme in "Show HN: I built a DNS resolver from scratch in Rust – no DNS libraries"

rdme — Mon, 06 Apr 2026 18:43:41 +0000

Thanks for pointing this out! I’ve created https://github.com/razvandimescu/numa/issues/36

New comment by rdme in "Show HN: I built a DNS resolver from scratch in Rust – no DNS libraries"

rdme — Fri, 03 Apr 2026 07:24:05 +0000

let me know how it goes

New comment by rdme in "Show HN: I built a DNS resolver from scratch in Rust – no DNS libraries"

rdme — Thu, 02 Apr 2026 21:08:06 +0000

Split DNS already works — Numa auto-detects Tailscale forwarding rules from the system config. Queries matching . go to Tailscale’s DNS, everything else goes through Numa

If you want to skip Tailscale entirely for home servers, Numa’s LAN discovery auto-finds machines running Numa on the same network. Or add static records in numa.toml for machines that don’t run it.

New comment by rdme in "Show HN: I built a DNS resolver from scratch in Rust – no DNS libraries"

rdme — Thu, 02 Apr 2026 19:09:32 +0000

This was started as a learning project, went from the start to the lowest level then I've just added features I wanted one by one, it just made the most sense

New comment by rdme in "Show HN: I built a DNS resolver from scratch in Rust – no DNS libraries"

rdme — Thu, 02 Apr 2026 18:22:27 +0000

let me know if you do it!

New comment by rdme in "Show HN: I built a DNS resolver from scratch in Rust – no DNS libraries"

rdme — Thu, 02 Apr 2026 16:45:49 +0000

Numa can do recursive resolution from root nameservers + DNSSEC, .numa local domains with auto HTTPS for dev, and LAN service discovery. What features would you be interested in?

New comment by rdme in "Show HN: I built a DNS resolver from scratch in Rust – no DNS libraries"

rdme — Thu, 02 Apr 2026 16:29:30 +0000

It definitely is and you can see it in the git commits. The DNS wire protocol parser was the original learning project I wrote to understand the spec. Later features (recursive resolver, DNSSEC validation, the dashboard) were built with the help of AI