Show HN: DN$ – an innovative, ad-supported DNS resolver

[nablags]

Tired of companies snooping through your DNS traffic? Don't you wish you could get advertisements with your DNS records?

Today we're introducing the innovative, privacy-focused, ad-supported DNS resolver - DN$! Traditional DNS resolvers provided by your internet service provider, cloudflare, or google could be tracking your internet activity and selling it to third-party data vendors. We at DN$ want to fix that and cut out these nefarious actors (until we've amassed a critical number of users to exploit).

In order to support such a radically new business model, our service needs to serve adverts because $INSERT_FAKE_REASONS. Open source and built in rust - our software is secure and blazingly fast because it is open source and built in rust.

As a corporate entity, our executives are not liable for prison time and will probably only be fined small financial penalties for any serious crimes we commit. However, we *promise* that we are NOT doing anything nefarious like tracking and selling your user data and internet behavior. We will also NOT be using the data (we are not collecting : ) to train AI models to make ourselves rich.

Did we mention that it's built in rust therefore it's safe and fast?

Send your DNS queries to `35.223.197.204` :) to try it out:

``` dig @35.223.197.204 hackernews.com ```

[silisili]

Gotta admit, the title got my blood pressure going a little bit, until I clicked and read through. Really well done, and nice working demo!

[bevekspldnw]

Same!

[yonatan8070]

Great execution, one of my queries showed this, idk what it means

```dig @35.223.197.204 google.com ;; Warning: ID mismatch: expected ID 37255, got 53558```

Great project, I found out about a course that'll help me make 100,000 USD a month!

[nablags]

An ID mismatch occurs when the ID on your DNS query differs from the ID on your DNS response. Queries & Responses should share the same ID - either this has been done intentionally or it's a sign that something is buggy with the resolver.

This sounds like a serious, security vulnerability. We'll investigate it in 3-5 years

[yonatan8070]

Given that the server is written in Rust, it is perfect and has no bugs. This must be a cosmic ray that hit a router on the way

[loa_in_]

If it's written on rust then the spec is buggy

[KomoD]

It's a feature!

[bevekspldnw]

FWIW, I’ve looked at Cloudflare pretty closely and I don’t think they are monetizing - but given the potential rewards it’s always going to be a “break glass in case of quarterly revenue dip” type situation.

Google is…Google.

[proactivesvcs]

Here's me, a Uniformly Dopey Peasant.

  nmap -sV -p 53 35.223.197.204
  Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-04-01 20:16 BST
  Nmap scan report for 204.197.223.35.bc.googleusercontent.com (35.223.197.204)
  Host is up (0.11s latency).

  PORT   STATE SERVICE VERSION
  53/tcp open  domain?
  1 service unrecognized despite returning data. If you know the service/version, please submit the
  following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
  SF-Port53-TCP:V=7.94SVN%I=7%D=4/1%Time=660B081A%P=x86_64-pc-linux-gnu%r(DN
  SF:SVersionBindReqTCP,4F,"\0M\0\x06\x81\x05\0\x01\0\x01\0\0\0\0\x07version
  SF:\x04bind\0\0\x10\0\x03\xc0\x0c\0\x10\0\x01\0\0\0d\0#\"TCP\x20is\x20for\
  SF:x20enterprise\x20clients\x20only")%r(DNSStatusRequestTCP,3D,"\0;\0\0\x9
  SF:0\x05\0\0\0\x01\0\0\0\0\xc0\x0c\0\x10\0\x01\0\0\0d\0#\"TCP\x20is\x20for
  SF:\x20enterprise\x20clients\x20only");

[nablags]

Our company culture codifies that our free and enterprise customers are uniformly referred to as peasants.

Enterprise customers are called "Top Customer Peasants"

[bertman]

Nice :D

The TXT ads: https://github.com/tedkim97/adcache/blob/main/src/adcache.rs...

[mtillman]

so good: "Meet hot, lonely DNS records in your area tonight"

[eddd-ddde]

Built in rust? This needs to be at the top of my resolv.conf immediately!

[rpigab]

You mean resolv.conf.ron? And why would you need anything else in that file, DN$ is all you need!

[1oooqooq]

you mean etc/systemd/resolv.conf.d/new.conf

get on with the times, gramps.

[Semaphor]

Can recommend! I tried it, and it only took 11.423 seconds to resolve reddit.com!

[nablags]

this is likely user error, our resolver was programmed in Rust, therefore it's blazingly fast

[toomuchtodo]

Web scale.

[bigblind]

Needs MongoDB

[klyrs]

I died

[nablags]

April 2nd 2024 Update: THIS PROJECT IS DEPRECATED

Due to several lawsuits and criminal investigations, DN$ needs to shutdown. Source code to setup your own DN$ resolver is here.

[RedShift1]

Already saw a job posting requiring 5 years of experience with DN$.

[PreInternet01]

> DN$ only supports DNSSEC for customers in the ENTERPRISE tier

OK, so how much do I pay you to change that message to "DNSSEC is pointless and you should feel bad for making this request"?

[nablags]

If you join our pre-pre-seed fundraising round, I'm sure we can work something out

[chuckadams]

Why change the message instead of adding another? Any smart company should be able to offer support contracts for pointless things.

[IX-103]

;; ADDITIONAL SECTION

TXT "Meet hot, lonely DNS records in you area tonight"

[tgeorge]

;; ADDITIONAL SECTION: news.ycombinator.com. 7200 IN TXT "CONSUME CONSUME CONSUME CONSUME CONSUME CONSUME CONSUME CONSUME CONSUME"

[nottorp]

That... made my day. Brilliant from top to bottom.

Hmm. I'm starting on a new project tomorrow. Perhaps I should mail the customer and tell them I decided to rewrite the whole project in Rust?

[medellin]

Little over the top. Sometimes subtle is better/more entertaining.

[KomoD]

When are you going to implement the dark blockchain into this!?

[nablags]

Blockchain technology is on our roadmap for Q4 20XX

[rpigab]

  $ dig @35.223.197.204 hackernews.com
  < HTTP 402 error.

Wierd, it shouldn't even use HTTP. Something's fishy.

[bombcar]

Your dig is dug.

    $ dig @35.223.197.204 hackernews.com
    
    ; <<>> DiG 9.10.6 <<>> @35.223.197.204 hackernews.com
    ; (1 server found)
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63493
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 2
    
    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 65494
    ;; QUESTION SECTION:
    ;hackernews.com.   IN A
    
    ;; ANSWER SECTION:
    hackernews.com.  46 IN A 13.249.141.50
    hackernews.com.  46 IN A 13.249.141.113
    hackernews.com.  46 IN A 13.249.141.98
    hackernews.com.  46 IN A 13.249.141.39
    
    ;; ADDITIONAL SECTION:
    hackernews.com.  7200 IN TXT "Need to launder some money? Invest in our cryptocurrency!"

[KaiserPro]

I was using shitty wifi provided by the hotel for free, and was a bit mystified as to what the fuss was about. Turns out they were fucking with the replies, because of course they were.

Trying again on a network thats well setup lets me actually see the proper replies.

[Melatonic]

Should have called it "B$ DNS" hahaha

[xyst]

No plans to IPO, then sell off shares and causing the entire stock to free fall and leaving retail investors to hold the bag?

Rookie.

[Mathnerd314]

From the article link in the readme, this is a dig at Facebook.

[nablags]

We take inspiration from several tech companies - current and bankrupt

[WorldMaker]

That specific bullet point was definitely a jab at Meta, but the whole thing is not just Meta.

Ad-supported DNS is already a common problem of the major Consumer ISPs, which is part of the reason it is often suggested to own your own home router, and to use a DNS provider of your own choice in your router (depending on who you trust to not also eventually add ads to their DNS, often the choices are Google or Cloudflare or DIY things like PiHoles).

[estebarb]

But where is the serverless blockchain?

[iamawacko]

Seems legit!

[nickburns]

this project needs to be stickied. can we do that around here?

#intedwetrust

[binarysneaker]

Good one

[pierat]

Hah! LZMAO!

[StinkyTechBros]

Is this to be associated with "M$?" B/c there are still dorks writing things with a cash sign.

[naikrovek]

I hate April Fool’s day so much.

No, this didn’t trick me.

Lying and pranking are both bad things to do, and they’re bad on 1 April, too.

If you find this kind of thing fun, we can’t be friends and I will forever look down at you.

It’s my problem, I know, I just can’t condone pranking or deception for any reason.

[bee_rider]

Harmless pranks are good. They are our way of vaccinating people against real lies.

[naikrovek]

STRONG disagree. I have been pranked many, many times.

People want pranking to be ok because they want to have the license to prank someone.

In my experience, it is the pranksters I have known who have been most easily fooled by scams and misinformation.

Assholes hide behind pranks believing that saying “it’s just a prank, bro” afterwards frees them from the “asshole” label, or that it somehow excuses the whole exercise. It does not. It makes them a coward for trying to hide behind the “harmless prank” label.

Also, you can’t know a prank is harmless until after it has concluded. Any number of unpredictable things can go wrong during a prank that are subtly and unpredictably harmful in ways that the prankster could never know beforehand.

The only good pranks are the ones in which the pranked, after the pranking, wishes it happened more often. Never in my life have I witnessed such a prank, and I spent years in the military: pranksters paradise.