Lab notes

Technical deep-dives into DNS, networking, and observability. Notes from hands-on lab work, not tutorials. Written for people who already know what a CNAME is and want to understand what happens between the resolver and the authoritative server.

All notes

Reading DNS traffic captures: what your queries look like at the wire

tcpdump, dnstap, and Wireshark filters for understanding actual DNS traffic. With examples from real captures.

April 30, 2026 · dns · tcpdump · wireshark · observability

DNS-over-HTTPS: practical operational implications

DoH solves problems for end users and creates them for operators. Notes on what changes when DNS leaves UDP/53.

April 26, 2026 · dns · doh · networking

Anycast DNS at small scale: lessons from running our own

Anycast is for big operators. Until it's not. Notes from running a 3-PoP anycast DNS setup for a sub-million-query-per-day zone.

April 23, 2026 · dns · anycast · networking

NSD vs Knot vs PowerDNS: why we picked one for our authoritative

Three open-source authoritative DNS servers. We tested all three. Here's what each is good at and why we picked Knot.

April 19, 2026 · dns · comparison

DNSSEC validation chains: tracing a real query

What the recursor actually does to validate a signed answer, why it sometimes fails, and what you do when it does.

April 15, 2026 · dns · dnssec · security

DNS resolver internals: what happens between the stub and the recursor

Tracing a single A-record query through stub resolver, recursor, root, TLD, and authoritative — with the bits people skip.

April 12, 2026 · dns · networking