DEV Community: NewJhez01 The latest articles on DEV Community by NewJhez01 (@newjhez01). https://dev.to/newjhez01 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3465240%2F026d9d01-6d49-4569-83bd-0a3822229aec.png DEV Community: NewJhez01 https://dev.to/newjhez01 en [Boost] NewJhez01 Fri, 12 Jun 2026 16:41:03 +0000 https://dev.to/newjhez01/-i8i https://dev.to/newjhez01/-i8i <div class="ltag__link--embedded"> <div class="crayons-story "> <a href="https://dev.to/newjhez01/regaining-privacy-by-parsing-dns-requests-bit-by-bit-462h" class="crayons-story__hidden-navigation-link">Regaining Privacy by Parsing DNS Requests Bit by Bit</a> <div class="crayons-story__body crayons-story__body-full_post"> <div class="crayons-story__top"> <div class="crayons-story__meta"> <div class="crayons-story__author-pic"> <a href="/newjhez01" class="crayons-avatar crayons-avatar--l "> <img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3465240%2F026d9d01-6d49-4569-83bd-0a3822229aec.png" alt="newjhez01 profile" class="crayons-avatar__image"> </a> </div> <div> <div> <a href="/newjhez01" class="crayons-story__secondary fw-medium m:hidden"> NewJhez01 </a> <div class="profile-preview-card relative mb-4 s:mb-0 fw-medium hidden m:inline-block"> NewJhez01 <div id="story-author-preview-content-3868887" class="profile-preview-card__content crayons-dropdown branded-7 p-4 pt-0"> <div class="gap-4 grid"> <div class="-mt-4"> <a href="/newjhez01" class="flex"> <span class="crayons-avatar crayons-avatar--xl mr-2 shrink-0"> <img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3465240%2F026d9d01-6d49-4569-83bd-0a3822229aec.png" class="crayons-avatar__image" alt=""> </span> <span class="crayons-link crayons-subtitle-2 mt-5">NewJhez01</span> </a> </div> <div class="print-hidden"> Follow </div> <div class="author-preview-metadata-container"></div> </div> </div> </div> </div> <a href="https://dev.to/newjhez01/regaining-privacy-by-parsing-dns-requests-bit-by-bit-462h" class="crayons-story__tertiary fs-xs"><time>Jun 12</time><span class="time-ago-indicator-initial-placeholder"></span></a> </div> </div> </div> <div class="crayons-story__indention"> <h2 class="crayons-story__title crayons-story__title-full_post"> <a href="https://dev.to/newjhez01/regaining-privacy-by-parsing-dns-requests-bit-by-bit-462h" id="article-link-3868887"> Regaining Privacy by Parsing DNS Requests Bit by Bit </a> </h2> <div class="crayons-story__tags"> <a class="crayons-tag crayons-tag--filled " href="/t/showdev"><span class="crayons-tag__prefix">#</span>showdev</a> <a class="crayons-tag crayons-tag--monochrome " href="/t/networking"><span class="crayons-tag__prefix">#</span>networking</a> <a class="crayons-tag crayons-tag--monochrome " href="/t/privacy"><span class="crayons-tag__prefix">#</span>privacy</a> <a class="crayons-tag crayons-tag--monochrome " href="/t/softwareengineering"><span class="crayons-tag__prefix">#</span>softwareengineering</a> </div> <div class="crayons-story__bottom"> <div class="crayons-story__details"> <a href="https://dev.to/newjhez01/regaining-privacy-by-parsing-dns-requests-bit-by-bit-462h" class="crayons-btn crayons-btn--s crayons-btn--ghost crayons-btn--icon-left"> <div class="multiple_reactions_aggregate"> <span class="multiple_reactions_icons_container"> <span class="crayons_icon_container"> <img src="https://assets.dev.to/assets/sparkle-heart-5f9bee3767e18deb1bb725290cb151c25234768a0e9a2bd39370c382d02920cf.svg" width="18" height="18"> </span> </span> <span class="aggregate_reactions_counter">2<span class="hidden s:inline">&nbsp;reactions</span></span> </div> </a> <a href="https://dev.to/newjhez01/regaining-privacy-by-parsing-dns-requests-bit-by-bit-462h#comments" class="crayons-btn crayons-btn--s crayons-btn--ghost crayons-btn--icon-left flex items-center"> 2<span class="hidden s:inline">&nbsp;comments</span> </a> </div> <div class="crayons-story__save"> <small class="crayons-story__tertiary fs-xs mr-2"> 11 min read </small> <span class="bm-initial crayons-icon c-btn__icon"> </span> <span class="bm-success crayons-icon c-btn__icon"> </span> </div> </div> </div> </div> </div> </div> Regaining Privacy by Parsing DNS Requests Bit by Bit NewJhez01 Fri, 12 Jun 2026 16:40:54 +0000 https://dev.to/newjhez01/regaining-privacy-by-parsing-dns-requests-bit-by-bit-462h https://dev.to/newjhez01/regaining-privacy-by-parsing-dns-requests-bit-by-bit-462h <p>In today's world, telemetry and ads are everywhere. Personally, I'm sick and tired of it. I wanted my network to actually feel like my own. Then it struck me: I'm a software engineer with systems and network experience. Why not put that to use and build a DNS resolver from scratch? The protocol is well-documented for anyone willing to read RFC 1035. So I got started. Here's what I learned, you can find the project <a href="https://github.com/NewJhez01/gdns" rel="noopener noreferrer">here</a>.</p> <p>For context, or if you've been snooping around my <a href="https://github.com/NewJhez01" rel="noopener noreferrer">GitHub</a>, you might have noticed I built my own HTTP server with no additional dependencies. So the natural conclusion would be: ah, this is just a copy-paste project. I thought so too, until I read the RFC and realised DNS works with bits and octets, not JSON and routes. That's when I knew this would take real effort. And that's exactly why I was excited. I once again chose Go for this since its concurrency is just excellent when handling async network traffic.</p> <h2> Getting Started </h2> <p>I got started, as I do with most projects nowadays, by setting up the Docker environment and a GitHub Actions pipeline so I could continuously produce quality tests and ensure my program would always build. I also decided to structure my project by feature instead of by layer. This is standard in Go but quite new for me. Instead of having layers such as HTTP, domain, data, and infrastructure, I organised by packages: dns for the resolver, cache for caching, and so on. This way I could move faster without breaking things, and my packages were far more modular.<br> After this was done, I first set up a TCP port to stream packets, as I did for my HTTP server. This was when I learnt DNS works over UDP, not TCP.</p> <p>A quick aside for anyone who hasn't worked with network protocols: TCP is a stream protocol, it guarantees ordered, reliable delivery, reassembling bytes in the correct sequence. UDP, on the other hand, sends independent datagrams with no ordering or delivery guarantees, but the speed is vastly increased. It was a different approach, but it actually made setting up the server less complex. No connection handshake, no stream management, merely open a socket and handle each packet as it arrives:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="n">addr</span><span class="p">,</span> <span class="n">_</span> <span class="o">:=</span> <span class="n">net</span><span class="o">.</span><span class="n">ResolveUDPAddr</span><span class="p">(</span><span class="s">"udp"</span><span class="p">,</span> <span class="s">":5555"</span><span class="p">)</span> <span class="n">conn</span><span class="p">,</span> <span class="n">_</span> <span class="o">:=</span> <span class="n">net</span><span class="o">.</span><span class="n">ListenUDP</span><span class="p">(</span><span class="s">"udp"</span><span class="p">,</span> <span class="n">addr</span><span class="p">)</span> <span class="n">buff</span> <span class="o">:=</span> <span class="nb">make</span><span class="p">([]</span><span class="kt">byte</span><span class="p">,</span> <span class="m">512</span><span class="p">)</span> <span class="n">n</span><span class="p">,</span> <span class="n">addr</span><span class="p">,</span> <span class="n">_</span> <span class="o">:=</span> <span class="n">conn</span><span class="o">.</span><span class="n">ReadFromUDP</span><span class="p">(</span><span class="n">buff</span><span class="p">)</span> </code></pre> </div> <p>This had the effect that I needed fewer goroutines, since I only needed to handle the packets concurrently and not the stream as well.</p> <h2> Parsing the Protocol </h2> <p>Once the UDP server was set up I could start throwing mock DNS requests at it and subsequently parse them according to RFC 1035. I then realised I couldn't just work with byte arrays. Some fields like the ID were two octets, or 16 bits of data. These could easily be transferred into bytes with a size of 2 since 8 bits are one byte. However, where it got tricky was the flags field, a single 16-bit word packed with individual bits and small bitfields. QR is one bit to distinguish query from response. AA, TC, RD, and RA are single-bit booleans. OPCODE spans four bits, Z takes three, and RCODE another four. Extracting these meant shifting the right amount and masking with hexadecimal values:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="n">bits</span> <span class="o">:=</span> <span class="n">binary</span><span class="o">.</span><span class="n">BigEndian</span><span class="o">.</span><span class="n">Uint16</span><span class="p">(</span><span class="n">b</span><span class="p">)</span> <span class="n">h</span><span class="o">.</span><span class="n">Qr</span> <span class="o">=</span> <span class="n">QR</span><span class="p">((</span><span class="n">bits</span> <span class="o">&gt;&gt;</span> <span class="m">15</span><span class="p">)</span> <span class="o">&amp;</span> <span class="m">0x1</span><span class="p">)</span> <span class="c">// shift 15 bits left + consume 1</span> <span class="n">h</span><span class="o">.</span><span class="n">OpCode</span> <span class="o">=</span> <span class="n">OPCODE</span><span class="p">((</span><span class="n">bits</span> <span class="o">&gt;&gt;</span> <span class="m">11</span><span class="p">)</span> <span class="o">&amp;</span> <span class="m">0xF</span><span class="p">)</span> <span class="c">// shift 11 bits left + consume 4 </span> <span class="n">h</span><span class="o">.</span><span class="n">Aa</span> <span class="o">=</span> <span class="p">(</span><span class="n">bits</span><span class="o">&gt;&gt;</span><span class="m">10</span><span class="p">)</span><span class="o">&amp;</span><span class="m">0x1</span> <span class="o">==</span> <span class="m">1</span> </code></pre> </div> <p>I kept mixing up whether to shift left or right, and whether the mask came before or after the shift. The mental model only clicked once I stopped thinking of the bytes as numbers and started seeing them as bit positions in a 16-bit window. This also meant I finally understood why 0x7 masks 3 bits but &lt;&lt; 4 shifts them to position 4. The 7 in 0x7 is just the mask width, not the shift amount:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="c">// The mask width, not the value being shifted written in hex:</span> <span class="c">// 0x1 = 0001 (keeps 1 bit)</span> <span class="c">// 0x3 = 0011 (keeps 2 bits)</span> <span class="c">// 0x7 = 0111 (keeps 3 bits) ← Z field</span> <span class="c">// 0xF = 1111 (keeps 4 bits) ← OPCODE, RCODE</span> </code></pre> </div> <p>Then came the counters — QDCOUNT, ANCOUNT, NSCOUNT, ARCOUNT — each 16-bit values that seemed straightforward until I realised my [2]byte array was being initialised as {1, 0} when I wrote SixteenBit{1} (my custom type of a byte array with length 2), because Go fills the first index and zeroes the rest. That gave me 256 instead of 1 in big-endian. I had to be explicit:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="n">d</span><span class="o">.</span><span class="n">Header</span><span class="o">.</span><span class="n">QdCount</span> <span class="o">=</span> <span class="n">SixteenBit</span><span class="p">{</span><span class="m">0x00</span><span class="p">,</span> <span class="m">0x01</span><span class="p">}</span> </code></pre> </div> <p>And QNAME was its own beast. On the wire it is not a string, it is length-prefixed labels. example.com becomes 0x07 example 0x03 com 0x00. Parsing it meant reading one byte for length, slicing that many bytes for the label, and repeating until the null terminator, resulting in a state machine with a loop and switch case:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">for</span> <span class="p">{</span> <span class="k">if</span> <span class="n">b</span><span class="p">[</span><span class="m">0</span><span class="p">]</span> <span class="o">==</span> <span class="m">0</span> <span class="p">{</span> <span class="k">return</span> <span class="m">1</span><span class="p">,</span> <span class="n">QTYPE</span> <span class="c">// null terminator, move to next state</span> <span class="p">}</span> <span class="n">q</span><span class="o">.</span><span class="n">Qname</span> <span class="o">+=</span> <span class="kt">string</span><span class="p">(</span><span class="n">b</span><span class="p">[</span><span class="m">1</span> <span class="o">:</span> <span class="m">1</span><span class="o">+</span><span class="n">b</span><span class="p">[</span><span class="m">0</span><span class="p">]])</span> <span class="k">return</span> <span class="m">1</span> <span class="o">+</span> <span class="kt">int</span><span class="p">(</span><span class="n">b</span><span class="p">[</span><span class="m">0</span><span class="p">]),</span> <span class="n">QNAME</span> <span class="c">// stay in QNAME for next label</span> <span class="p">}</span> </code></pre> </div> <h2> Building Responses </h2> <p>For blocked domains I needed to return NXDOMAIN. This meant building my parser in reverse while flipping QR from query to response, setting RCODE to 3 (Name Error), and echoing the original question section back. The flags had to be packed bit by bit into a single uint16. Each field occupies a specific position: QR at bit 15, OPCODE at 11-14, AA at 10, and so on. I used bitwise OR to assemble them, shifting each value to its correct position:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">var</span> <span class="n">misc</span> <span class="kt">uint16</span> <span class="n">misc</span> <span class="o">|=</span> <span class="p">(</span><span class="kt">uint16</span><span class="p">(</span><span class="n">d</span><span class="o">.</span><span class="n">Header</span><span class="o">.</span><span class="n">Qr</span><span class="p">)</span> <span class="o">&amp;</span> <span class="m">0x1</span><span class="p">)</span> <span class="o">&lt;&lt;</span> <span class="m">15</span> <span class="n">misc</span> <span class="o">|=</span> <span class="p">(</span><span class="kt">uint16</span><span class="p">(</span><span class="n">d</span><span class="o">.</span><span class="n">Header</span><span class="o">.</span><span class="n">OpCode</span><span class="p">)</span> <span class="o">&amp;</span> <span class="m">0xF</span><span class="p">)</span> <span class="o">&lt;&lt;</span> <span class="m">11</span> <span class="k">if</span> <span class="n">d</span><span class="o">.</span><span class="n">Header</span><span class="o">.</span><span class="n">Aa</span> <span class="p">{</span> <span class="n">misc</span> <span class="o">|=</span> <span class="m">1</span> <span class="o">&lt;&lt;</span> <span class="m">10</span> <span class="p">}</span> <span class="k">if</span> <span class="n">d</span><span class="o">.</span><span class="n">Header</span><span class="o">.</span><span class="n">Tc</span> <span class="p">{</span> <span class="n">misc</span> <span class="o">|=</span> <span class="m">1</span> <span class="o">&lt;&lt;</span> <span class="m">9</span> <span class="p">}</span> <span class="k">if</span> <span class="n">d</span><span class="o">.</span><span class="n">Header</span><span class="o">.</span><span class="n">Rd</span> <span class="p">{</span> <span class="n">misc</span> <span class="o">|=</span> <span class="m">1</span> <span class="o">&lt;&lt;</span> <span class="m">8</span> <span class="p">}</span> <span class="k">if</span> <span class="n">d</span><span class="o">.</span><span class="n">Header</span><span class="o">.</span><span class="n">Ra</span> <span class="p">{</span> <span class="n">misc</span> <span class="o">|=</span> <span class="m">1</span> <span class="o">&lt;&lt;</span> <span class="m">7</span> <span class="p">}</span> <span class="n">misc</span> <span class="o">|=</span> <span class="p">(</span><span class="kt">uint16</span><span class="p">(</span><span class="n">d</span><span class="o">.</span><span class="n">Header</span><span class="o">.</span><span class="n">Z</span><span class="p">)</span> <span class="o">&amp;</span> <span class="m">0x7</span><span class="p">)</span> <span class="o">&lt;&lt;</span> <span class="m">4</span> <span class="n">misc</span> <span class="o">|=</span> <span class="kt">uint16</span><span class="p">(</span><span class="n">d</span><span class="o">.</span><span class="n">Header</span><span class="o">.</span><span class="n">Rcode</span><span class="p">)</span> <span class="o">&amp;</span> <span class="m">0xF</span> </code></pre> </div> <p>Then write the full header in big-endian:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="n">b</span> <span class="o">:=</span> <span class="nb">make</span><span class="p">([]</span><span class="kt">byte</span><span class="p">,</span> <span class="m">12</span><span class="p">)</span> <span class="nb">copy</span><span class="p">(</span><span class="n">b</span><span class="p">[</span><span class="m">0</span><span class="o">:</span><span class="m">2</span><span class="p">],</span> <span class="n">d</span><span class="o">.</span><span class="n">Header</span><span class="o">.</span><span class="n">Id</span><span class="p">[</span><span class="o">:</span><span class="p">])</span> <span class="n">binary</span><span class="o">.</span><span class="n">BigEndian</span><span class="o">.</span><span class="n">PutUint16</span><span class="p">(</span><span class="n">b</span><span class="p">[</span><span class="m">2</span><span class="o">:</span><span class="m">4</span><span class="p">],</span> <span class="n">misc</span><span class="p">)</span> <span class="nb">copy</span><span class="p">(</span><span class="n">b</span><span class="p">[</span><span class="m">4</span><span class="o">:</span><span class="m">6</span><span class="p">],</span> <span class="n">d</span><span class="o">.</span><span class="n">Header</span><span class="o">.</span><span class="n">QdCount</span><span class="p">[</span><span class="o">:</span><span class="p">])</span> <span class="c">// ... etc</span> </code></pre> </div> <p>But the header alone isn't enough, a valid response must echo the original question section. QNAME, as previously noted, is length-prefixed labels. Since I stored the parsed domain as a simple string, reconstructing it meant splitting on dots, prefixing each label with its length, appending the null terminator, then tacking on QTYPE and QCLASS:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="n">parts</span> <span class="o">:=</span> <span class="n">strings</span><span class="o">.</span><span class="n">Split</span><span class="p">(</span><span class="n">d</span><span class="o">.</span><span class="n">Question</span><span class="o">.</span><span class="n">Qname</span><span class="p">,</span> <span class="s">"."</span><span class="p">)</span> <span class="k">for</span> <span class="n">_</span><span class="p">,</span> <span class="n">v</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">parts</span> <span class="p">{</span> <span class="n">b</span> <span class="o">=</span> <span class="nb">append</span><span class="p">(</span><span class="n">b</span><span class="p">,</span> <span class="kt">byte</span><span class="p">(</span><span class="nb">len</span><span class="p">(</span><span class="n">v</span><span class="p">)))</span> <span class="n">b</span> <span class="o">=</span> <span class="nb">append</span><span class="p">(</span><span class="n">b</span><span class="p">,</span> <span class="n">v</span><span class="o">...</span><span class="p">)</span> <span class="p">}</span> <span class="n">b</span> <span class="o">=</span> <span class="nb">append</span><span class="p">(</span><span class="n">b</span><span class="p">,</span> <span class="m">0x00</span><span class="p">)</span> <span class="c">// root terminator</span> <span class="n">b</span> <span class="o">=</span> <span class="nb">append</span><span class="p">(</span><span class="n">b</span><span class="p">,</span> <span class="n">d</span><span class="o">.</span><span class="n">Question</span><span class="o">.</span><span class="n">Qtype</span><span class="p">[</span><span class="m">0</span><span class="p">],</span> <span class="n">d</span><span class="o">.</span><span class="n">Question</span><span class="o">.</span><span class="n">Qtype</span><span class="p">[</span><span class="m">1</span><span class="p">])</span> <span class="n">b</span> <span class="o">=</span> <span class="nb">append</span><span class="p">(</span><span class="n">b</span><span class="p">,</span> <span class="n">d</span><span class="o">.</span><span class="n">Question</span><span class="o">.</span><span class="n">Qclass</span><span class="p">[</span><span class="m">0</span><span class="p">],</span> <span class="n">d</span><span class="o">.</span><span class="n">Question</span><span class="o">.</span><span class="n">Qclass</span><span class="p">[</span><span class="m">1</span><span class="p">])</span> </code></pre> </div> <p>I got the root terminator wrong twice. Without it, the response is malformed and the client rejects it silently. Seeing dig return SERVFAIL with no explanation taught me to trust the hex dump over the error message.<br> Parsing the Answer<br> The really tricky part, however, was reverse-parsing the answer that came back from Cloudflare. After forwarding my query to 1.1.1.1:53, I had to extract the IP from the response to cache it.<br> Since I knew the question length myself, I could calculate exactly where the answer section began:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="n">answerOffset</span> <span class="o">:=</span> <span class="m">12</span> <span class="o">+</span> <span class="n">questionLen</span> <span class="c">// header + question</span> </code></pre> </div> <p>That was the only easy part. The answer NAME uses the same length-prefixed labels as QNAME, but with a twist: compression pointers. A pointer is a 2-byte value starting with 11 in the top bits that says "the rest of this name lives at offset X." This avoids repeating domain names across the message. So 0xC0 0x0C means "go read the name from offset 12" — right where the question's QNAME sits.<br> I had to solve this with two separate walks over the bytes. First, a linear count to know how many bytes the answer NAME occupied so I could find where TYPE starts:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="n">CountNameLen</span><span class="p">(</span><span class="n">b</span> <span class="p">[]</span><span class="kt">byte</span><span class="p">,</span> <span class="n">consumed</span> <span class="kt">int</span><span class="p">)</span> <span class="kt">int</span> <span class="p">{</span> <span class="k">if</span> <span class="n">b</span><span class="p">[</span><span class="m">0</span><span class="p">]</span><span class="o">&amp;</span><span class="m">0xC0</span> <span class="o">==</span> <span class="m">0xC0</span> <span class="p">{</span> <span class="k">return</span> <span class="n">consumed</span> <span class="o">+</span> <span class="m">2</span> <span class="c">// pointer, done counting</span> <span class="p">}</span> <span class="n">label</span> <span class="o">:=</span> <span class="kt">int</span><span class="p">(</span><span class="n">b</span><span class="p">[</span><span class="m">0</span><span class="p">])</span> <span class="k">if</span> <span class="n">label</span> <span class="o">==</span> <span class="m">0</span> <span class="p">{</span> <span class="k">return</span> <span class="n">consumed</span> <span class="o">+</span> <span class="m">1</span> <span class="c">// null terminator</span> <span class="p">}</span> <span class="k">return</span> <span class="n">CountNameLen</span><span class="p">(</span><span class="n">b</span><span class="p">[</span><span class="n">label</span><span class="o">+</span><span class="m">1</span><span class="o">:</span><span class="p">],</span> <span class="n">consumed</span><span class="o">+</span><span class="m">1</span><span class="o">+</span><span class="n">label</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <p>Second, a recursive parse to actually build the domain string, following pointers wherever they lead:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="p">(</span><span class="n">a</span> <span class="o">*</span><span class="n">Answer</span><span class="p">)</span> <span class="n">ParseName</span><span class="p">(</span><span class="n">b</span> <span class="p">[]</span><span class="kt">byte</span><span class="p">,</span> <span class="n">cursor</span> <span class="kt">int</span><span class="p">)</span> <span class="p">{</span> <span class="k">if</span> <span class="n">b</span><span class="p">[</span><span class="n">cursor</span><span class="p">]</span> <span class="o">==</span> <span class="m">0</span> <span class="p">{</span> <span class="k">return</span> <span class="p">}</span> <span class="k">if</span> <span class="n">b</span><span class="p">[</span><span class="n">cursor</span><span class="p">]</span><span class="o">&amp;</span><span class="m">0xC0</span> <span class="o">==</span> <span class="m">0xC0</span> <span class="p">{</span> <span class="n">restBits</span> <span class="o">:=</span> <span class="n">binary</span><span class="o">.</span><span class="n">BigEndian</span><span class="o">.</span><span class="n">Uint16</span><span class="p">(</span><span class="n">b</span><span class="p">[</span><span class="n">cursor</span><span class="o">:</span><span class="p">])</span> <span class="n">a</span><span class="o">.</span><span class="n">ParseName</span><span class="p">(</span><span class="n">b</span><span class="p">,</span> <span class="kt">int</span><span class="p">(</span><span class="n">restBits</span><span class="o">&amp;</span><span class="m">0x3FFF</span><span class="p">))</span> <span class="c">// follow pointer</span> <span class="k">return</span> <span class="p">}</span> <span class="n">length</span> <span class="o">:=</span> <span class="kt">int</span><span class="p">(</span><span class="n">b</span><span class="p">[</span><span class="n">cursor</span><span class="p">])</span> <span class="n">a</span><span class="o">.</span><span class="n">Name</span> <span class="o">=</span> <span class="nb">append</span><span class="p">(</span><span class="n">a</span><span class="o">.</span><span class="n">Name</span><span class="p">,</span> <span class="kt">string</span><span class="p">(</span><span class="n">b</span><span class="p">[</span><span class="n">cursor</span><span class="o">+</span><span class="m">1</span><span class="o">:</span><span class="n">cursor</span><span class="o">+</span><span class="m">1</span><span class="o">+</span><span class="n">length</span><span class="p">]))</span> <span class="n">a</span><span class="o">.</span><span class="n">ParseName</span><span class="p">(</span><span class="n">b</span><span class="p">,</span> <span class="n">cursor</span><span class="o">+</span><span class="m">1</span><span class="o">+</span><span class="n">length</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <p>The recursive call was the breakthrough. I sat back and laughed once I realised the protocol wasn't arbitrary, it was recursive by design. Three cases, one function, infinite descent until you hit zero.<br> After the name, the rest was predictable. TYPE and CLASS are 2 bytes each, TTL is 4 bytes, RDLENGTH is 2 bytes, and RDATA is whatever length RDLENGTH specifies:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="n">a</span><span class="o">.</span><span class="n">Type</span> <span class="o">=</span> <span class="n">SixteenBit</span><span class="p">{</span><span class="n">b</span><span class="p">[</span><span class="m">0</span><span class="p">],</span> <span class="n">b</span><span class="p">[</span><span class="m">1</span><span class="p">]}</span> <span class="n">a</span><span class="o">.</span><span class="n">Class</span> <span class="o">=</span> <span class="n">SixteenBit</span><span class="p">{</span><span class="n">b</span><span class="p">[</span><span class="m">2</span><span class="p">],</span> <span class="n">b</span><span class="p">[</span><span class="m">3</span><span class="p">]}</span> <span class="n">a</span><span class="o">.</span><span class="n">Ttl</span> <span class="o">=</span> <span class="n">binary</span><span class="o">.</span><span class="n">BigEndian</span><span class="o">.</span><span class="n">Uint32</span><span class="p">(</span><span class="n">b</span><span class="p">[</span><span class="m">4</span><span class="o">:</span><span class="m">8</span><span class="p">])</span> <span class="n">rdlength</span> <span class="o">:=</span> <span class="n">binary</span><span class="o">.</span><span class="n">BigEndian</span><span class="o">.</span><span class="n">Uint16</span><span class="p">([]</span><span class="kt">byte</span><span class="p">{</span><span class="n">b</span><span class="p">[</span><span class="m">8</span><span class="p">],</span> <span class="n">b</span><span class="p">[</span><span class="m">9</span><span class="p">]})</span> <span class="n">a</span><span class="o">.</span><span class="n">Rdata</span> <span class="o">=</span> <span class="n">b</span><span class="p">[</span><span class="m">10</span> <span class="o">:</span> <span class="m">10</span><span class="o">+</span><span class="n">rdlength</span><span class="p">]</span> <span class="c">// 4 bytes = IPv4 address</span> </code></pre> </div> <p>Once I had the IP and TTL, I cached them and built the response the same way as NXDOMAIN, just with RCODE = 0 (NoError) and the answer section tacked on. The next query for the same domain hit the cache and skipped Cloudflare entirely. Thank god for unit and integration tests or I would still be puzzled on why my bit count is off when parsing the answer.</p> <h2> Architecture: Interfaces and Dependencies </h2> <p>With parsing and responses working, I set up Redis for caching. I cached valid answers from the upstream resolver with a TTL so repeated requests wouldn't hit the database. I also cached block decisions, if a domain was malicious, I'd store that too for quick rejection.<br> The cache value needed to hold both the answer and whether the domain was blocked, so I used JSON to serialize a small struct:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">type</span> <span class="n">Value</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">Ip</span> <span class="kt">string</span> <span class="n">IsBlocked</span> <span class="kt">bool</span> <span class="p">}</span> </code></pre> </div> <p>I hid the actual Redis implementation behind an interface so the rest of my program had no dependency on Redis, applying the reverse dependency injection principle and keeping everything easily unit testable and modular. The same was done for SQLite:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">type</span> <span class="n">Cache</span> <span class="k">interface</span> <span class="p">{</span> <span class="n">GetDomainNameFromCache</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">key</span> <span class="kt">string</span><span class="p">)</span> <span class="p">(</span><span class="n">Value</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="n">SetDomainName</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">key</span> <span class="kt">string</span><span class="p">,</span> <span class="n">v</span> <span class="n">Value</span><span class="p">,</span> <span class="n">ttl</span> <span class="n">time</span><span class="o">.</span><span class="n">Duration</span><span class="p">)</span> <span class="kt">error</span> <span class="p">}</span> </code></pre> </div> <p>The concrete Redis implementation lives in internal/cache/redis/, and main.go wires it all together. Swap Redis for Memcached tomorrow and only main.go changes.<br> For upstream resolution, I forward allowed queries to Cloudflare at 1.1.1.1:53 with a timeout:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="n">forwardToUpstream</span><span class="p">(</span><span class="n">query</span> <span class="p">[]</span><span class="kt">byte</span><span class="p">)</span> <span class="p">([]</span><span class="kt">byte</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="n">conn</span><span class="p">,</span> <span class="n">_</span> <span class="o">:=</span> <span class="n">net</span><span class="o">.</span><span class="n">Dial</span><span class="p">(</span><span class="s">"udp"</span><span class="p">,</span> <span class="s">"1.1.1.1:53"</span><span class="p">)</span> <span class="k">defer</span> <span class="n">conn</span><span class="o">.</span><span class="n">Close</span><span class="p">()</span> <span class="n">conn</span><span class="o">.</span><span class="n">SetDeadline</span><span class="p">(</span><span class="n">time</span><span class="o">.</span><span class="n">Now</span><span class="p">()</span><span class="o">.</span><span class="n">Add</span><span class="p">(</span><span class="m">3</span> <span class="o">*</span> <span class="n">time</span><span class="o">.</span><span class="n">Second</span><span class="p">))</span> <span class="n">conn</span><span class="o">.</span><span class="n">Write</span><span class="p">(</span><span class="n">query</span><span class="p">)</span> <span class="n">resp</span> <span class="o">:=</span> <span class="nb">make</span><span class="p">([]</span><span class="kt">byte</span><span class="p">,</span> <span class="m">512</span><span class="p">)</span> <span class="n">n</span><span class="p">,</span> <span class="n">_</span> <span class="o">:=</span> <span class="n">conn</span><span class="o">.</span><span class="n">Read</span><span class="p">(</span><span class="n">resp</span><span class="p">)</span> <span class="k">return</span> <span class="n">resp</span><span class="p">[</span><span class="o">:</span><span class="n">n</span><span class="p">],</span> <span class="no">nil</span> <span class="p">}</span> </code></pre> </div> <p>Lastly was saving the blocked data in the SQLite database. I decided to run a migration on startup and used WITHOUT ROWID since the domain name is the natural primary key there was no need for a separate rowid table:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="p">(</span><span class="n">r</span> <span class="o">*</span><span class="n">SqliteClient</span><span class="p">)</span> <span class="n">Migrate</span><span class="p">()</span> <span class="kt">error</span> <span class="p">{</span> <span class="n">_</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">r</span><span class="o">.</span><span class="n">db</span><span class="o">.</span><span class="n">Exec</span><span class="p">(</span><span class="s">` CREATE TABLE IF NOT EXISTS blocked_domains ( domain TEXT PRIMARY KEY ) WITHOUT ROWID `</span><span class="p">)</span> <span class="k">return</span> <span class="n">err</span> <span class="p">}</span> </code></pre> </div> <h2> Testing </h2> <p>Writing unit tests for the parsers gave me some confidence, but I wanted more. I wanted to know the whole system worked end-to-end — UDP server, SQLite blocklist, Redis cache, and Cloudflare upstream all talking to each other. So I wrote an integration test.</p> <p>That decision forced me to refactor my server. The original Serve function just spun up a goroutine and blocked forever on a signal channel. There was no way to stop it cleanly from a test. I refactored it to use Start and Stop methods with context.Context and sync.WaitGroup for graceful shutdown:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">type</span> <span class="n">Server</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">conn</span> <span class="o">*</span><span class="n">net</span><span class="o">.</span><span class="n">UDPConn</span> <span class="n">rClient</span> <span class="n">cache</span><span class="o">.</span><span class="n">RedisClient</span> <span class="n">s</span> <span class="n">blocklist</span><span class="o">.</span><span class="n">SqliteClient</span> <span class="n">wg</span> <span class="n">sync</span><span class="o">.</span><span class="n">WaitGroup</span> <span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span> <span class="n">cancel</span> <span class="n">context</span><span class="o">.</span><span class="n">CancelFunc</span> <span class="p">}</span> <span class="k">func</span> <span class="n">New</span><span class="p">(</span><span class="n">redisClient</span> <span class="n">cache</span><span class="o">.</span><span class="n">RedisClient</span><span class="p">,</span> <span class="n">b</span> <span class="n">blocklist</span><span class="o">.</span><span class="n">SqliteClient</span><span class="p">)</span> <span class="o">*</span><span class="n">Server</span> <span class="p">{</span> <span class="n">ctx</span><span class="p">,</span> <span class="n">cancel</span> <span class="o">:=</span> <span class="n">context</span><span class="o">.</span><span class="n">WithCancel</span><span class="p">(</span><span class="n">context</span><span class="o">.</span><span class="n">Background</span><span class="p">())</span> <span class="k">return</span> <span class="o">&amp;</span><span class="n">Server</span><span class="p">{</span> <span class="n">rClient</span><span class="o">:</span> <span class="n">redisClient</span><span class="p">,</span> <span class="n">s</span><span class="o">:</span> <span class="n">b</span><span class="p">,</span> <span class="n">ctx</span><span class="o">:</span> <span class="n">ctx</span><span class="p">,</span> <span class="n">cancel</span><span class="o">:</span> <span class="n">cancel</span><span class="p">,</span> <span class="p">}</span> <span class="p">}</span> <span class="k">func</span> <span class="p">(</span><span class="n">srv</span> <span class="o">*</span><span class="n">Server</span><span class="p">)</span> <span class="n">Start</span><span class="p">()</span> <span class="kt">error</span> <span class="p">{</span> <span class="n">addr</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">net</span><span class="o">.</span><span class="n">ResolveUDPAddr</span><span class="p">(</span><span class="s">"udp"</span><span class="p">,</span> <span class="n">os</span><span class="o">.</span><span class="n">Getenv</span><span class="p">(</span><span class="s">"UDP_PORT"</span><span class="p">))</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">err</span> <span class="p">}</span> <span class="n">conn</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">net</span><span class="o">.</span><span class="n">ListenUDP</span><span class="p">(</span><span class="s">"udp"</span><span class="p">,</span> <span class="n">addr</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">err</span> <span class="p">}</span> <span class="n">srv</span><span class="o">.</span><span class="n">conn</span> <span class="o">=</span> <span class="n">conn</span> <span class="n">srv</span><span class="o">.</span><span class="n">wg</span><span class="o">.</span><span class="n">Add</span><span class="p">(</span><span class="m">1</span><span class="p">)</span> <span class="k">go</span> <span class="n">srv</span><span class="o">.</span><span class="n">listen</span><span class="p">()</span> <span class="k">return</span> <span class="no">nil</span> <span class="p">}</span> <span class="k">func</span> <span class="p">(</span><span class="n">srv</span> <span class="o">*</span><span class="n">Server</span><span class="p">)</span> <span class="n">Stop</span><span class="p">()</span> <span class="p">{</span> <span class="n">srv</span><span class="o">.</span><span class="n">cancel</span><span class="p">()</span> <span class="k">if</span> <span class="n">srv</span><span class="o">.</span><span class="n">conn</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">srv</span><span class="o">.</span><span class="n">conn</span><span class="o">.</span><span class="n">Close</span><span class="p">()</span> <span class="p">}</span> <span class="n">srv</span><span class="o">.</span><span class="n">wg</span><span class="o">.</span><span class="n">Wait</span><span class="p">()</span> <span class="p">}</span> </code></pre> </div> <p>The WaitGroup ensures Stop blocks until the goroutine actually exits. cancel() signals intent, conn.Close() breaks the blocking ReadFromUDP, and the listener checks ctx.Err() to distinguish intentional shutdown from real errors:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="p">(</span><span class="n">srv</span> <span class="o">*</span><span class="n">Server</span><span class="p">)</span> <span class="n">listen</span><span class="p">()</span> <span class="p">{</span> <span class="k">defer</span> <span class="n">srv</span><span class="o">.</span><span class="n">wg</span><span class="o">.</span><span class="n">Done</span><span class="p">()</span> <span class="n">buff</span> <span class="o">:=</span> <span class="nb">make</span><span class="p">([]</span><span class="kt">byte</span><span class="p">,</span> <span class="m">512</span><span class="p">)</span> <span class="k">for</span> <span class="p">{</span> <span class="k">select</span> <span class="p">{</span> <span class="k">case</span> <span class="o">&lt;-</span><span class="n">srv</span><span class="o">.</span><span class="n">ctx</span><span class="o">.</span><span class="n">Done</span><span class="p">()</span><span class="o">:</span> <span class="k">return</span> <span class="k">default</span><span class="o">:</span> <span class="p">}</span> <span class="n">n</span><span class="p">,</span> <span class="n">addr</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">srv</span><span class="o">.</span><span class="n">conn</span><span class="o">.</span><span class="n">ReadFromUDP</span><span class="p">(</span><span class="n">buff</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">if</span> <span class="n">srv</span><span class="o">.</span><span class="n">ctx</span><span class="o">.</span><span class="n">Err</span><span class="p">()</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="c">// graceful shutdown</span> <span class="p">}</span> <span class="n">log</span><span class="o">.</span><span class="n">Printf</span><span class="p">(</span><span class="s">"failed to read from udp: %s"</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="k">continue</span> <span class="p">}</span> <span class="n">resp</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">dns</span><span class="o">.</span><span class="n">Resolve</span><span class="p">(</span><span class="n">buff</span><span class="p">[</span><span class="o">:</span><span class="n">n</span><span class="p">],</span> <span class="o">&amp;</span><span class="n">srv</span><span class="o">.</span><span class="n">rClient</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">srv</span><span class="o">.</span><span class="n">s</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">log</span><span class="o">.</span><span class="n">Printf</span><span class="p">(</span><span class="s">"failed to resolve: %s"</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="k">continue</span> <span class="p">}</span> <span class="k">if</span> <span class="n">_</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">srv</span><span class="o">.</span><span class="n">conn</span><span class="o">.</span><span class="n">WriteToUDP</span><span class="p">(</span><span class="n">resp</span><span class="p">,</span> <span class="n">addr</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">log</span><span class="o">.</span><span class="n">Printf</span><span class="p">(</span><span class="s">"failed to write response: %s"</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>With that in place, the integration test spins up the full stack, in-memory SQLite, Redis, and the UDP server on a random port, queries it with net.Resolver, and asserts both blocked and non-blocked behaviour:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="n">TestResolver</span><span class="p">(</span><span class="n">t</span> <span class="o">*</span><span class="n">testing</span><span class="o">.</span><span class="n">T</span><span class="p">)</span> <span class="p">{</span> <span class="c">// SQLite in memory for isolation</span> <span class="n">db</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">blocklist</span><span class="o">.</span><span class="n">CreateNewDbConn</span><span class="p">(</span><span class="s">":memory:"</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">t</span><span class="o">.</span><span class="n">Fatalf</span><span class="p">(</span><span class="s">"failed to create db: %v"</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="n">ctx</span><span class="p">,</span> <span class="n">cancel</span> <span class="o">:=</span> <span class="n">context</span><span class="o">.</span><span class="n">WithTimeout</span><span class="p">(</span><span class="n">context</span><span class="o">.</span><span class="n">Background</span><span class="p">(),</span> <span class="m">3</span><span class="o">*</span><span class="n">time</span><span class="o">.</span><span class="n">Second</span><span class="p">)</span> <span class="k">defer</span> <span class="n">cancel</span><span class="p">()</span> <span class="n">db</span><span class="o">.</span><span class="n">Migrate</span><span class="p">(</span><span class="n">ctx</span><span class="p">)</span> <span class="n">db</span><span class="o">.</span><span class="n">Db</span><span class="o">.</span><span class="n">Exec</span><span class="p">(</span><span class="s">"INSERT INTO blocked_domains (domain) VALUES ('doubleclick.net')"</span><span class="p">)</span> <span class="c">// Redis</span> <span class="n">redisClient</span> <span class="o">:=</span> <span class="n">redis</span><span class="o">.</span><span class="n">NewClient</span><span class="p">(</span><span class="o">&amp;</span><span class="n">redis</span><span class="o">.</span><span class="n">Options</span><span class="p">{</span> <span class="n">Addr</span><span class="o">:</span> <span class="n">os</span><span class="o">.</span><span class="n">Getenv</span><span class="p">(</span><span class="s">"REDIS_URL"</span><span class="p">),</span> <span class="p">})</span> <span class="c">// Server on random port</span> <span class="n">os</span><span class="o">.</span><span class="n">Setenv</span><span class="p">(</span><span class="s">"UDP_PORT"</span><span class="p">,</span> <span class="s">"127.0.0.1:0"</span><span class="p">)</span> <span class="n">srv</span> <span class="o">:=</span> <span class="n">server</span><span class="o">.</span><span class="n">New</span><span class="p">(</span><span class="o">*</span><span class="n">cache</span><span class="o">.</span><span class="n">CreateNewRedisClient</span><span class="p">(</span><span class="n">redisClient</span><span class="p">),</span> <span class="o">*</span><span class="n">db</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">srv</span><span class="o">.</span><span class="n">Start</span><span class="p">();</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">t</span><span class="o">.</span><span class="n">Fatalf</span><span class="p">(</span><span class="s">"failed to start server: %v"</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="k">defer</span> <span class="n">srv</span><span class="o">.</span><span class="n">Stop</span><span class="p">()</span> <span class="n">port</span> <span class="o">:=</span> <span class="n">srv</span><span class="o">.</span><span class="n">Conn</span><span class="o">.</span><span class="n">LocalAddr</span><span class="p">()</span><span class="o">.</span><span class="p">(</span><span class="o">*</span><span class="n">net</span><span class="o">.</span><span class="n">UDPAddr</span><span class="p">)</span><span class="o">.</span><span class="n">Port</span> <span class="n">r</span> <span class="o">:=</span> <span class="o">&amp;</span><span class="n">net</span><span class="o">.</span><span class="n">Resolver</span><span class="p">{</span> <span class="n">PreferGo</span><span class="o">:</span> <span class="no">true</span><span class="p">,</span> <span class="n">Dial</span><span class="o">:</span> <span class="k">func</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">network</span><span class="p">,</span> <span class="n">address</span> <span class="kt">string</span><span class="p">)</span> <span class="p">(</span><span class="n">net</span><span class="o">.</span><span class="n">Conn</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="n">net</span><span class="o">.</span><span class="n">Dial</span><span class="p">(</span><span class="s">"udp"</span><span class="p">,</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"127.0.0.1:%d"</span><span class="p">,</span> <span class="n">port</span><span class="p">))</span> <span class="p">},</span> <span class="p">}</span> <span class="n">ctx</span><span class="p">,</span> <span class="n">cancel</span> <span class="o">=</span> <span class="n">context</span><span class="o">.</span><span class="n">WithTimeout</span><span class="p">(</span><span class="n">context</span><span class="o">.</span><span class="n">Background</span><span class="p">(),</span> <span class="m">5</span><span class="o">*</span><span class="n">time</span><span class="o">.</span><span class="n">Second</span><span class="p">)</span> <span class="k">defer</span> <span class="n">cancel</span><span class="p">()</span> <span class="c">// Non-blocked domain resolves to real IP</span> <span class="n">ips</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">r</span><span class="o">.</span><span class="n">LookupHost</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="s">"google.com"</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">t</span><span class="o">.</span><span class="n">Fatalf</span><span class="p">(</span><span class="s">"lookup google.com failed: %v"</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="k">if</span> <span class="nb">len</span><span class="p">(</span><span class="n">ips</span><span class="p">)</span> <span class="o">==</span> <span class="m">0</span> <span class="p">{</span> <span class="n">t</span><span class="o">.</span><span class="n">Fatal</span><span class="p">(</span><span class="s">"expected IPs for google.com, got none"</span><span class="p">)</span> <span class="p">}</span> <span class="n">t</span><span class="o">.</span><span class="n">Logf</span><span class="p">(</span><span class="s">"google.com -&gt; %v"</span><span class="p">,</span> <span class="n">ips</span><span class="p">)</span> <span class="c">// Blocked domain returns NXDOMAIN</span> <span class="n">_</span><span class="p">,</span> <span class="n">err</span> <span class="o">=</span> <span class="n">r</span><span class="o">.</span><span class="n">LookupHost</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="s">"doubleclick.net"</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">==</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">t</span><span class="o">.</span><span class="n">Fatal</span><span class="p">(</span><span class="s">"expected error for blocked domain, got nil"</span><span class="p">)</span> <span class="p">}</span> <span class="k">if</span> <span class="n">dnsErr</span><span class="p">,</span> <span class="n">ok</span> <span class="o">:=</span> <span class="n">err</span><span class="o">.</span><span class="p">(</span><span class="o">*</span><span class="n">net</span><span class="o">.</span><span class="n">DNSError</span><span class="p">);</span> <span class="o">!</span><span class="n">ok</span> <span class="o">||</span> <span class="o">!</span><span class="n">dnsErr</span><span class="o">.</span><span class="n">IsNotFound</span> <span class="p">{</span> <span class="n">t</span><span class="o">.</span><span class="n">Fatalf</span><span class="p">(</span><span class="s">"expected NXDOMAIN for doubleclick.net, got: %v"</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="n">t</span><span class="o">.</span><span class="n">Logf</span><span class="p">(</span><span class="s">"doubleclick.net -&gt; blocked (NXDOMAIN)"</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <p>The unit tests caught parsing bugs — off-by-one errors, wrong bit shifts, missing null terminators. The integration test caught the real stuff: port conflicts, Redis connection failures, the server not shutting down between tests, and my Z-field validation rejecting legitimate EDNS0 responses from Cloudflare. Thank god for both or I would still be puzzling over why dig returned SERVFAIL with no explanation.</p> <h2> Closing Notes </h2> <p>Of course writing unit tests for all the parsers gave me some security but I was still pleasantly surprised when everything on the Pi worked flawlessly. I am really proud of building the custom parsers just by spec, learning about bitwise operators, and setting it all up to work and be performant enough for me to not notice any hit on my home network. I took back my privacy and increased my network knowledge.</p> <p>The code is on <a href="https://github.com/NewJhez01/gdns" rel="noopener noreferrer">GitHub</a> if you want to set it up for yourself or leave any feedback, I would love to hear from you. If you would like to follow me on my journey deepening my understanding of systems and networks, stay tuned for my next project which will likely be something in the direction of WebSockets or distributed KV stores.</p> networking privacy showdev softwareengineering [Boost] NewJhez01 Fri, 22 May 2026 22:06:37 +0000 https://dev.to/newjhez01/-3obb https://dev.to/newjhez01/-3obb <div class="ltag__link--embedded"> <div class="crayons-story "> <a href="https://dev.to/newjhez01/beyond-crud-building-a-github-activity-tracker-to-level-up-backend-engineering-24he" class="crayons-story__hidden-navigation-link">I Got Tired of CRUD Apps, So I Built a GitHub Tracker in Go</a> <div class="crayons-story__body crayons-story__body-full_post"> <div class="crayons-story__top"> <div class="crayons-story__meta"> <div class="crayons-story__author-pic"> <a href="/newjhez01" class="crayons-avatar crayons-avatar--l "> <img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3465240%2F026d9d01-6d49-4569-83bd-0a3822229aec.png" alt="newjhez01 profile" class="crayons-avatar__image" width="420" height="420"> </a> </div> <div> <div> <a href="/newjhez01" class="crayons-story__secondary fw-medium m:hidden"> NewJhez01 </a> <div class="profile-preview-card relative mb-4 s:mb-0 fw-medium hidden m:inline-block"> NewJhez01 <div id="story-author-preview-content-3711355" class="profile-preview-card__content crayons-dropdown branded-7 p-4 pt-0"> <div class="gap-4 grid"> <div class="-mt-4"> <a href="/newjhez01" class="flex"> <span class="crayons-avatar crayons-avatar--xl mr-2 shrink-0"> <img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3465240%2F026d9d01-6d49-4569-83bd-0a3822229aec.png" class="crayons-avatar__image" alt="" width="420" height="420"> </span> <span class="crayons-link crayons-subtitle-2 mt-5">NewJhez01</span> </a> </div> <div class="print-hidden"> Follow </div> <div class="author-preview-metadata-container"></div> </div> </div> </div> </div> <a href="https://dev.to/newjhez01/beyond-crud-building-a-github-activity-tracker-to-level-up-backend-engineering-24he" class="crayons-story__tertiary fs-xs"><time>May 20</time><span class="time-ago-indicator-initial-placeholder"></span></a> </div> </div> </div> <div class="crayons-story__indention"> <h2 class="crayons-story__title crayons-story__title-full_post"> <a href="https://dev.to/newjhez01/beyond-crud-building-a-github-activity-tracker-to-level-up-backend-engineering-24he" id="article-link-3711355"> I Got Tired of CRUD Apps, So I Built a GitHub Tracker in Go </a> </h2> <div class="crayons-story__tags"> <a class="crayons-tag crayons-tag--monochrome " href="/t/programming"><span class="crayons-tag__prefix">#</span>programming</a> <a class="crayons-tag crayons-tag--monochrome " href="/t/go"><span class="crayons-tag__prefix">#</span>go</a> <a class="crayons-tag crayons-tag--monochrome " href="/t/architecture"><span class="crayons-tag__prefix">#</span>architecture</a> <a class="crayons-tag crayons-tag--monochrome " href="/t/learning"><span class="crayons-tag__prefix">#</span>learning</a> </div> <div class="crayons-story__bottom"> <div class="crayons-story__details"> <a href="https://dev.to/newjhez01/beyond-crud-building-a-github-activity-tracker-to-level-up-backend-engineering-24he" class="crayons-btn crayons-btn--s crayons-btn--ghost crayons-btn--icon-left"> <div class="multiple_reactions_aggregate"> <span class="multiple_reactions_icons_container"> <span class="crayons_icon_container"> <img src="https://assets.dev.to/assets/sparkle-heart-5f9bee3767e18deb1bb725290cb151c25234768a0e9a2bd39370c382d02920cf.svg" width="24" height="24"> </span> </span> <span class="aggregate_reactions_counter">2<span class="hidden s:inline">&nbsp;reactions</span></span> </div> </a> <a href="https://dev.to/newjhez01/beyond-crud-building-a-github-activity-tracker-to-level-up-backend-engineering-24he#comments" class="crayons-btn crayons-btn--s crayons-btn--ghost crayons-btn--icon-left flex items-center"> <span class="hidden s:inline">Add&nbsp;Comment</span> </a> </div> <div class="crayons-story__save"> <small class="crayons-story__tertiary fs-xs mr-2"> 6 min read </small> <span class="bm-initial"> </span> <span class="bm-success"> </span> </div> </div> </div> </div> </div> </div> I Got Tired of CRUD Apps, So I Built a GitHub Tracker in Go NewJhez01 Wed, 20 May 2026 19:22:47 +0000 https://dev.to/newjhez01/beyond-crud-building-a-github-activity-tracker-to-level-up-backend-engineering-24he https://dev.to/newjhez01/beyond-crud-building-a-github-activity-tracker-to-level-up-backend-engineering-24he <p>I am tired of CRUD apps. Spinning up a database for basic operations, the same form validation logic, picking another frontend framework and hoping that I don't end up in an npm supply chain attack. I do this at work enough already. As an engineer I wanted something that forced me to think about more than just an MVC. I wanted to think in systems. I wanted to build something with concurrency, streaming, caching, async message queues, all things I had touched before but wanted to actually understand. So I built a GitHub activity tracker. It fetches commits from a list of repos, generates a markdown report, caches it in Redis, and emails it to me via an async message queue using SMTP. Seems simple but it encapsulates a lot of the concepts needed for a scalable backend and it keeps me honest about my GitHub activity. Check it out on <a href="https://github.com/NewJhez01/github-tracker/tree/main" rel="noopener noreferrer">GitHub</a>.</p> <h2> Why I chose Go </h2> <p>Coming from a web dev world where TS and PHP dominate, I wanted to use something different. I felt like I needed a language that took performance and concurrency more seriously. Go's goroutines and channels aren't syntax sugar; they're the core abstraction. For a project where I stream files into chunks and fetch data over HTTP concurrently it seemed like the obvious choice.</p> <h2> The streaming parser and the channel footgun </h2> <p>Recall how I just said Go was the right tool for the job? Well, it was, but like every tool, a certain amount of expertise is needed. I learnt this quickly after building my first parser that reads 8 byte chunks, splits them on newlines, and writes completed lines into a channel:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="n">ParseFileByLine</span><span class="p">(</span><span class="n">f</span> <span class="o">*</span><span class="n">os</span><span class="o">.</span><span class="n">File</span><span class="p">)</span> <span class="k">chan</span> <span class="kt">string</span> <span class="p">{</span> <span class="n">ch</span> <span class="o">:=</span> <span class="nb">make</span><span class="p">(</span><span class="k">chan</span> <span class="kt">string</span><span class="p">)</span> <span class="k">go</span> <span class="k">func</span><span class="p">()</span> <span class="p">{</span> <span class="k">defer</span> <span class="nb">close</span><span class="p">(</span><span class="n">ch</span><span class="p">)</span> <span class="c">// ... read chunks, split lines, send to channel</span> <span class="p">}()</span> <span class="k">return</span> <span class="n">ch</span> <span class="p">}</span> </code></pre> </div> <p>The consumer ranges over the channel reading data asynchronously. I used this to parse a list of repos and fetch data for them in one concurrent swoop. Clean and simple, right?<br> Except I initially passed the channel through all my different layers. The channel was created in the http handler since that is where the result is consumed, then passed into the command handler in domain, which called the parser in infrastructure that wrote into the channel. The channel was then closed in the command handler via defer. That implementation probably caused a lot of Go experts to cringe, and they would be right to. Due to this sharing of the lifecycle, the goroutine hadn't even started and the channel was already closed. Leading to a complete deadlock.<br> At first I fixed this by spawning multiple goroutines but it didn't feel right. Then it clicked: ending a function doesn't kill the goroutine. The function that spawns the goroutine can have complete control over the channel lifecycle. Create it, pass it, close it when the goroutine exits. Coming to this realisation I cleaned up the code and made sure the infrastructure parser was solely responsible for the channel. Every other component was merely a consumer.</p> <h2> Next steps: completing the functionality </h2> <p>After that I felt confident with channels and how Go was meant to be used. Filling out the rest was straightforward. Redis and RabbitMQ have good docs. I used command/query handlers in domain and infrastructure for I/O, queues, SMTP logic and parsing. I added a /repo package for data fetching/setting and a message handler to consume the queue. The message handler used a domain handler to fetch cached markdown via the repo and send it via SMTP to myself.<br> The message handler taught me another channel lesson.<br> I wrote:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="n">msg</span><span class="p">,</span> <span class="n">_</span> <span class="o">:=</span> <span class="n">ch</span><span class="o">.</span><span class="n">Consume</span><span class="p">(</span><span class="o">...</span><span class="p">)</span> <span class="n">command</span><span class="o">.</span><span class="n">SendReport</span><span class="p">(</span><span class="n">msg</span><span class="p">)</span> <span class="c">// passing the channel, not a message</span> <span class="n">msg</span> <span class="n">is</span> <span class="n">a</span> <span class="o">&lt;-</span><span class="k">chan</span> <span class="n">amqp</span><span class="o">.</span><span class="n">Delivery</span><span class="p">,</span> <span class="n">not</span> <span class="n">a</span> <span class="n">single</span> <span class="n">message</span><span class="o">.</span> <span class="n">I</span> <span class="n">needed</span> <span class="n">to</span> <span class="k">range</span> <span class="n">over</span> <span class="n">it</span><span class="o">:</span> <span class="k">for</span> <span class="n">m</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">msg</span> <span class="p">{</span> <span class="n">command</span><span class="o">.</span><span class="n">SendReport</span><span class="p">(</span><span class="n">m</span><span class="o">.</span><span class="n">Body</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <p>And run the consumer in a goroutine from main, blocking with select {} so the program stays alive. This time dead locking myself on purpose. I also grew to like Go's pattern of returning a pointer to a struct and attaching methods that operate on it directly. My RabbitMQ setup started with two separate structs, a Publisher and a Consumer, each declaring its own queue, each calling the same connection helper. Three queue parameters (name, durable, quorum) duplicated across two files. Change one, remember the other. Annoying to maintain and easy to drift out of sync.<br> The fix was one struct that owns the queue definition:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">type</span> <span class="n">WorkQueue</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">ch</span> <span class="o">*</span><span class="n">amqp091</span><span class="o">.</span><span class="n">Channel</span> <span class="n">queue</span> <span class="n">amqp091</span><span class="o">.</span><span class="n">Queue</span> <span class="p">}</span> <span class="k">func</span> <span class="n">NewPublisher</span><span class="p">(</span><span class="n">conn</span> <span class="o">*</span><span class="n">amqp091</span><span class="o">.</span><span class="n">Connection</span><span class="p">)</span> <span class="o">*</span><span class="n">WorkQueue</span> <span class="p">{</span> <span class="n">ch</span><span class="p">,</span> <span class="n">_</span> <span class="o">:=</span> <span class="n">conn</span><span class="o">.</span><span class="n">Channel</span><span class="p">()</span> <span class="n">q</span> <span class="o">:=</span> <span class="n">createQueue</span><span class="p">(</span><span class="n">ch</span><span class="p">)</span> <span class="c">// declared once, used everywhere</span> <span class="k">return</span> <span class="o">&amp;</span><span class="n">WorkQueue</span><span class="p">{</span><span class="n">ch</span><span class="o">:</span> <span class="n">ch</span><span class="p">,</span> <span class="n">queue</span><span class="o">:</span> <span class="n">q</span><span class="p">}</span> <span class="p">}</span> <span class="k">func</span> <span class="p">(</span><span class="n">r</span> <span class="o">*</span><span class="n">WorkQueue</span><span class="p">)</span> <span class="n">Publish</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">s</span> <span class="kt">string</span><span class="p">)</span> <span class="kt">error</span> <span class="k">func</span> <span class="p">(</span><span class="n">r</span> <span class="o">*</span><span class="n">WorkQueue</span><span class="p">)</span> <span class="n">Consume</span><span class="p">()</span> <span class="o">&lt;-</span><span class="k">chan</span> <span class="n">amqp091</span><span class="o">.</span><span class="n">Delivery</span> </code></pre> </div> <p>Producer calls Publish, consumer calls Consume. Same queue, same config, same struct. The connection is created in main.go, the struct is initialized with one function, then passed down without ever exposing the queue or channel directly. The domain interface EventPublisher hides the concrete type. If I switch to SQS tomorrow, only main.go changes. No need to pass config around on every call. The pointer receiver keeps the struct's state accessible without copying. It feels clean.</p> <h2> The big refactoring </h2> <p>Once I was happy with the functionality I decided to clean up everything. I used interfaces to invert all dependencies from domain to infra and repo so I could write unit tests and refactor more easily. The main.go then simply wired everything and took over dependency injection. The final version follows this principle, inspired by Designing Data-Intensive Applications, various articles, and my own trial and error of confusing architecture. DDIA frames good systems around reliability, scalability, and maintainability. Even at this scale those properties shaped the design: if the fetcher crashes mid-run, cached reports and queued messages survive independently. The fetcher and consumer are decoupled so either can scale on its own. And because domain interfaces define the contracts, swapping Redis for Memcached or RabbitMQ for SQS means touching only main.go. Whether it holds at real scale is a different question but I wanted to make it a habit to think specifically in those terms even on a side project.</p> <p>This is what the final architecture looks like.</p> <ul> <li>Handler orchestrates: calls the relevant command or query handler or handlers from domain</li> <li>Domain orchestrates pure business logic and holds interfaces: FileParser, CacheRepo etc.</li> <li>Infrastructure has concrete implementations: file streaming, HTTP client, Redis, RabbitMQ, SMTP </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="c">// domain</span> <span class="k">type</span> <span class="n">RabbitMq</span> <span class="k">interface</span> <span class="p">{</span> <span class="n">Publish</span><span class="p">(</span><span class="n">body</span> <span class="o">*</span><span class="n">formatter</span><span class="o">.</span><span class="n">QueueBody</span><span class="p">,</span> <span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">)</span> <span class="kt">error</span> <span class="p">}</span> <span class="c">// infrastructure</span> <span class="k">type</span> <span class="n">WorkQueue</span> <span class="k">struct</span> <span class="p">{</span> <span class="o">...</span> <span class="p">}</span> <span class="k">func</span> <span class="p">(</span><span class="n">r</span> <span class="o">*</span><span class="n">Workqueue</span><span class="p">)</span> <span class="n">Publish</span><span class="p">(</span><span class="o">...</span><span class="p">)</span> <span class="kt">error</span> <span class="p">{</span> <span class="o">...</span> <span class="p">}</span> <span class="c">// main.go</span> <span class="n">publisher</span> <span class="o">:=</span> <span class="n">rabbitmq</span><span class="o">.</span><span class="n">NewPublisher</span><span class="p">(</span><span class="n">conn</span><span class="p">)</span> <span class="n">rclient</span> <span class="o">:=</span> <span class="n">redis</span><span class="o">.</span><span class="n">NewCache</span><span class="p">(</span><span class="n">redisClient</span><span class="p">)</span> <span class="n">handler</span> <span class="o">:=</span> <span class="n">handler</span><span class="o">.</span><span class="n">NewFetchHandler</span><span class="p">(</span><span class="n">publisher</span><span class="p">,</span> <span class="n">rclient</span><span class="p">)</span> </code></pre> </div> <h2> Docker </h2> <p>Dockerising the app reinforced the architecture decisions made earlier. Because main.go owns all dependency wiring, the container just needs to build the binary and pass an argument. I added a consumer flag: if main.go receives it, it starts the message consumer and blocks with select {}, running forever and processing every delivery. Without it, it runs the fetcher once and exits, which is exactly what a cron job needs. Redis and RabbitMQ run as their own containers. The app image handles both roles depending on the argument. A systemd timer on a Raspberry Pi triggers the fetcher. The consumer runs continuously alongside it. No orchestration overhead, no cloud bill.</p> <h2> Testing </h2> <p>Testing was also easier than expected, at first I found it strange not being able to create mocks. Coming from PHPUnit where you would make pretty much stub every dependency and then assert the call params and how often it was triggered, to just writing tests where only the input and output mattered and no mocks where available was strange but refreshing. Due to me splitting all the logic heavy funcs from the orchestration heavy funcs I was able to easily write unit tests decoupled from domain knowledge. I also came to appreciate Go's use of interfaces. My file parser took *os.File. I wanted to test the error branch. I couldn't manipulate *os.File since it is tied to the OS. The fix was changing the signature to io.ReadCloser. Same logic, same callers, but now I can inject a custom errorReader for the failure case. No mocks needed, just a smaller interface that is satisfied by the os.File.<br> Normally I would also write Integration Tests for all handlers and logic that interacts with data persistence but due to this being a fun side project I think I might skip this step and move on to the next.</p> <h2> What's next </h2> <p>Finally I will want a GitHub Actions pipeline to build and test on every push. And maybe gRPC. But that's for future me.<br> What I learned: Channels are potential footguns. Ownership rules matter. Testability is architecture, not tooling. And if you can't test it without an exorbitant amount of mocks, the code is too coupled.<br> The code is on <a href="https://github.com/NewJhez01/github-tracker/tree/main" rel="noopener noreferrer">GitHub</a>. It's not perfect, but it's honest. And it's mine. I would love some feedback and am open for further discussion :)</p> programming go architecture learning