Take back control of your DNS - Run a recursive resolver on your system or in the network

Swapneel Patnekar


Domain Name System (DNS) is the crucial & ubiquitous fabric of the Internet. Everything on the Internet uses the DNS.

While there are many parts to the DNS, in this workshop, I will dive deep into recursive resolvers. Most users on the Internet are unaware of recursive resolvers as the ISP architecture makes them obscured. In many cases, the ISP’s/users themsevles outsource their DNS to use / / etc (Quad/Cloud DNS resolvers).

The choice of the recursive resolver is made by the ISP or the network the device connects to.

In this hands-on online workshop, I will teach participants to install and configure a recursive resolver which will also be configured with a local copy of the root zone (rfc 8806).


Why attend ?
1. Take back control of your DNS instead of outsourcing it to a third party
2. Decentralise the DNS Resolution - DNS Resolver centrality outlines the dependency on Open resolvers/Quad DNS providers
3. Majority of DNS queries sent to the root server system are junk queries. By running a local copy of the root zone (rfc8806), junk queries from your system/network to the upstream root servers are eliminated

Agenda -
1. Fundamentals of DNS
2. Shift of the recursive resolvers
3. DNS Resolver Centrality stats
3. Configure a recursive resolver on your system with QNAME minimisation, local copy of the root zone etc
4. Configure a recursive resolver for the entire network
5. Best practices

Who should attend?
1. Anyone running a network - In today’s world, everyone is running a network at home!
2. Anyone who cares about the decentralising the Internet
3. Anyone who is interested in DNS
4. Engineers, programmers, system administrators
5. All are welcome :-)


Operating System -
1. If using Windows Operating System, 64bit
2. Administrative rights - If the device belongs to the company, the installation requires administrative rights. If you have administrative rights (it’s a strange world we live in now so anything is possible :-)), please consult with them first if you are allowed to install DNS software. My suggestion, don’t.

Speaker bio

Swapneel is network engineer & researcher working on DNS, DNSSEC, BGP, Unix systems and security.
As a technical trainer, he regularly conducts workshops on DNS, DNSSEC, Routing, Unix etc.
He is also an APNIC Community Trainer & a RIPE Atlas Ambassador.

In the recent past, he has delivered talks,

UKNOF Virtual July 2020 - Hyperlocal root & Localroot - Running a local copy of the DNS root zone

APNIC NFH June 2020 - Hyperlocal root & Localroot - Running a local copy of the DNS root zone

null meetups May, June, July 2020 (Bhopal, Mumbai, Bangalore) - Using DNS as a layer of defense

He is also the Managing Director of Shreshta IT Technologies Pvt. Ltd,
a company based out of Belgaum, building & securing networks of micro,
small & medium enterprises & network operators in Tier-II and Tier-III