finds.dev← search

// the find

razvandimescu/numa

★ 1,351 · Rust · MIT · updated Jul 2026

Portable DNS resolver in Rust — .numa local domains, ad blocking, developer overrides

Numa is a single-binary DNS resolver in Rust that combines ad blocking, local `.numa` service proxying with auto-TLS, ODoH anonymization, and full recursive resolution with DNSSEC. It's aimed at developers who want Pi-hole-style blocking without a dedicated device, plus the ability to name local services without touching `/etc/hosts` or maintaining nginx configs. Built from scratch — no upstream DNS libraries.

The zero-library DNS implementation is genuinely interesting: wire-level cache storing raw bytes with in-place TTL patching is a smart optimization, and implementing DNSSEC chain-of-trust (RRSIG, DNSKEY, DS, NSEC3) from scratch in safe Rust is not a small thing. Request hedging across all protocols to squash p99 latency is the right call for a resolver — the benchmark showing 538ms vs Unbound's 748ms at p99 is plausible and meaningful. The local service proxy with automatic TLS (no mkcert ceremony) is the genuinely useful developer feature that nothing else in this space does. ODoH relay mode expanding the sparse relay ecosystem is a concrete contribution, not just a checkbox.

The Windows support via NRPT rules and binding `127.0.0.2` is a workaround for a real limitation — it will break in unexpected ways on corporate machines where NRPT is managed by group policy or where Dnscache is locked down. The mDNS LAN discovery is UDP multicast, which means it silently does nothing on most cloud VMs, VPNs, and corporate WiFi where multicast is filtered — the README glosses over this. At 1,351 stars and less than a year old, the operational track record is thin; 'zero DNS libraries' is a strength in principle but means every edge case in the wild (CNAME chains, SERVFAIL handling, weird TTL clamping) is something the author had to get right themselves rather than inheriting from a tested library. The comparison table lists Pi-hole and AdGuard Home as lacking features that they do partially support (Pi-hole has DoH via cloudflared, AGH has conditional forwarding) — the table is written to flatter.

View on GitHub →

// want more like this?

We dig through GitHub every week and send a few repos picked for what you actually care about — each with an honest take like this one.

Get finds in your inbox → Search again →