It's neither here nor there but can I ask about the name? I only ask because when I see "numa" in relation to computing I immediately think "Non-Uniform Memory Access".
Very cool project by the way. I wonder how this would run on an OpenWRT device.
I see in your install.sh that you support Linux and Darwin/MacOS, do you think there would be any major hurdles in supporting FreeBSD?
Nice idea. To test I ran a simple nextjs on port 3000. Added the service via the dashboard.
However, when I visit the url, (using chrome latest version), https://{mygivenname}.numa/ I hit a DNS resolution fail error.
If I do not use a trailing '/' then it is going to google search for {mygivenname}.numa and shows me some search results. Should I open an issue?
Is it possible you didn't start it as root ( sudo numa install)?
Does dig {mygivenname}.numa @127.0.0.1 return 127.0.0.1 ?
What OS are you on?
Maybe you report it as an issue?
Thanks for quick response. It started to work. I think it must be some caching issue. But it needs a trailing '/' . Maybe will raise the issue for this. Cool.
I believe that is actually browser specific behavior. I sometimes use a fake TLD for stuff hosted at home, and both chrome and firefox resort to search if I don't include a trailing '/'. My assumption is the browser does a quick match against known TLDs and if it doesn't match then it resorts to search.
Since I needed it to be my primary DNS, I also added: recursive resolution from root nameservers, DNSSEC chain-of-trust validation, ad blocking (385K+ domains), and LAN service discovery.
Very interesting project! I have a couple of questions. With all the default blocked domains loaded, what is the average memory usage? Currently, I am using Pi-hole on a low memory single board computer. Is it possible to use this instead of Pi-hole? If so, I’d like to use it for all of my devices."
Thanks! If you hit any issues during setup, feel free to open an issue — happy to help debug. The dashboard at localhost:5380 shows what's happening in real time.
Same hack here ; I have no DSN running by default - much more handy than having to set up nginx as it has no opinion on the targeted infrastructure. And the bonus point is that you can see every sneaky request that happens when you browse ; so another side-project connected to this is to make an inventory and policy filter
Yes sir!
The query log is at GET /querylog (or on the dashboard) shows every request with domain, type, path (forwarded/recursive/cached/blocked) and latency
this is really clean. the auto-TLS for local dev is the killer feature imo, so many hours wasted fighting mkcert and nginx configs. do you plan to support docker/container networking? being able to resolve service names across docker compose setups would make this a no-brainer for teams.
Actually, if you point a container's DNS at the host (dns: [host.docker.internal] in compose), it works for resolution + ad blocking for the reverse however, I've added it on the radar, thanks!
Yes — numa install generates a local CA and stores it in the system trust store. When you register a .numa service, it generates a per-service TLS cert signed by that CA
Thanks! If you hit any issues during setup, feel free to open an issue — happy to help debug. The dashboard at localhost:5380 (or at https://numa.numa)
It's neither here nor there but can I ask about the name? I only ask because when I see "numa" in relation to computing I immediately think "Non-Uniform Memory Access".
Very cool project by the way. I wonder how this would run on an OpenWRT device.
I see in your install.sh that you support Linux and Darwin/MacOS, do you think there would be any major hurdles in supporting FreeBSD?
also in romanian nume = name(dns) and I also get the easter egg of that well known Romanian song numa numa :) https://www.youtube.com/watch?v=YnopHCL1Jk8
On OpenWRT — it's musl-based Linux so the binary should run the arm one would need a crosscompile Free BSD can be done (pr's welcome?)
On the web site, it's named after the second King of Rome
Nice idea. To test I ran a simple nextjs on port 3000. Added the service via the dashboard. However, when I visit the url, (using chrome latest version), https://{mygivenname}.numa/ I hit a DNS resolution fail error. If I do not use a trailing '/' then it is going to google search for {mygivenname}.numa and shows me some search results. Should I open an issue?
Is it possible you didn't start it as root ( sudo numa install)? Does dig {mygivenname}.numa @127.0.0.1 return 127.0.0.1 ? What OS are you on? Maybe you report it as an issue?
Thanks for quick response. It started to work. I think it must be some caching issue. But it needs a trailing '/' . Maybe will raise the issue for this. Cool.
I believe that is actually browser specific behavior. I sometimes use a fake TLD for stuff hosted at home, and both chrome and firefox resort to search if I don't include a trailing '/'. My assumption is the browser does a quick match against known TLDs and if it doesn't match then it resorts to search.
exactly, I'll add a pr soon that tells the os (and browsers) that is'a a valid domain
Since I needed it to be my primary DNS, I also added: recursive resolution from root nameservers, DNSSEC chain-of-trust validation, ad blocking (385K+ domains), and LAN service discovery.
I wrote about the DNSSEC implementation here: https://numa.rs/blog/posts/dnssec-from-scratch.html It's now my daily system DNS. Single binary (~8MB), macOS/Linux/Windows.
`sudo numa install`
Very interesting project! I have a couple of questions. With all the default blocked domains loaded, what is the average memory usage? Currently, I am using Pi-hole on a low memory single board computer. Is it possible to use this instead of Pi-hole? If so, I’d like to use it for all of my devices."
With 390K blocked domains: ~31MB total process footprint. Breakdown: - Blocklist: 23.4MB (390K domains) - Cache: 3.8MB (4.4K entries) - Query log, SRTT, runtime: ~4MB
It binds to 0.0.0.0:53 by default, so just point your devices' DNS to the board's IP
Thanks! If you hit any issues during setup, feel free to open an issue — happy to help debug. The dashboard at localhost:5380 shows what's happening in real time.
Why are you replying to your own coment?
I think it's a bot? There's an identical version of this comment in another reply, except it cuts off half way through a sentence.
I hit reply on the wrong post and you can't delete comments or at least I don't see how it can be done
because I clicked reply on the wrong one and you can't delete it...
Same hack here ; I have no DSN running by default - much more handy than having to set up nginx as it has no opinion on the targeted infrastructure. And the bonus point is that you can see every sneaky request that happens when you browse ; so another side-project connected to this is to make an inventory and policy filter
Yes sir! The query log is at GET /querylog (or on the dashboard) shows every request with domain, type, path (forwarded/recursive/cached/blocked) and latency
this is really clean. the auto-TLS for local dev is the killer feature imo, so many hours wasted fighting mkcert and nginx configs. do you plan to support docker/container networking? being able to resolve service names across docker compose setups would make this a no-brainer for teams.
Actually, if you point a container's DNS at the host (dns: [host.docker.internal] in compose), it works for resolution + ad blocking for the reverse however, I've added it on the radar, thanks!
How does auto-TLS work? It makes a self signed certificate automatically?
Yes — numa install generates a local CA and stores it in the system trust store. When you register a .numa service, it generates a per-service TLS cert signed by that CA
feature request: libnuma so i can use it programmatically with configuration. also, multiple user defined blocklists.
Multiple blocklists already work -https://github.com/razvandimescu/numa/blob/main/numa.toml#L4... The pieces are already there for libnuma, it could be done, would you share what use case you have in mind?
Cool idea, every developer running apps in dev on their machine knows this pain for sure. I'll give it a spin and let you know how it goes!
Thanks! If you hit any issues during setup, feel free to open an issue — happy to help debug. The dashboard at localhost:5380 (or at https://numa.numa)
very interesting. how does the blocklist work? can one manage the lists? like StevenBlack or others.
Yes, it is configurable as a list https://github.com/razvandimescu/numa/blob/main/numa.toml#L4...
There's also a per-domain allowlist and you can pause/unpause blocking from the dashboard or API.
Here's how the resolution pipeline looks like: https://numa.rs/blog/posts/dns-from-scratch.html#the-resolut...
I think I need to give this a go. Cool project.
Thanks! Let me know how it goes.
we need a [slop] flag in the headlines
Rust it’s crazy good
Great idea, pity about the slop.