(no title)

Why not just... use an authoritative DNS server?

> I think I’m doing a pretty bad of following the DNS RFCs

Yeah, probably, which makes this experiment much less worthwhile than just... doing the same thing on an actual DNS host.

BTW, experimentation is no replacement for training/education/experience. Just because an experiment results one way on the computer you're testing with, doesn't mean it will resolve the same way in another browser - or on another OS - or even just on a different ISP(/resolver).

> finding out who owns IP addresses with an ASN database - When a DNS requests comes in, it comes from an IP address. I wanted to tell users who owns that IP address (Google? Cloudflare? their ISP?). The obvious way is to do a reverse DNS lookup. But what if that doesn’t work?

Or just use one of the many databases that exists for exactly this purpose (and are free, like MaxMind's GeoLite ASN). Except, oh wait, you did do that (although with some random, auto-scraped database). Not sure what the point of rDNS is.

> I do a database write every time a DNS request comes in

Why? There's no reason to store that info on disk. As you say, "I could easily clear out old requests every hour and it probably wouldn’t make a difference"

> let’s talk about security

Sure, except you skipped over the "huh, I'm sharing cookies across all these people because I'm not on the PSL". But at least "the website's domain" isn't sharing cookies with 'em too?

Oh, and you also skipped over things like whether or not your roll-your-own DNS server is vulnerable to being used as an amplification vector (probably).

> I have one main opinion about programming, which is that deeply understanding the underlying systems

It's a shame she doesn't deeply understand the underlying systems she's using.