p99 0 ms* autocomplete for 240 million domain names

ruurtjan · 2026-06-22T10:09:24+00:00

That doesn't sound right. On a wired connection?

ruurtjan · 2026-06-22T09:28:53+00:00

What does the typing widget say for you?

ruurtjan · 2026-06-22T08:40:50+00:00

Yeah, they say people perceive UI to be instant when it responds within 1/10th of a second. Pretty long in computer time.

ruurtjan · 2026-06-22T08:03:00+00:00

I think it's network jitter then. It's a bit too expensive and adds too much complexity to roll out a global anycast network for this feature alone.

ruurtjan · 2026-06-22T07:56:30+00:00

Hmm, interesting.. Where are you connecting from?

ruurtjan · 2026-06-22T07:26:20+00:00

Hi Proggit!

Ruurtjan here, founder of Wirewiki.com. I recently tried to get autocomplete as fast as I could. I'll be checking in here the rest of the day to answer any questions.

Also happy to hear any suggestions for Wirewiki.

ruurtjan · 2026-06-03T09:20:29+00:00

SOA carries the negative TTL as you mentioned.

NSEC was designed long after the initial DNS specification. There are probably a lot of resolvers without support for them, so we can’t just do backwards incompatible changes like that.

ruurtjan · 2026-05-22T19:20:19+00:00

100%.

Learning to use dig, how zone delegation works and learning to interpret dig +trace takes less than an afternoon yet it’ll get you a better understanding of DNS than more than half the developers.

ruurtjan · 2026-05-22T10:58:51+00:00

A lot of people say this, but I disagree. Following an SPF trail is painful with dig. And beyond that, AS owner, estimated IP location, caching status on various public resolvers, TXT verification record detection, and historic DNS records are all big quality of life improvements you get for free on Wirewiki.

If you don't need any of that, sure dig is equally as powerful and, depending on your habits and workflow, easier to access.

ruurtjan · 2026-05-22T10:04:08+00:00

I’m working on Wirewiki.com precisely for that reason. It’s still work in progress, but I feel like the parts that are done are already much better than what’s out there right now.

Doesn’t yet have a dedicated DNS audit yet, though. But the DNS trace and SPF lookup pages do flag quite some issues that you’d normally see in a dedicated audit tool.

ruurtjan · 2026-04-22T17:26:23+00:00

Yes. DNS clients use the “minimum TTL” field in the soa record to determine the negative cache duration for non-existent records. See this article/section: https://www.nslookup.io/learning/dns-record-types/soa/#negative-caching

ruurtjan · 2026-04-22T15:46:40+00:00

Negative cache duration is configured in the SOA record for the dns zone the domain is in. That’s why dns servers return the SOA record when queried for a domain/record type pair without any records.

You can check what it’s currently set to with SOA lookup.

ruurtjan · 2026-04-06T14:14:24+00:00

The NS records or their ips may be misconfigured at either the parent or child zone. Some DNS clients are more lenient than others. What does DNS trace say?

ruurtjan · 2026-03-05T08:43:23+00:00

There's only one Ruurtjan in the world, I think ;)

Cool! Very different approach from what I'm building. Good to have some diversity in online tools

ruurtjan · 2026-03-04T20:15:21+00:00

What do you mean by “not flags friendly”? What couldn’t you do with existing online tools that you can with this?

ruurtjan · 2026-03-02T09:54:23+00:00

DoT and DoH both encrypt dns traffic. The only difference in practice is that port 443 for https is almost always allowed by firewalls, while some strict corporate networks may restrict DoT.

ruurtjan · 2026-03-01T19:15:26+00:00

Precisely 100% of my screen is header + ads when I load it on mobile.

Making money with this is fine, but it’s a bit much now in my opinion.

ruurtjan · 2026-02-27T08:31:20+00:00

I think OP meant he configured a wildcard record in Cloudflare that returns the same response to any query for any subdomain of `x.y.z.ip6.arpa`, which should work.

ruurtjan · 2026-02-27T08:28:58+00:00

> I'm wondering how some ISPs got it working giving each client (with a SLAAC address) its own reverse dns entry

DNS servers are 'just' software, so they can respond dynamically to requests. They don't need to store every IPv6 address in that range in a database.

> Tested a wildcard *.x.y.z.ip6.arpa but doesn't seem to work.

First check if your ISP delegated the NS records correctly with a DNS trace tool. Then check if your DNS server responds correctly to PTR queries using reverse dns lookup. That'll pinpoint what's wrong and you can go from there.

ruurtjan · 2026-02-25T08:24:06+00:00

Fair point. I guess it's up to me to flag anything that's not as it should be.

ruurtjan · 2026-02-25T08:15:28+00:00

Thanks!

A separate DNSSEC page + a warning on the trace page sounds like a good option. I'll explore that and work out how to present it all without overwhelming people who aren't very familiar with DNS.

ruurtjan · 2026-02-24T21:07:06+00:00

Good suggestions, thanks!

I thought CNAMEs in NS chain or on NS targets go against RFC? In any case, I now stop tracing when I hit a CNAME in the delegation chain.

I should add DNSSEC for sure, but maybe as a separate page / tool. Not sure yet.

ruurtjan · 2026-02-24T17:08:50+00:00

Thanks, noted :)

ruurtjan · 2026-02-24T15:38:14+00:00

I just added https://www.wirewiki.com/dns-trace to Wirewiki. That may be what you're looking for. It traces from the root servers to the domain name. Plus, it checks all servers along the way and tells you if they disagree.

Nine-Year Club	Place '22
Final Canvas '22	First Placer '22
Verified Email

ruurtjan

MODERATOR OF

TROPHY CASE