semihalev

semihalev/sdns

Go MIT DevOps

A high-performance, recursive DNS resolver server with DNSSEC support, focused on preserving privacy.

1.1k stars
70 forks
active
GitHub +2 / week

1.1k

Stars

70

Forks

3

Open issues

15

Contributors

v1.7.2 25 Jun 2026

AI Analysis

SDNS is a high-performance recursive DNS resolver server written in Go, emphasizing privacy through support for DNSSEC, DNS-over-HTTPS, DNS-over-TLS, and DNS-over-QUIC protocols. It serves organizations and privacy-conscious individuals who need an alternative to public DNS providers, with particular strength in environments requiring both performance and encrypted DNS communications.

DevOps Infrastructure Discovery value: 6/10
Documentation 8/10
Activity 9/10
Community 7/10
Code quality 8/10

Inferred from signals mentioned in the README (tests, CI, type safety) — not a review of the actual code.

Overall score 8/10

AI's overall editorial judgment — not an average of the bars above, can weigh other factors too.

dns-resolver privacy-networking golang-backend dnssec encrypted-dns
Actively maintained Well documented MIT licensed Niche/specialized use case Production ready
Deep Analysis · Based on README and public signals
21h ago

Privacy-focused recursive DNS resolver in Go with DNSSEC; modest adoption, actively maintained

SDNS is a Go-based recursive DNS server emphasizing privacy and DNSSEC validation, supporting modern encrypted transports (DoT, DoH, DoQ). It targets operators who want to run their own resolver with strong security guarantees. Real-world adoption appears limited to small-to-medium deployments and privacy-conscious communities; no evidence of large-scale institutional use. The project is actively maintained (last commit 2026-07-08) with steady but slow growth (~1k stars over 8 years). It solves a genuine technical problem but operates in a crowded category dominated by dnscrypt-proxy and alternative DNS services.

Origin

Created October 2018, SDNS emerged during the DNS privacy movement wave following widespread adoption of DNS-over-HTTPS. Written in Go for portability and performance, it reflects the era's focus on decentralizing DNS resolution and enabling individual operators to run privacy-respecting infrastructure. Development has been continuous but incremental, without major feature additions in recent years.

Growth

Growth has been gradual and plateauing. The project gained ~2 stars in the last 7 days (as of 2026-07-09), suggesting low ongoing visibility. The 1,063 stars accumulated over 8 years indicates adoption among privacy enthusiasts and self-hosting communities, but not exponential or mainstream momentum. Multi-packaging support (Docker, Homebrew, Snapcraft, AUR) suggests maintenance effort aimed at reducing friction for operators, but has not translated into visible community scaling.

In production

Adoption not verified. No public documentation of production deployments, user testimonials, or institutional deployments found in README. The project's presence in community package managers (Homebrew, AUR, Snapcraft) suggests some user base among self-hosting communities, but scale is unknown. GitHub stars (1,063) are low relative to competitors (dnscrypt-proxy: 13,459) and do not correlate reliably with production use.

Code analysis
Architecture

Likely a single-process recursive resolver with in-memory or file-backed caching, based on README references to 'directory' configuration for data storage. Appears to implement RFC-compliant DNSSEC validation, upstream server health monitoring (RTT tracking), and support for multiple encrypted protocols. Cannot assess code quality or internal design complexity from README alone.

Tests

README mentions `make test` command and codecov.io badge present, but test coverage percentage not stated in available documentation. Presence of CI workflows and coverage badge suggests some automated testing discipline, though depth is not quantified.

Maintenance

Active as of 2026-07-08 (one day before evaluation date). CI/CD workflows present and passing (GitHub Actions badge shown). Recent release versioning (1.7.2 referenced). However, lack of high-frequency commits or releases suggests maintenance is responsive but not intensive. Likely maintained by a small team or single maintainer. No evidence of major refactoring or feature development; maintenance appears focused on stability and security patches.

Honest verdict

ADOPT IF: you operate a self-hosted network, prioritize running your own authoritative or recursive resolver, require DNSSEC validation, value privacy-by-design, and can manage Go deployments or Docker. AVOID IF: you need widespread platform support, require commercial support, depend on a large active community for rapid bug fixes, or expect polished user interfaces. MONITOR IF: you are designing a privacy-focused DNS infrastructure and want to evaluate whether SDNS's maturity and feature set meet your specific requirements before committing.

Independent dimensions

Mainstream potential

3/10

Technical importance

6/10

Adoption evidence

2/10

Risks
  • Adoption appears limited to small/self-hosting communities; production use at scale not verified, reducing available operational experience and incident reports.
  • Small maintainer base (likely single or very small team) creates bus factor risk; project may stall if primary maintainer loses interest or capacity.
  • Slow growth trajectory (2 stars in 7 days as of 2026-07-09) suggests low ongoing visibility and community momentum; may lose relevance if not actively promoted or featured.
  • Fierce competition from established alternatives (dnscrypt-proxy, public DNS services) with better marketing and organizational backing; difficult to gain market share.
  • DNSSEC validation adds complexity and CPU overhead; may not scale well for high-traffic recursive resolvers without significant tuning or hardware investment.
Prediction

SDNS will likely remain a stable, niche tool for privacy-conscious self-hosters and small operators, maintained at a slow, sustainable pace. It may not grow significantly unless marketed to institutions or integrated into popular self-hosting distributions (e.g., Pi-hole, OpenWrt). Probability of mainstream adoption or acquisition is low; the project will probably evolve incrementally with periodic security updates rather than transformative feature work.

0 found this helpful

Newsletter

Get analyses like this every Monday

Free weekly digest of the most interesting open-source discoveries.

Languages

Go
99.8%
Shell
0.2%
Dockerfile
0%
Makefile
0%

Information

Language
Go
License
MIT
Last updated
2d ago
Created
95mo ago
Analyzed with
anthropic/claude-haiku-4-5

Stars over time

Loading…

Contributors over time

Top 100 contributors only — repos with more will plateau at 100.

Loading…

Similar repos

AdguardTeam

AdguardTeam/dnsproxy

DNS Proxy is a lightweight DNS server written in Go that supports modern...

3.2k Go DevOps
DNSCrypt

DNSCrypt/dnscrypt-resolvers

This project maintains curated lists of public DNSCrypt, DoH, and Oblivious DoH...

1.5k Go Security
DNSCrypt

DNSCrypt/dnscrypt-proxy

dnscrypt-proxy 2 is a DNS proxy that encrypts and authenticates DNS traffic...

13.5k Go Security
DNSCrypt

DNSCrypt/encrypted-dns-server

A high-performance encrypted DNS proxy server written in Rust that supports...

1.3k Rust Security
TechnitiumSoftware

TechnitiumSoftware/DnsServer

Technitium DNS Server is a self-hosted, cross-platform DNS resolver that...

9.1k C# Security
vs. alternatives
dnscrypt-proxy (13,459 stars)

Significantly larger community and mindshare. dnscrypt-proxy focuses on client-side encrypted DNS and proxy functionality, whereas SDNS is a full recursive server. Different positioning (client vs. server), but overlapping privacy goals. dnscrypt-proxy's 12x larger star count reflects broader mainstream adoption.

AdguardTeam/dnsproxy (3,152 stars)

More stars and likely broader commercial backing (AdGuard). Both support encrypted protocols (DoT, DoH). SDNS emphasizes DNSSEC validation and privacy; dnsproxy emphasizes filtering and caching. Complementary rather than direct competitors.

TechnitiumSoftware/DnsServer (9,088 stars)

C# alternative with larger community. Full-featured DNS server with UI, caching, filtering. SDNS is lighter-weight and CLI-focused. TechnitiumSoftware has 8.5x more stars, suggesting broader appeal to non-technical operators.

DNSCrypt/encrypted-dns-server (1,283 stars)

Rust-based, similar positioning (encrypted DNS server). Slightly fewer stars than SDNS, suggesting comparable but not larger adoption. Both are niche projects within the DNS ecosystem.

Public DNS services (Cloudflare 1.1.1.1, Quad9, etc.)

Not direct GitHub competitors, but the primary alternative to running a self-hosted resolver. SDNS targets operators unwilling to trust centralized resolvers; public services dominate mainstream DNS usage by volume.