Smiley Face

unknown

Sliplane hit Hetzner DNS record limits and 90-minute propagation delays, so they built a custom DNS server in ~1000 lines of Go. The solution uses the hidden primary pattern: a private Go server (built on miekg/dns) serves zone data via AXFR/IXFR to Hetzner Robot's public secondary nameservers. Postgres LISTEN/NOTIFY acts as the event bus — triggers fire on service changes, the Go server hashes records to detect real changes, bumps the SOA serial, and sends DNS NOTIFY to secondaries. The result: propagation dropped from up to 90 minutes to near-instant. Key lessons include the need to implement IXFR (not just AXFR) since Hetzner Robot secondaries don't always fall back cleanly, and that the hidden primary pattern avoids vendor lock-in since AXFR/NOTIFY are standard protocols.

How We Built Our Own DNS Server

Bobby Iliev

Maybe this is a dumb question, but why not using a wildcard entry to a central reverse proxy?

Love it, we did nearly exactly the same thing years back. Glad to have intersecting ideas happening around!
Granted, our main issue was security more than “need for fast propagation”, but it boiled down to the same infrastructure design.

After reading this post i feel motivated

Even though the answer to “should you do it” is “probably not”, but ig it’s a great exercise even if you end up not using it lol!