Fastly is hiring Staff Engineer, Traffic Management Systems
π§ #c #cplusplus #golang #rust #aws #gcp #kubernetes
π Denver, Colorado; New York City, New York; San Francisco, California
β° Full-time
π’ Fastly
Job details https://jobsfordevelopers.com/jobs/staff-engineer-traffic-management-systems-at-fastly-com-mar-20-2026-81042b?utm_source=mastodon.world&utm_medium=social&utm_campaign=posting
#jobalert #jobsearch #hiring
A "low priority" perf tweak in go53 β our self-hosted, open-source DNSSEC authoritative DNS server β turned into an afternoon of test-case hell.
Swapped an RWMutex config read for an atomic.Pointer (lock-free immutable snapshots): ~1.9Γ faster serial, ~19Γ on 20 cores. Five-minute change β 180 lines across 20 test files, plus a hidden DNSSEC-signing data race it surfaced.
Every shortcut has a price.
https://tenforward.se/blog/a-small-performance-fix-that-turned-into-test-case-hell/
#DNS #DNSSEC #Golang #SelfHosted #OpenSource #SysAdmin #go53

go53 issue #45 was labelled 'Low' priority: stop taking a mutex every time we read the live config on the DNS hot path. The fix was a textbook lock-free swap. The cleanup it triggered across the test suite was the larger half of the work.
European digital ID wallets are a gift to Google and Apple
https://waag.org/en/article/european-digital-id-wallets-are-gift-google-and-apple/
#HackerNews #EuropeanDigitalID #Google #Apple #PrivacyTech #DigitalWallets #Cybersecurity

European governments are rolling out digital identity wallets, which are to be used by citizens to access services, and to verify their age online. There is a serious problem with this: these wallets rely on safety services of Google and Apple.
π go53 0.79.0 is out:
β’ per-source-IP rate limiting on the UDP query path
β’ /healthz + /readyz probes for clean k8s rollouts
β’ CAA records
β’ DNSSEC-aware WAL backups + point-in-time restore
β’ EDNS/RFC hardening
Local-first, container-native, open.

go53 0.79.0 lands per-source-IP rate limiting on the UDP query path, /healthz and /readyz probes for clean rollouts, a new CAA record type, DNSSEC-aware WAL backups, and a round of RFC hardening. Here's what changed and why it matters.
Next release of go53: Backup & Restore that just works.
Full tar snapshots + a compact live WAL = point-in-time recovery for your
authoritative DNS β in just a couple of commands. Local-first, no external
database tooling, no fragile scripts.
Enable continuous archiving, restore the base, replay the WAL to any moment.
Read more:
https://tenforward.se/backup-restore-that-just-works-feat-full-snapshots-plus-a-live-wal/
π Go53 v0.78.0 is now available!
This release includes bug fixes, and continued development of a modern, high-performance authoritative DNS server written in Go, with ongoing work around DNSSEC and core DNS functionality.
π¦ Release notes and downloads:
https://github.com/TenforwardAB/go53/releases/tag/v0.78.0
π Live demo:
https://demo.go53.eu
Login: go53_admin / go53_admin
π₯οΈ Looking for a simpler web interface?
Check out the Go53 Web Admin project:
https://github.com/TenforwardAB/go53-webadmin
We've done it: an API-driven authoritative DNS server written in Go.
It supports DNSSEC, NSEC/NSEC3 denial, TSIG/transfers, API-managed zones, and distributed replication. Thereβs also
a webadmin UI for trying it without writing API calls.
Demo: https://demo.go53.eu
Server: https://github.com/TenforwardAB/go53
UI: https://github.com/TenforwardAB/go53-webadmin
#DNS #DNSSEC #GoLang #OpenSource #SelfHosted #Sysadmin #DevOps
Please help supercharge #go53 β an event-driven, API-controlled DNS server thatβs eager to grow up and rule the internet
--> go53.eu