Browse
DNS backends
DNS backends
Everlock DNS is now a real runtime path:
frontend-dnsserves DNS over UDP and TCPbackend-dns-dnsprovides the authoritative record logic
Current model
DNS is global, not multi-instance.
Its state is split across:
everlock-system/config/dns.tomleverlock-dns/<zone>.toml
The backend combines:
- derived records from other Everlock services
- explicit records stored in zone files
- generated SOA and
ns1/ns2NS records for each owned zone
Explicit records override derived records by name + type.
Getting started
What it currently derives
The current implementation derives DNS records from:
- site vhosts
- image vhosts
- OCI registry vhosts
- mail domains
Address records use the DNS defaults from config/dns.toml when available.
listen_udp and listen_tcp in config/dns.toml accept comma-separated bind
addresses, so you can bind explicit IPv4 and IPv6 addresses instead of
0.0.0.0:53.
If those defaults are configured, Everlock checks them against the local interface list at startup and warns if they do not match any local address.
If they are unset, Everlock guesses runtime defaults from the local interface list, preferring public addresses before falling back to local ones.
Mail domains also derive:
MX <zone> -> 10 mail.<zone>- address records for
mail.<zone>
Current gaps
Still missing:
- warning/reporting for suppressed derived records
- SSH public-host derived records
- ACME DNS-01 integration
For the detailed internal design and next steps, see the internal DNS backend doc.