Everlock modular self-hosting in one binary
Search RSS feed

Documentation

Last updated in git: 2026-06-11

Getting started: standalone DNS zone

This walkthrough starts Everlock as a local authoritative DNS server, creates one zone, adds a few explicit records, and verifies the answers with dig.

This is the simplest DNS-first setup:

  • no HTTP site
  • no mail backend usage
  • one zone managed directly through /dns ...

1. Start Everlock with DNS enabled

For a local first pass, bind DNS to 127.0.0.1:5353 so you do not need root:

everlock serve \
  --frontend-ssh \
  --backend-admin-ssh \
  --frontend-dns \
  --frontend-dns-listen-udp 127.0.0.1:5353 \
  --frontend-dns-listen-tcp 127.0.0.1:5353 \
  --backend-dns-dns \
  --admin-user admin \
  --admin-password change-me

This gives you:

  • the admin SSH console on port 2222
  • authoritative DNS on 127.0.0.1:5353

2. Open the admin console

Connect over SSH:

ssh -p 2222 admin@127.0.0.1

Use the bootstrap password:

change-me

You should land in the Everlock admin REPL:

Everlock Admin
>

3. Create a zone

Create one authoritative zone:

/users grant admin ssh/dns/* owner
/dns zones create jens.dev

The first command gives the admin user the DNS-wide owner grant needed for zone creation. The second creates data/everlock-dns/jens.dev.toml and reloads the DNS view immediately.

List zones:

/dns zones list

Expected shape:

jens.dev

4. Add explicit records

Add one apex A record and one www alias:

/users grant admin ssh/dns/jens.dev writer
/dns records create jens.dev name=@ type=A value=127.0.0.1 ttl=300
/dns records create jens.dev name=www type=CNAME value=jens.dev ttl=300

Now inspect the effective zone view:

/dns records list jens.dev

You should see:

  • generated SOA
  • generated NS
  • the explicit apex A
  • the explicit www CNAME

5. Query the zone with dig

Check the generated zone metadata:

dig @127.0.0.1 -p 5353 jens.dev SOA
dig @127.0.0.1 -p 5353 jens.dev NS

Check the explicit records:

dig @127.0.0.1 -p 5353 jens.dev A
dig @127.0.0.1 -p 5353 www.jens.dev CNAME

Expected answer shape:

  • jens.dev SOA ns1.jens.dev hostmaster.jens.dev ...
  • jens.dev NS ns1.jens.dev
  • jens.dev A 127.0.0.1
  • www.jens.dev CNAME jens.dev

6. What Everlock stored

Current DNS state is split between the system config store and the dedicated DNS content store:

  • runtime config: data/everlock-system/config/dns.toml
  • explicit zone file: data/everlock-dns/jens.dev.toml

/dns zones create creates the zone file in everlock-dns.

/dns records create updates the zone file.

Generated SOA and NS records are not stored as explicit records. They are rebuilt in memory by backend-dns-dns.

7. What to try next

  • add AAAA, MX, TXT, or NS records with /dns records create
  • replace a record set with /dns records set
  • remove one owner/type with /dns records delete
  • reload the DNS view after manual edits with /dns reload

Read next

dns getting-started