@SYNTHETISM:~$
/docs
/synet-dev
/synet-dns-server
/README.md
Documents

Title: Synet DNS Server

Last Update: 29.04.25

:: synet-dns-server

Synet DNS Server

Overview

The synet-dns-server is a lightweight authoritative DNS server for managing .sy domains inside the Synet network. It forms the backbone of centralized DNS resolution, syncing with the Synet Root Registry and exposing an authenticated API for synet-dns clients.

This package is meant to be run by service providers, gateways, or enterprise infrastructure teams who require trusted .sy resolution for public-facing services.

Core Functions

Area Description
DNS Responder Responds to .sy domain queries (A/AAAA/CNAME/NS).
Auth API Exposes secure endpoints for managing zone records.
Proxy Mode Optionally hides backend IPs (privacy-enhanced).
Root Registry Sync Periodically pulls .sy NS delegation updates from the Synet root.

Technology Stack

Component Suggested Stack
DNS Engine Go or Python + dnslib, or external resolver (e.g., CoreDNS)
API Server FastAPI (Python) or Express (Node.js)
Sync Daemon Cronjob, webhook, or task scheduler
Config Store YAML files or Redis-backed state (planned)

Key Components

1. DNS Listener

  • Listens on UDP/TCP port 53.
  • Handles:
    • AAAA records for static IPs
    • A records (optional)
    • NS delegation
    • CNAME forwarding
  • Can optionally run in proxy mode, replacing backend IPs with the gateway’s.

2. Management API (FastAPI)

Authenticated endpoints:

POST /records/add         # Add or update a record
GET  /records             # Get all current records

Requests are signed by synet-dns using an authorized Synet keypair.

Example add request:

{
  "domain": "company.sy",
  "type": "AAAA",
  "ip": "fd00:1::200",
  "signature": "0x..."
}

3. Configuration File

# /etc/synet-dns/config.yaml

domains:
  - name: myai.sy
    records:
      - type: AAAA
        ip: fd00:1::100
    proxy: true  # Optional masking of backend IP

4. Root Registry Sync

Each instance pulls updated NS delegations from the Synet Root:

  • Ensures zone authority isn’t spoofed.

  • Verifies changes in *.sy ownership.

  • Run manually or as scheduled job:

synet-dns-server --sync --root-registry registry.synet.sy

Deployment Example

Minimal containerized DNS service:

docker run -p 53:53/udp \
  synet-dns-server \
  --domain company.sy \
  --root-registry registry.synet.sy \
  --api-key 0xABC...

Example Workflows

Client Resolves Domain

flowchart LR
  A[User or Bot] -->|Query| B[synet-dns-server]
  B -->|AAAA Record| C[fd00:1::100]

Record Update via CLI

synet-dns add-record --domain company.sy --type AAAA --ip fd00:1::200

Which translates into API request:

POST /records/add
{
  "domain": "company.sy",
  "type": "AAAA",
  "ip": "fd00:1::200",
  "signature": "0x..."
}

Design Principles

Principle Detail
Security All write operations require signed API calls.
Modularity Works standalone or behind enterprise infrastructure.
Trust Root Registry NS sync ensures valid zone ownership.
Extensibility Can add DNSSEC, caching layers, or move to db-backed records.

Contribution Opportunities

  • Add support for TXT, MX, or other records
  • Build admin dashboard (WebUI)
  • Improve proxy IP masking rules
  • DNSSEC signer (v2 roadmap)
  • Zone diff viewer for auditing

Learn more

Github repo
Client DNS
Dev Portal

Thoughts, Ideas, Cringe ?
Leave Message

Synthetism Foundation
No cookies, no ads, no traps.
Join