seiso.moe / onis
auth dns over atproto
fork atom
Rust 87.8%
Nix 12.2%
2 1 0

Clone this repository

https://tangled.org/seiso.moe/onis
git@knot.kiri.systems:seiso.moe/onis

For self-hosted knots, clone URLs may differ based on your setup.

Download tar.gz
README.md

onis#

decentralized dns over atproto :3

pdsls is the easiest way to manage your records currently.

needed:

  • atproto account
  • domain
  • access to the domain's current NS settings

1. declare your zone#

create a systems.kiri.zone record on your PDS:

{
  "$type": "systems.kiri.zone",
  "domain": "example.com"
}

2. set up verification#

onis needs to confirm you actually control the domain two things are checked:

a) NS delegation

ns1.kiri.systems
ns2.kiri.systems

if you are running this yourself it should match your expected_ns config

b) TXT ownership proof

_onis-verify.example.com.  TXT  "did:plc:your-did-here"

once both of these are passing your domain is verified :D

3. publish dns records#

you will also need to copy the TXT _onis-verify.example.com verification check to a systems.kiri.dns#txtRecord as well.

A record:

{
  "$type": "systems.kiri.dns",
  "domain": "example.com",
  "ttl": 300,
  "record": {
    "$type": "systems.kiri.dns#aRecord",
    "address": "93.184.216.34"
  }
}

AAAA record:

{
  "$type": "systems.kiri.dns",
  "domain": "example.com",
  "ttl": 300,
  "record": {
    "$type": "systems.kiri.dns#aaaaRecord",
    "address": "2001:db8::1"
  }
}

CNAME record:

{
  "$type": "systems.kiri.dns",
  "domain": "www.example.com",
  "ttl": 300,
  "record": {
    "$type": "systems.kiri.dns#cnameRecord",
    "cname": "example.com"
  }
}

MX record:

{
  "$type": "systems.kiri.dns",
  "domain": "example.com",
  "ttl": 300,
  "record": {
    "$type": "systems.kiri.dns#mxRecord",
    "preference": 10,
    "exchange": "mail.example.com"
  }
}

TXT record:

{
  "$type": "systems.kiri.dns",
  "domain": "example.com",
  "ttl": 300,
  "record": {
    "$type": "systems.kiri.dns#txtRecord",
    "values": ["v=spf1 include:example.com ~all"]
  }
}

SRV record:

{
  "$type": "systems.kiri.dns",
  "domain": "_sip._tcp.example.com",
  "ttl": 300,
  "record": {
    "$type": "systems.kiri.dns#srvRecord",
    "priority": 10,
    "weight": 60,
    "port": 5060,
    "target": "sip.example.com"
  }
}

ttl is optional on all records — if you leave it out, the zone's SOA minimum is used (default 300s). WARNING => on ns1.kiri.systems and ns2.kiri.systems this is a floor of 60 seconds.

full example#

Here's what a real setup looks like. User did:plc:adtzorbhmmjbzxsl2y4vqlqs setting up blu.red:

zone declaration (systems.kiri.zone collection): https://pds.ls/at://did:plc:adtzorbhmmjbzxsl2y4vqlqs/systems.kiri.zone/3mdr6rm2trm2y

{
  "$type": "systems.kiri.zone",
  "domain": "blu.red"
}

verification TXT (systems.kiri.dns collection): https://pds.ls/at://did:plc:adtzorbhmmjbzxsl2y4vqlqs/systems.kiri.dns/3mdt7enp5nu2y

{
  "$type": "systems.kiri.dns",
  "domain": "_onis-verify.blu.red",
  "record": {
    "$type": "systems.kiri.dns#txtRecord",
    "values": [
      "did:plc:adtzorbhmmjbzxsl2y4vqlqs"
    ]
  }
}

License#

MIT