# onis

decentralized dns over atproto :3

[pdsls](https://pdsls.dev) is the easiest way to manage your records currently.

needed:
- atproto account
- domain
- access to the domain's current NS settings 

## 1. declare your zone

create a `systems.kiri.zone` record on your PDS:

```json
{
  "$type": "systems.kiri.zone",
  "domain": "example.com"
}
```

## 2. set up verification

onis needs to confirm you actually control the domain two things are checked:

**a) NS delegation**

```
ns1.kiri.systems
ns2.kiri.systems
```

if you are running this yourself it should match your `expected_ns` config

**b) TXT ownership proof** 

```
_onis-verify.example.com.  TXT  "did:plc:your-did-here"
```

once both of these are passing your domain is verified :D

## 3. publish dns records

you will also need to copy the TXT `_onis-verify.example.com` verification check to a `systems.kiri.dns#txtRecord` as well.

**A record:**

```json
{
  "$type": "systems.kiri.dns",
  "domain": "example.com",
  "ttl": 300,
  "record": {
    "$type": "systems.kiri.dns#aRecord",
    "address": "93.184.216.34"
  }
}
```

**AAAA record:**

```json
{
  "$type": "systems.kiri.dns",
  "domain": "example.com",
  "ttl": 300,
  "record": {
    "$type": "systems.kiri.dns#aaaaRecord",
    "address": "2001:db8::1"
  }
}
```

**CNAME record:**

```json
{
  "$type": "systems.kiri.dns",
  "domain": "www.example.com",
  "ttl": 300,
  "record": {
    "$type": "systems.kiri.dns#cnameRecord",
    "cname": "example.com"
  }
}
```

**MX record:**

```json
{
  "$type": "systems.kiri.dns",
  "domain": "example.com",
  "ttl": 300,
  "record": {
    "$type": "systems.kiri.dns#mxRecord",
    "preference": 10,
    "exchange": "mail.example.com"
  }
}
```

**TXT record:**

```json
{
  "$type": "systems.kiri.dns",
  "domain": "example.com",
  "ttl": 300,
  "record": {
    "$type": "systems.kiri.dns#txtRecord",
    "values": ["v=spf1 include:example.com ~all"]
  }
}
```

**SRV record:**

```json
{
  "$type": "systems.kiri.dns",
  "domain": "_sip._tcp.example.com",
  "ttl": 300,
  "record": {
    "$type": "systems.kiri.dns#srvRecord",
    "priority": 10,
    "weight": 60,
    "port": 5060,
    "target": "sip.example.com"
  }
}
```

`ttl` is optional on all records — if you leave it out, the zone's SOA minimum is used (default 300s).
*WARNING* => on ns1.kiri.systems and ns2.kiri.systems this is a floor of 60 seconds.

## full example

Here's what a real setup looks like. User `did:plc:adtzorbhmmjbzxsl2y4vqlqs` setting up `blu.red`:


**zone declaration** (`systems.kiri.zone` collection):
https://pds.ls/at://did:plc:adtzorbhmmjbzxsl2y4vqlqs/systems.kiri.zone/3mdr6rm2trm2y

```json
{
  "$type": "systems.kiri.zone",
  "domain": "blu.red"
}
```


**verification TXT** (`systems.kiri.dns` collection):
https://pds.ls/at://did:plc:adtzorbhmmjbzxsl2y4vqlqs/systems.kiri.dns/3mdt7enp5nu2y

```json
{
  "$type": "systems.kiri.dns",
  "domain": "_onis-verify.blu.red",
  "record": {
    "$type": "systems.kiri.dns#txtRecord",
    "values": [
      "did:plc:adtzorbhmmjbzxsl2y4vqlqs"
    ]
  }
}
```
## License

MIT