Use cases

Built for every scale, from homelab to ISP.

rDNS is one binary with one config file. The deployment shape is whatever you want it to be.

Self-hosted homelab resolver

Replace your router's DNS with something you control. Encrypted queries to upstream, full DNSSEC validation, local cache.

[server]
mode = "resolver"

[resolver]
forwarders = ["1.1.1.1", "9.9.9.9"]
dnssec = true
qname_minimization = true

[cache]
max_entries = 1_000_000
serve_stale = true

Network-wide ad & tracker blocking

Pi-hole-style blocking using standards-compliant Response Policy Zones. Drop in any BIND-compatible blocklist (Steven Black, hagezi, etc.) as an RPZ file.

[[rpz.zones]]
name = "rpz.adblock"
file = "/etc/rdns/rpz/blocklist.rpz"

[[rpz.zones]]
name = "rpz.malware"
file = "/etc/rdns/rpz/malware.rpz"

ISP / enterprise authoritative

Serve thousands of zones from PostgreSQL. LISTEN/NOTIFY drives hot reloads when zones change — no restart, no reload signal.

[server]
mode = "authoritative"

[authoritative]
source = "database"

[authoritative.database]
connection = "postgresql://rdns:..."

High availability (CARP VIP)

Active-passive cluster behind a CARP virtual IP. rDNS listens on the wildcard, so failover is transparent to clients.

[listeners]
udp = ["0.0.0.0:53", "[::]:53"]
tcp = ["0.0.0.0:53", "[::]:53"]

Or bind both physical and VIP explicitly:

[listeners]
udp = ["192.168.1.1:53", "192.168.1.254:53"]
tcp = ["192.168.1.1:53", "192.168.1.254:53"]

Get rDNS running in 60 seconds.

Single static binary. TOML config. MIT licensed. Linux, FreeBSD, and macOS.

Install → View on GitHub