A modern, feature-rich authoritative DNS server written in Java.
- Authoritative DNS server with UDP/TCP support (RFC 1035 compliant)
- Multiple record types: A, AAAA, CNAME, MX, TXT, NS, SOA
- JSON-based zone configuration for easy management
- Proper CNAME chain handling
- Additional records (glue) for NS/MX targets
- UDP truncation handling (sets TC flag for responses >512 bytes)
- Longest-suffix zone matching
- Rate limiting to prevent DNS amplification attacks
- Query metrics and monitoring
- Graceful shutdown with data persistence
- Concurrent request handling
- Input validation and error handling
- REST API for server management and monitoring
- Real-time metrics (QPS, success/failure rates, protocol stats)
- Health check endpoints
- Zone reload without server restart
- Structured logging with SLF4J/Logback
Copy .env.example to .env and adjust settings:
cp .env.example .envmvn clean package
java -jar target/jdns-1.0.jardig @localhost -p 53 example.local# Health check
curl http://localhost:8080/health
# View metrics
curl http://localhost:8080/metrics
# List zones
curl http://localhost:8080/zones
# Reload zones
curl -X POST http://localhost:8080/reload| Environment Variable | Default | Description |
|---|---|---|
JDNS_PORT |
53 | DNS server port (UDP/TCP) |
JDNS_MGMT_PORT |
8080 | Management API port |
JDNS_DATA_DIR |
.data | Zone files directory |
JDNS_MAX_QPS |
100 | Max queries per second per IP |
JDNS_RATE_LIMIT |
true | Enable rate limiting |
Zones are stored as JSON files in the data directory (e.g., .data/example_local_.zone.json):
{
"origin": "example.local.",
"defaultTtl": 300,
"admin": "hostmaster.example.local.",
"ns": ["ns1.example.local."],
"serial": 2025081701,
"records": [
{
"name": "@",
"type": "A",
"ttl": 60,
"data": "10.10.10.10"
},
{
"name": "www",
"type": "CNAME",
"data": "example.local."
},
{
"name": "@",
"type": "MX",
"priority": 10,
"data": "mail.example.local."
}
]
}GET /health- Server health statusGET /metrics- Query statistics and performance metricsPOST /metrics/reset- Reset metrics counters
GET /zones- List all loaded zonesGET /zones/{origin}- Get specific zone configurationPOST /zones/{origin}/reload- Rebuild zone indexPOST /reload- Reload all zones from disk
Logs are written to:
- Console: Colored output for development
- Files:
logs/jdns-YYYY-MM-DD.log(30-day retention)
- Per-IP query rate limiting (default: 100 QPS)
- Configurable time windows
- Automatic cleanup of old client statistics
- Returns REFUSED for rate-limited queries
- DNS message parsing validation
- Zone data validation during loading
- Proper error handling and logging
- DNSSEC Support - Digital signature validation
- Access Control Lists - IP-based query restrictions
- Zone Transfer (AXFR/IXFR) - Secondary server support
- Query Caching - Improve performance for repeated queries
- Prometheus Metrics - Industry-standard monitoring
- Configuration Validation - Startup-time validation
- Connection Pooling - Better TCP handling
- Audit Logging - Security event tracking
- Web UI - Graphical zone management
- Database Backend - Replace JSON files with database
- Clustering - Multi-server deployment support
- Let's Encrypt Integration - Automatic certificate management
┌─────────────────┐ ┌──────────────────┐ ┌─────────────────┐
│ DNS Clients │───▶│ DnsListener │───▶│ AuthoritativeEngine │
│ (dig, nslookup) │ │ (UDP/TCP:53) │ │ (Query Logic) │
└─────────────────┘ └──────────────────┘ └─────────────────┘
│ │
▼ ▼
┌─────────────────┐ ┌──────────────────┐ ┌─────────────────┐
│ Management API │ │ RateLimiter │ │ ZoneStore │
│ (HTTP:8080) │ │ (Security) │ │ (JSON Files) │
└─────────────────┘ └──────────────────┘ └─────────────────┘
│ │ │
▼ ▼ ▼
┌─────────────────┐ ┌──────────────────┐ ┌─────────────────┐
│ DnsMetrics │ │ Logging │ │ Zone Indexing │
│ (Monitoring) │ │ (SLF4J) │ │ (DNS Tree) │
└─────────────────┘ └──────────────────┘ └─────────────────┘
This project is licensed under the MIT License.