{"id":13678862,"url":"https://github.com/namecoin/ncdns","last_synced_at":"2026-01-12T07:44:41.819Z","repository":{"id":22037499,"uuid":"25365800","full_name":"namecoin/ncdns","owner":"namecoin","description":":globe_with_meridians: Namecoin to DNS bridge daemon","archived":false,"fork":false,"pushed_at":"2024-05-18T02:01:19.000Z","size":537,"stargazers_count":134,"open_issues_count":58,"forks_count":40,"subscribers_count":12,"default_branch":"master","last_synced_at":"2024-08-02T13:24:59.429Z","etag":null,"topics":["anticensorship","blockchain","certificates","civil-liberties","cryptography","dane","decentralized","dns","dnssec","free-speech","hacktoberfest","human-rights","internet-freedom","namecoin","p2p","privacy","security","tls","x509"],"latest_commit_sha":null,"homepage":"https://www.namecoin.org/","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/namecoin.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"COPYING","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2014-10-17T15:59:59.000Z","updated_at":"2024-08-02T13:24:59.430Z","dependencies_parsed_at":"2024-06-18T19:58:57.584Z","dependency_job_id":"67b7248c-4a68-4bb9-a174-9778ff3177b5","html_url":"https://github.com/namecoin/ncdns","commit_stats":null,"previous_names":["hlandau/ncdns"],"tags_count":19,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/namecoin%2Fncdns","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/namecoin%2Fncdns/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/namecoin%2Fncdns/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/namecoin%2Fncdns/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/namecoin","download_url":"https://codeload.github.com/namecoin/ncdns/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":224179173,"owners_count":17269017,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["anticensorship","blockchain","certificates","civil-liberties","cryptography","dane","decentralized","dns","dnssec","free-speech","hacktoberfest","human-rights","internet-freedom","namecoin","p2p","privacy","security","tls","x509"],"created_at":"2024-08-02T13:00:59.208Z","updated_at":"2026-01-12T07:44:41.813Z","avatar_url":"https://github.com/namecoin.png","language":"Go","funding_links":[],"categories":["Go"],"sub_categories":[],"readme":"ncdns\n=====\n\nA Go daemon to bridge Namecoin to DNS. The daemon acts as an authoritative\nnameserver and queries a Namecoin daemon over JSON-RPC in order to obtain zone\ndata.\n\nThe daemon can optionally sign zones with DNSSEC and supports the use of DS\nrecords in Namecoin. It works best when used by Unbound or another recursive\nresolver, or as an authoritative nameserver for a stub zone.\n\nUsing ncdns to provide a suffix\n-------------------------------\nThe daemon acts as an authoritative nameserver for any name containing a 'bit'\nlabel. For example, all of the following queries return the same records:\n\n  - example.bit.\n  - example.bit.example.com.\n\nThis enables the easy use of suffixes. (Note that this will cause a different\nhostname to be transmitted for protocols like HTTP, and server configuration\nmay need to be modified to enable this. In some cases there may be no simple\nsolution to enabling arbitrary suffix use with a given piece of server\nsoftware, in which known suffixes can be configured; patches for such software\nwould be desirable.)\n\nUsing ncdns with a recursive resolver\n-------------------------------------\nOf course the daemon can also be used simply as an authoritative nameserver for\nbit. directly. One way to do this is to run a recursive resolver (such as\nUnbound) and configure it to serve the zone as a 'stub zone'. An example\nUnbound configuration is in `_doc/unbound.conf.d/ncdns.conf`.\n\nIf you don't want to use DNSSEC, an additional Unbound configuration is in\n`_doc/unbound.conf.d/ncdns-insecure.conf`.\n\nIf you do want to use DNSSEC, see the instructions below.\n\nNote how you can specify a port other than 53. This allows you to run both\nUnbound and ncdns on the same machine. Alternately, you could add an additional\nloopback IP address (127.0.0.2) and bind ncdns to that. This is useful if your\nrecursive resolver doesn't support a port number other than 53.\n\nUsing DNSSEC\n------------\nTo use DNSSEC, generate keys with `dnssec-keygen` or `ldns-keygen`. You will need\nto generate a key-signing key and a zone-signing key:\n\n    # Generate KSK.\n    $ dnssec-keygen -a RSASHA256 -3 -b 2048 -f KSK bit\n\n    # Generate ZSK.\n    $ dnssec-keygen -a RSASHA256 -3 -b 2048 bit\n\nEach of these commands will generate a pair of files, a `.key` file and a\n`.private` file.  Make a note of which is the KSK and which is the ZSK. If you\nforget, check the comments inside the .key file. (If there are no comments for\nsome reason, a KSK usually contains the string `DNSKEY 256` and a ZSK\n`DNSKEY 257`.)\n\n(You could substitute something else for `bit` as ncdns doesn't care. However\nif you want to use the key as a trust anchor with a recursive resolver such as\nunbound, you should specify `bit`.)\n\nIf using Unbound as a recursive resolver, you should add the KSK's public key file\nas a trust anchor to unbound like so:\n\n    server:\n      trust-anchor-file: \"/etc/unbound/keys/bit.key\"\n\n`bit.key` should be the file containing the KSK DNSKEY (or DS) which ncdns is\nconfigured to use.\n\nBuilding\n--------\n\nPrerequisites:\n\n1. Ensure you have the Go tools installed.\n\n2. If using Linux, ensure you have the `libcap` development headers\n   installed. (Most distributions will have a package called `libcap-dev` or\n   similar.)\n\nOption A: Using Go build commands without Go modules (works on any platform with Bash; only Go 1.15-1.16.x; will not work on Go 1.17+):\n\n1. Ensure you have the `GOPATH` environment variable set. (For those not\n   familar with Go, setting it to the path to an empty directory will suffice.\n   The directory will be filled with build files.)\n\n2. Run `export GO111MODULE=off` to disable Go modules.\n\n3. Run `go get -d -t -u github.com/namecoin/ncdns/...`. The ncdns source code will be\n   retrieved automatically.\n\n4. Run `go generate github.com/namecoin/certinject/...`.  The ReactOS property list will be parsed.\n\n5. Run `go generate github.com/namecoin/x509-compressed/...`.  The compressed public key patch will be applied.\n\n6. Run `go get -t -u github.com/namecoin/ncdns/...`.  ncdns will be built. The binaries will be at `$GOPATH/bin/ncdns`.\n\nOption B: Using Go build commands with Go modules (works on any platform with Bash; Go 1.15+:\n\n1. Clone [certinject](https://github.com/namecoin/certinject), [x509-compressed](https://github.com/namecoin/x509-compressed), and ncdns to sibling directories.\n\n2. Install `certinject` according to its instructions.\n\n3. Install `x509-compressed` according to its \"with Go modules\" instructions.\n\n4. Run the following in the ncdns directory to set up Go modules:\n   \n   ~~~\n   go mod init github.com/namecoin/ncdns\n   go mod edit -replace github.com/coreos/go-systemd=github.com/coreos/go-systemd/v22@latest -replace github.com/namecoin/certinject=../certinject -replace github.com/namecoin/x509-compressed=../x509-compressed\n   go mod tidy\n   ~~~\n\n5. Run `go install ./...`.  ncdns will be built. The binaries will be at `$GOPATH/bin/ncdns`.\n\nOption C: Using Makefile (non-Windows platforms):\n\n1. Run `make`. The source repository will be retrieved via `go get`\n   automatically.\n\nncdns can be run as a Windows service; see the output of `ncdns --help`.\n\nConfiguration\n-------------\nncdns uses a configuration file which is looked for at `../etc/ncdns.conf`\n(relative to the executable path) and `/etc/ncdns/ncdns.conf`. You can override\nthis and all options on the command line. An annotated example configuration\nfile `ncdns.conf.example` is available in doc.\n\nYou will need to setup a `namecoind`, `namecoin-qt` or compatible Namecoin node\nand enable the JSON-RPC interface. You will then need to provide `ncdns` with\nthe address of this interface and any necessary username and password via the\nconfiguration file.\n\nIf you only want to resolve .bit names yourself, here is a suggested setup on\nLinux:\n\n  - Install `namecoind` (or `namecoin-qt`) and set it to start automatically\n    at boot or login. Set up the JSON-RPC interface and make sure it works\n    by making a test query: `namecoind name_show d/example`.\n\n  - Write a ncdns configuration file and set ncdns up to start at boot.\n    Since Unbound will tie up port 53, set a different port (ideally one \u003e=1024,\n    so it needn't be run as root.) Test that ncdns works by trying to resolve\n    a `.bit` domain. If you want to use DNSSEC, generate keys as shown above\n    and configure ncdns appropriately.\n\n  - Install and setup the Unbound recursive resolver on your system. On most\n    systems, the recommended way to install Unbound is to install DNSSEC\n    Trigger, which installs and configures Unbound automatically.\n\n    If you wish to use DNSSEC, add the ncdns DNSKEY to Unbound as a trust\n    anchor as shown above. See above for configuration suggestions.\n\n  - Edit `/etc/resolv.conf` to point to the Unbound resolver at 127.0.0.1.\n    (If this file is generated automatically via DHCP or similar, you may\n     find these changes keep getting wiped out. Either reconfigure whatever\n     keeps overwriting it to stop doing so, or, as a stopgap measure, make\n     the file immutable using `chattr +i`.)\n\nLicence\n-------\n    Licenced under the GPLv3 or later.\n    © 2014-2015 Hugo Landau \u003chlandau@devever.net\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnamecoin%2Fncdns","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnamecoin%2Fncdns","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnamecoin%2Fncdns/lists"}