{"id":19118778,"url":"https://github.com/vedetta-com/dithematic","last_synced_at":"2025-06-24T16:36:38.652Z","repository":{"id":215851230,"uuid":"170351334","full_name":"vedetta-com/dithematic","owner":"vedetta-com","description":"OpenBSD DNS name server","archived":false,"fork":false,"pushed_at":"2019-09-15T18:46:32.000Z","size":119,"stargazers_count":22,"open_issues_count":4,"forks_count":1,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-05-05T14:52:17.977Z","etag":null,"topics":["nameserver","nsd","openbsd","powerdns"],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"isc","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/vedetta-com.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2019-02-12T16:27:07.000Z","updated_at":"2024-11-06T12:45:38.000Z","dependencies_parsed_at":"2024-01-07T01:44:58.063Z","dependency_job_id":"6b3cfbe9-5871-4576-a99f-46d2bd1d4d2d","html_url":"https://github.com/vedetta-com/dithematic","commit_stats":null,"previous_names":["vedetta-com/dithematic"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/vedetta-com/dithematic","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vedetta-com%2Fdithematic","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vedetta-com%2Fdithematic/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vedetta-com%2Fdithematic/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vedetta-com%2Fdithematic/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/vedetta-com","download_url":"https://codeload.github.com/vedetta-com/dithematic/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vedetta-com%2Fdithematic/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":261715194,"owners_count":23198716,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["nameserver","nsd","openbsd","powerdns"],"created_at":"2024-11-09T05:07:41.346Z","updated_at":"2025-06-24T16:36:38.615Z","avatar_url":"https://github.com/vedetta-com.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# dithematic (alpha)\n\nOpenBSD DNS name server\n\n![Dithematic Logo](src/usr/local/share/doc/dithematic/dithematic-256x256.png)\n\n## About\n\u003e autoritative nameserver for domain names\n\nDithematic configuration and guide for self-hosting [DNS](https://powerdns.org/dns-camel/)\n\n## Features\n\n[PowerDNS](https://doc.powerdns.com/authoritative/) features on [OpenBSD](https://github.com/openbsd/src/tree/master/usr.sbin/nsd)'s [NSD](https://man.openbsd.org/nsd.conf) shoulders\n\n## Getting started\n\n*Minimum requirements*\n- 512MB RAM, [10GB SSD](src/usr/local/share/doc/dithematic/disklabel)\n- reverse DNS (record type PTR) for each nameserver IP configured on hosting provider, with the primary DOMAIN_NAME\n\nGrab a copy of this repository, and put overrides in \"[Makefile](Makefile).local\" e.g.\n```console\n# Makefile.local\n\nEGRESS =\tvio0\n\nDOMAIN_NAME =\texample.com\n\nMASTER =\tyes\nMASTER_HOST =\tdot\n\nIPv4 =\t\t203.0.113.3\nIPv6 =\t\t2001:0db8::3\n\nUPGRADE =\tyes\n```\n\n*n.b.* UPGRADE uses [`sdiff`](https://man.openbsd.org/sdiff) side-by-side diff (with *new* on the right side)\n\nTest\n```sh\nmake beforeinstall\n```\n\nInstall\n```sh\nmake install\n```\n\nEdit [`zoneadd`](src/usr/local/bin/zoneadd) to match (or use `env`)\n```console\n# Dithematic IP\nMASTER_IP=\"${MASTER_IP:-\\\n 203.0.113.3 \\\n 2001:0db8::3 \\\n }\"\nSLAVE_IP=\"${SLAVE_IP:-\\\n 203.0.113.4 \\\n 2001:0db8::4 \\\n }\" # empty to disable\n\n# Vendor\nFREE_SLAVE=\"${FREE_SLAVE:-\\\n 1984.is \\\n FreeDNS.afraid.org \\\n GratisDNS.com \\\n HE.net \\\n Puck.nether.net \\\n }\" # empty to disable\n```\n\n*n.b.* rename and place [zone templates](https://github.com/vedetta-com/dithematic/tree/master/src/usr/local/share/examples/dithematic) in `/var/nsd/zones/master` (or start with a blank slate.)\n\nInstall DNS zone(s), e.g. on master: `example.com` and `ddns.example.com`\n```sh\nzoneadd example.com\nenv DDNS=true zoneadd ddns.example.com\n```\n\nEdit a zone\n```sh\nenv EDITOR=\"${EDITOR:-vi}\" pdnsutil edit-zone example.com\n```\n\n*n.b.* place existing TSIG key as `tsig.example.com`, CSK (or ZSK) as `example.com.CSK` in `/etc/ssl/dns/private` (or let [`zoneadd`](src/usr/local/bin/zoneadd) generate new keys.)\n\nSetup the [TSIG](https://tools.ietf.org/html/rfc2845) user on all dithematic nameservers, i.e. `tsig`\n```sh\nsu - tsig\nssh-keygen -t ed25519 -C tsig@example.com\nexit\n```\n\nShare TSIG user's public key with all dithematic slave nameservers, and update \"known_hosts\"\n```sh\nssh -4 -i /home/tsig/.ssh/id_ed25519 -l tsig dig.example.com \"exit\"\nssh -6 -i /home/tsig/.ssh/id_ed25519 -l tsig dig.example.com \"exit\"\n```\n\nEdit [`tsig-share`](src/usr/local/bin/tsig-share) on master to add slave nameserver names\n```console\nNS=\"${NS:-dig.example.com}\" # (space-separated) domain name(s), or IP(s)\n```\n\nShare master TSIG secret with slave nameservers, e.g.: `dig.example.com`\n```sh\nenv NS=\"dig.example.com\" tsig-share tsig.example.com\n```\n\n[DNS UPDATE](https://tools.ietf.org/html/rfc2136) allowed IPs are managed with authpf(8) i.e. user \"puffy\" first needs to SSH login on the master name server host to authenticate the IP from which they will next update ddns.example.com zone using e.g. nsupdate (`pkg_add isc-bind`) or dnspython (`pkg_add py-dnspython`) on their device (skip if not using dynamic DNS)\n```sh\nuser add -L authpf -G authdns -c \"DDNS user\" -s /sbin/nologin -m puffy\n```\n\nEdit [\"smtpd.conf\"](src/etc/mail/smtpd.conf) and \"secrets\"\n\nEdit pf table [\"msa\"](src/etc/pf.conf.table.msa) to add Message Submission Agent IP(s)\n\nEnjoy\n```sh\ndig example.com any\n```\n\n## Support\n[Issues](https://github.com/vedetta-com/dithematic/issues)\n\n## Contribute\nContributions welcome, [fork](https://github.com/vedetta-com/dithematic/fork)\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvedetta-com%2Fdithematic","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fvedetta-com%2Fdithematic","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvedetta-com%2Fdithematic/lists"}