Rust DNS server with policy controls, Prometheus metrics, and an MCP endpoint
▲ 3 r/dns+3 crossposts

Rust DNS server with policy controls, Prometheus metrics, and an MCP endpoint

I’ve been working on TitaniumGuard DNS, an open-source Rust DNS server focused on operational control rather than being just a toy resolver.

It currently supports:

- DNS over UDP and TCP

- Optional DoT, DoH, DoQ, and DoH3 builds

- Authoritative zones for internal DNS

- Recursive resolution gated by trusted client CIDRs

- Policy enforcement across authoritative, cache, and recursive paths

- Memory or Redis-backed DNS caching

- Audit logging

- /live, /ready, and /metrics endpoints

- Prometheus-formatted metrics

- Docker

- A local-only MCP endpoint for status, metrics, zones, config summaries, and perform controlled DNS resolution through the same policy path

The MCP part is intentionally loopback-only right now. If someone wants to use it on a cloud host, the intended setup is SSH/VPN/proxy into the local MCP listener, not exposing it directly to the internet.

The project is still early, but the goal is to make DNS operations easier to reason about: explicit recursion authorization, policy-aware responses, scrapeable health/metrics, and container-friendly deployment.

I’m looking for feedback from folks who operate DNS infrastructure or write network services in Rust

github.com
u/munukutla — 2 days ago