
Rust DNS server with policy controls, Prometheus metrics, and an MCP endpoint
I’ve been working on TitaniumGuard DNS, an open-source Rust DNS server focused on operational control rather than being just a toy resolver.
It currently supports:
- DNS over UDP and TCP
- Optional DoT, DoH, DoQ, and DoH3 builds
- Authoritative zones for internal DNS
- Recursive resolution gated by trusted client CIDRs
- Policy enforcement across authoritative, cache, and recursive paths
- Memory or Redis-backed DNS caching
- Audit logging
- /live, /ready, and /metrics endpoints
- Prometheus-formatted metrics
- Docker
- A local-only MCP endpoint for status, metrics, zones, config summaries, and perform controlled DNS resolution through the same policy path
The MCP part is intentionally loopback-only right now. If someone wants to use it on a cloud host, the intended setup is SSH/VPN/proxy into the local MCP listener, not exposing it directly to the internet.
The project is still early, but the goal is to make DNS operations easier to reason about: explicit recursion authorization, policy-aware responses, scrapeable health/metrics, and container-friendly deployment.
I’m looking for feedback from folks who operate DNS infrastructure or write network services in Rust