Research Findings

Landscape

• CoreDNS is the most mature Go DNS server but lacks official SQLite support; community plugins exist but are unmaintained.


• `miekg/dns` is a robust Go library for building DNS servers; many production tools are based on it.


• Non‑Go servers (NSD, Knot, PowerDNS) are high‑performance but don’t meet the Go requirement.


• Custom server approach yields the cleanest fit for constraints (Go + SQLite + MCP) with moderate development effort.

Architecture

• In‑memory zone maps provide excellent query performance; reload via atomic swap after SQLite update.


• MCP tools should be idempotent and return structured JSON results.


• Security can rely on stdio isolation and optional token; SQLite file should be `0660` owned by `dnsmgr`.


• Systemd deployment with capability `CAP_NET_BIND_SERVICE` or root‑owned binary can bind to port 53.

Implementation Outline

• SQLite schema: `zones(name, ttl)` and `records(zone_id, name, rtype, value, ttl)`.


• DNS server uses `miekg/dns` to handle UDP/TCP, routing, and response generation.


• MCP server (embedded or external) exposes tools: `dns.add_zone`, `dns.delete_zone`, `dns.add_record`, `dns.delete_record`, `dns.list_zones`, `dns.list_records`, `dns.reload_zone`, `dns.get_stats`, `dns.check_zone`.


• Reload strategy: after SQLite write, send signal or call internal reload to swap in‑memory zone maps.


• Tests: unit tests for zone parsing, query routing; integration test for MCP tools.

Alternatives Explored

• CoreDNS with custom `sqlite` plugin and external MCP control server; Pros: access to CoreDNS plugins; Cons: more complex build and reload.


• PowerDNS with SQLite backend (gsqlite) but not Go; rejected.


• NSD with zone file updates; not Go and no SQLite.

Effort Estimate

• MVP (custom server): 2–3 weeks for a Go developer.


• CoreDNS plugin + MCP control: 3–4 weeks due to learning CoreDNS internals.

Risks

• DNSSEC not in MVP; if needed later, `miekg/dns` supports it but adds complexity.


• Concurrency: in‑memory map must be protected by RWMutex; high write rates could cause contention (unlikely for typical VPS usage).


• Zone transfers (AXFR/IXFR) not needed initially; can be added if secondary DNS required.