TitaniumGuard
DNS Zone Hosting | Docs | TitaniumGuard

DNS Zone Hosting

Hosting Authoritative Zones via Config File

TitaniumGuard DNS can serve authoritative zones directly from the zones section in the DNS config file.

Resolution behavior:

  • Query name matches a configured zone: served authoritatively (AA=true)
  • Query name does not match any configured zone: resolved recursively using upstream resolvers/root hints

Minimal zone example

{
  "listen_addr": "0.0.0.0:8080",
  "resolvers": ["1.1.1.1", "8.8.8.8"],
  "zones": [
    {
      "name": "corp.internal.",
      "soa": {
        "mname": "ns1.corp.internal.",
        "rname": "dns-admin.corp.internal.",
        "serial": 2026030201,
        "refresh": 3600,
        "retry": 600,
        "expire": 1209600,
        "minimum": 300,
        "ttl": 3600
      },
      "records": {
        "@": {
          "NS": { "ttl": 3600, "values": ["ns1.corp.internal."] },
          "A": { "ttl": 300, "values": ["10.10.0.53"] },
          "AAAA": { "ttl": 300, "values": ["fd00::53"] },
          "TXT": { "ttl": 300, "values": ["corp authoritative dns"] }
        },
        "api": {
          "A": { "ttl": 300, "values": ["10.10.1.10"] }
        },
        "_sip._tcp": {
          "SRV": { "ttl": 300, "values": ["10 5 5060 sip.corp.internal."] }
        }
      }
    }
  ]
}

zones model

  • name: zone apex (typically trailing dot), for example corp.internal.
  • soa: SOA metadata for the zone
  • records: map of owner name -> record type -> rrset

RRset shape:

  • ttl: TTL in seconds
  • values: one or more values for the record type

Owner name rules

  • @ or empty string: points to the zone apex
  • Absolute owner (ends with '.'): used as-is
  • Relative owner (api, _sip._tcp): expanded under zone apex

Examples for zone corp.internal.:

  • @ -> corp.internal.
  • api -> api.corp.internal.
  • _sip._tcp -> _sip._tcp.corp.internal.

Supported record types

  • SOA (configured via zones[].soa)
  • NS
  • A
  • AAAA
  • TXT
  • SRV

Value format notes

  • A: IPv4 address string (example: 10.10.1.10)
  • AAAA: IPv6 address string (example: fd00::53)
  • NS: nameserver FQDN
  • TXT: plain string payload
  • SRV: "<priority> <weight> <port> <host>" (exactly four space-separated fields)

Operational notes

  • The DNS service watches the config path and reloads on change.
  • If a config update is invalid, the previous in-memory config remains active.
  • For production, keep soa.serial monotonic when changing zone data.