Ryan Malloy 3d47d67e89 coredns: production port defaults (5353 plain DNS, 8081 health) ...

Deployed to dell01.mer.idahomuellers.net with firewall NAT'ing
public requests in to host:5353/tcp+udp.

Port changes baked in as new defaults so future hosts inherit them:
- DNS_PORT: 1053 -> 5353 (dev was 1053 because avahi-daemon owns
  5353 on Arch desktops; production hosts typically don't run avahi
  and 5353 is the conventional non-privileged DNS port — mDNS uses
  multicast 224.0.0.251:5353 which never conflicts with a unicast bind)
- HEALTH_PORT: 8080 -> 8081 (8080 collided with a python3 service
  on dell01; 8081 is less commonly contested)

2026-05-16 13:59:33 -06:00

caddy

coredns: production Let's Encrypt cert via Caddy sidecar (DNS-01 + Vultr)

2026-05-14 01:34:57 -06:00

scripts

coredns: DoT (:853) + DoH (:443) listeners with self-signed cert

2026-05-14 01:12:25 -06:00

zones

coredns: docker compose stack with Vultr zone import

2026-05-12 01:51:09 -06:00

.env

coredns: production port defaults (5353 plain DNS, 8081 health)

2026-05-16 13:59:33 -06:00

.gitignore

coredns: production Let's Encrypt cert via Caddy sidecar (DNS-01 + Vultr)

2026-05-14 01:34:57 -06:00

Corefile

coredns: DoT (:853) + DoH (:443) listeners with self-signed cert

2026-05-14 01:12:25 -06:00

docker-compose.yml

coredns: production Let's Encrypt cert via Caddy sidecar (DNS-01 + Vultr)

2026-05-14 01:34:57 -06:00

Makefile

coredns: production Let's Encrypt cert via Caddy sidecar (DNS-01 + Vultr)

2026-05-14 01:34:57 -06:00

Description

Hidden-primary DNS for ~91 zones: CoreDNS + custom rfc2136 plugin for self-hosted ACME DNS-01. Source of truth for zones/, Corefile, deploy configs.

172 KiB

Languages

Shell 49.7%

Makefile 21.5%

Python 16.6%

Dockerfile 12.2%