Authoritative · UDP + TCP · Wildcard · Master/Slave Cluster

Your DNS.
Your Authority.

Onifast DNS is a lightweight, authoritative-only DNS server built into Onifast Panel. Full record management, wildcard support, and built-in master/slave clustering — all managed from the panel UI without touching a zone file.

Get Onifast Panel Explore Clustering
dig — onifast-dns :53
$ dig @ns1.example.com example.com ANY
 
;; ->>HEADER<<- opcode: QUERY, status: NOERROR
;; flags: qr aa rd; QUERY: 1, ANSWER: 4
 
;; ANSWER SECTION:
example.com. 3600 IN NS ns1.example.com.
example.com. 3600 IN NS ns2.example.com.
example.com. 3600 IN A 203.0.113.10
example.com. 3600 IN MX 10 mail.example.com.
 
$ dig @ns1.example.com anything.example.com A
*.example.com. 3600 IN A 203.0.113.10 (wildcard match)
$
UDP+TCP
Dual protocol on :53
6+
Record Types
Wildcard DNS
3modes
Standalone · Master · Slave
0files
No zone files — SQLite only
What's included

A complete authoritative DNS server

No BIND, no zone file headaches. Onifast DNS stores everything in SQLite and exposes a clean panel API for full record management.

UDP + TCP on Port 53
Listens on both UDP and TCP simultaneously. TCP fallback is essential for large DNSSEC responses and zone transfers.
Authoritative-Only
Answers only for zones it manages. Non-authoritative queries receive a proper REFUSED response — no open-resolver risk.
Wildcard DNS (*.domain.com)
Wildcard records match any subdomain not explicitly defined. Falls back to the closest wildcard ancestor automatically.
Proper NXDOMAIN Responses
When a name doesn't exist under a managed zone, returns NXDOMAIN with the authoritative flag set — fully RFC-compliant.
DNS Clustering (Master/Slave)
Built-in master/slave clustering with secret-key authenticated sync. Push zone changes from master to all slave nodes via the panel API.
Auto Zone Initialization
When a domain is added to the panel, Onifast DNS auto-creates NS records (NS1/NS2), root A record, and www A record from server config.
SQLite Zone Storage
All records stored in WAL-mode SQLite (onifast-dns.db). No zone files to manage, no syntax errors, instant updates take effect immediately.
TXT Record Chunking
TXT records longer than 255 bytes are automatically split into multiple chunks per RFC 1035 — critical for SPF, DKIM, and verification tokens.
MX Priority Support
MX records have an explicit priority field separate from the value. Set multiple MX records with different priorities for mail redundancy.
Activity Logging
Every DNS query hit and miss is logged to the Onifast Panel activity log, making it easy to trace resolution paths and debug DNS issues.
Per-Record Owner Tracking
Each record in SQLite carries an owner field. Multi-tenant deployments can track which panel user owns each DNS zone and record.
Built-in DNS Checker
Check DNS propagation for any domain directly from the panel. Verifies A, MX, TXT, and CNAME resolution against external resolvers.
Supported Records

All the record types you need

Managed through the panel UI or REST API — no command-line required.

A
IPv4 address mapping
AAAA
IPv6 address mapping
CNAME
Canonical name alias
MX
Mail exchange (with priority)
TXT
SPF · DKIM · verification tokens
NS
Nameserver delegation
*
Wildcard — any subdomain
Clustering

Built-in Master / Slave DNS Cluster

Run redundant nameservers across multiple servers. Push zone changes from master to all slaves with a single API call.

Master
ns1.example.com
Primary authoritative — reads & writes
  • Serves all DNS queries
  • Zone add / update / delete
  • Push-to-slave via API
  • Secret-key sync auth
sync
HTTPS + secret key
Slave
ns2.example.com
Secondary — read-only replica
  • Receives sync from master
  • Serves queries independently
  • Stays up if master is down
Standalone
Single Server Mode
Default — no cluster needed
  • Zero config, works instantly
  • Upgrade to cluster anytime
Query Resolution

Three-step
resolution logic

Every DNS query goes through a fast, deterministic lookup pipeline that handles wildcards, NXDOMAIN, and refused queries correctly.

  • Step 1 — Local hit: exact name + record type match in SQLite returns authoritative answer
  • Step 2 — Wildcard: walks up the label tree trying *.parent patterns
  • Step 3 — Authority check: if the parent zone is ours → NXDOMAIN; otherwise → REFUSED
  • Thread-safe reads via RWMutex — handles concurrent queries with no lock contention
  • Authoritative flag always set on answers for managed zones
query resolution — onifast-dns 
# Query arrives on UDP/TCP :53
handleDNSQuery(w, r)

# Step 1: exact name lookup
records, exists = findDNSRecords(
  name = "sub.example.com.",
  type = "A"
)
→ check exact, exact., exact (no dot)
→ found? → reply NOERROR aa

# Step 2: wildcard fallback
→ try *.example.com  (parent zone)
→ found? → reply with matched name

# Step 3: NXDOMAIN vs REFUSED
→ is example.com in our zones?
   yes → reply NXDOMAIN aa
   no  → reply REFUSED

# All hits logged to panel activity log
panel API — DNS management 
# Initialize a zone (auto NS + A + www)
POST /api/dns/init
{ "domain": "example.com" }

# Add a record
POST /api/dns/add
{
  "name":     "mail.example.com",
  "type":     "MX",
  "value":    "mail.example.com",
  "priority": 10,
  "ttl":      3600
}

# List all records for a domain
GET /api/dns/records?domain=example.com

# Push zone changes to slave nodes
POST /api/dns/push-to-master

# Reset a zone (delete all records)
POST /api/dns/reset-zone
{ "domain": "example.com" }

# Check DNS propagation externally
GET /api/dns-checker?domain=example.com
Panel API

Full REST API,
no zone files

Every DNS action — create, read, update, delete, cluster sync — is available via the Onifast Panel REST API.

  • Zone init auto-creates NS, A, and www records from server config
  • Add, update, delete individual records without downtime
  • Push-to-master syncs all zone data to configured slave nodes
  • Cluster test endpoint verifies slave connectivity before sync
  • DNS Checker validates propagation across external resolvers
  • Internal cluster-sync endpoint receives pushes from master

Own your DNS.
No third-party required.

Get Onifast Panel and run your own authoritative DNS server in minutes.

Get Onifast Panel Onifast.com