Native DNS for NFDs

Introduction

With the release of DNS support in NFD on Algorand, you can now bind globally-resolvable DNS records to your .algo name—served directly from the Algorand blockchain. Through integration with the .algo.xyz TLD, names like somedapp.algo become somedapp.algo.xyz—and can be accessed via any DNS client, browser, or application worldwide.

Your NFD becomes a real, working domain:

• patrick.algo.xyz - accessible via standard DNS

This means you can point your NFD to a website, receive email, configure SSL certificates, and more—all with records you control on-chain.

This creates a true Web3 DNS system using native DNS protocol standards, while retaining:

• On-chain data control

• Self-custodial ownership

• Trustless resolution

How It Works

1. You configure DNS records in your NFD (stored on Algorand blockchain)
        ↓
2. The NFD DNS service reads your on-chain data
        ↓
3. Standard DNS queries resolve your NFD as a normal domain

When someone queries patrick.algo.xyz, the NFD DNS service fetches your records from the blockchain and returns a standard DNS response. No special software needed—it just works with any browser or application.

Background: DNS and RR Types

DNS (Domain Name System) maps human-readable names to machine-usable data using resource records (RRs). Common RR types include:

Traditionally, these records are stored and managed via centralized registrars or DNS providers. In contrast, NFDs allow you to define these records on-chain.

Architecture

Storage

Each NFD stores its DNS records in a dns property—structured JSON stored on-chain inside its associated Algorand smart contract. This property is:

• Versioned (requires NFD v3+)

• User-editable via the NFD Manager

• Strictly owned/controlled by the NFD's controlling account

Ownership & Security

Ownership of DNS records is cryptographically enforced by the Algorand blockchain:

• You can use single-signature wallets, multisig accounts, or smart contract wallets to own NFDs.

• No third-party registrar required.

• Record changes are signed transactions.

This enables advanced workflows like:

• Smart contracts updating DNS records automatically.

• DAOs owning service domains like community.algo.

• Multisig-controlled dApp endpoints (e.g., swap.algo.xyz).

DNS Record Format

DNS records are stored as JSON in your NFD. Each record has these fields:

Name Field

• @ — Your domain itself (e.g., patrick.algo.xyz)

• www — A subdomain (becomes www.patrick.algo.xyz)

• mail — Another subdomain (becomes mail.patrick.algo.xyz)

• grafana — A subdomain (becomes grafana.patrick.algo.xyz)

• _dmarc — Special subdomain for DMARC records

TTL (Time to Live)

• Minimum: 60 seconds

• Maximum: 86,400 seconds (24 hours)

• Default: 300 seconds (5 minutes)

Lower TTL = faster updates, but more DNS queries. Higher TTL = better caching, but slower propagation of changes.

Managing DNS Records in Your NFD

Editing via UI

To add or modify DNS records:

1. Open the NFD Manager and select an NFD (version 3+).

2. Click DNS Editor.

3. Use "Add DNS Record":

   • Type: Choose one of the supported types (A, AAAA, TXT, etc.)

   • Name: Use @ to represent the root of the NFD (e.g. patrick.algo)

   • TTL: Set time-to-live in seconds

   • Value: A string or list, depending on type (e.g. multiple IPs for an A record)

How .algo.xyz Resolution Works

The .algo.xyz TLD is backed by open-source DNS resolvers built to query Algorand's blockchain directly. These resolvers handle the .algo.xyz zone with custom logic to:

• Resolve NFD names to DNS records from on-chain state

• Cache responses locally, honoring TTLs

• Provide standard DNS responses to any client

Live Resolvers

• algo.xyz zone is served by:

  • TxnLab Resolver

  • Nodely Resolver

Subdomain and Delegation Model

Unlike traditional DNS, the NFD subdomain model preserves segment ownership:

• foo.bar.algo.xyz first checks for foo.bar.algo as its own NFD.

• If not found, it checks for a foo entry inside the bar.algo record set.

• But: This fallback only applies if both foo.bar.algo and bar.algo are owned by the same Algorand account.

This prevents parent domains from hijacking subdomain content they do not own.

Example:

• testing.testing.root.algo may be a separate NFD.

• If it doesn't exist, and root.algo has a testing.testing DNS record, that's used—but only if ownership matches.

Bluesky Integration

If you've verified your Bluesky account with your NFD, a TXT record for _atproto is automatically added. You don't need to configure this manually.

The system creates:

This enables your NFD to serve as your Bluesky handle.

Limitations

1. Segment depth: Maximum of 3 labels after your NFD name (e.g., a.b.c.patrick.algo is the limit)

2. No NS records for subdomains: Your NFD subdomains are not delegated zones. NS records only work at the zone apex (algo.xyz itself).

3. Record types: The following types are supported: A, AAAA, CNAME, MX, TXT, SRV, CAA, NS, SOA, CERT

4. Expiration: If your NFD registration expires, DNS records will return a default placeholder until renewed.

Benefits Summary

Next Steps

• DNS Record Types — Complete reference for all supported record types with examples

• Testing & Troubleshooting — Verify your DNS configuration and debug common issues

Conclusion

The .algo.xyz DNS bridge transforms your Algorand NFD into a global, resolvable domain using native internet infrastructure. This is a powerful blend of decentralization, security, and real-world interoperability—and it's available now.

Your domain. Your keys. Your records. Accessible from anywhere.