# Native DNS for NFDs ## Introduction With the release of DNS support in NFD on Algorand, you can now bind globally-resolvable DNS records to your .algo name—served directly from the Algorand blockchain. Through integration with the `.algo.xyz` TLD, names like `somedapp.algo` become `somedapp.algo.xyz`—and can be accessed via any DNS client, browser, or application worldwide. **Your NFD becomes a real, working domain:** * `patrick.algo.xyz` - accessible via standard DNS This means you can point your NFD to a website, receive email, configure SSL certificates, and more—all with records you control on-chain. This creates a true **Web3 DNS system** using **native DNS protocol standards**, while retaining: * On-chain data control * Self-custodial ownership * Trustless resolution *** ## How It Works ``` 1. You configure DNS records in your NFD (stored on Algorand blockchain) ↓ 2. The NFD DNS service reads your on-chain data ↓ 3. Standard DNS queries resolve your NFD as a normal domain ``` When someone queries `patrick.algo.xyz`, the NFD DNS service fetches your records from the blockchain and returns a standard DNS response. No special software needed—it just works with any browser or application. *** ## Background: DNS and RR Types DNS (Domain Name System) maps human-readable names to machine-usable data using **resource records (RRs)**. Common RR types include: | Type | Purpose | | ------- | ---------------------------------------------- | | `A` | IPv4 address of a host | | `AAAA` | IPv6 address | | `TXT` | Free-form text (often used for verification) | | `MX` | Mail server settings | | `CNAME` | Canonical alias (points one domain to another) | | `SRV` | Advanced service routing | | `CAA` | Certification authority authorization | Traditionally, these records are stored and managed via centralized registrars or DNS providers. In contrast, NFDs allow **you** to define these records on-chain. *** ## Architecture ### Storage Each NFD stores its DNS records in a `dns` property—structured JSON stored on-chain inside its associated Algorand smart contract. This property is: * Versioned (requires NFD v3+) * User-editable via the NFD Manager * Strictly owned/controlled by the NFD's controlling account ### Ownership & Security Ownership of DNS records is cryptographically enforced by the Algorand blockchain: * You can use single-signature wallets, multisig accounts, or smart contract wallets to own NFDs. * No third-party registrar required. * Record changes are signed transactions. This enables advanced workflows like: * Smart contracts updating DNS records automatically. * DAOs owning service domains like `community.algo`. * Multisig-controlled dApp endpoints (e.g., `swap.algo.xyz`). *** ## DNS Record Format DNS records are stored as JSON in your NFD. Each record has these fields: | Field | Required | Description | | -------- | -------- | -------------------------------------------------- | | `name` | Yes | Where the record applies (use `@` for your domain) | | `type` | Yes | Record type: A, AAAA, CNAME, MX, TXT, SRV, CAA | | `rrData` | Yes | Array of record values | | `ttl` | No | Cache time in seconds (default: 300) | ### Name Field * `@` — Your domain itself (e.g., `patrick.algo.xyz`) * `www` — A subdomain (becomes `www.patrick.algo.xyz`) * `mail` — Another subdomain (becomes `mail.patrick.algo.xyz`) * `grafana` — A subdomain (becomes `grafana.patrick.algo.xyz`) * `_dmarc` — Special subdomain for DMARC records ### TTL (Time to Live) * **Minimum:** 60 seconds * **Maximum:** 86,400 seconds (24 hours) * **Default:** 300 seconds (5 minutes) Lower TTL = faster updates, but more DNS queries. Higher TTL = better caching, but slower propagation of changes. *** ## Managing DNS Records in Your NFD ### Editing via UI To add or modify DNS records: 1. Open the NFD Manager and select an NFD (version 3+). 2. Click **DNS Editor**. 3. Use "Add DNS Record": * **Type**: Choose one of the supported types (`A`, `AAAA`, `TXT`, etc.) * **Name**: Use `@` to represent the root of the NFD (e.g. `patrick.algo`) * **TTL**: Set time-to-live in seconds * **Value**: A string or list, depending on type (e.g. multiple IPs for an `A` record) *** ## How `.algo.xyz` Resolution Works The `.algo.xyz` TLD is backed by [**nfd-coredns**](https://github.com/TxnLab/nfd-coredns), an open-source [CoreDNS](https://coredns.io/) plugin that resolves DNS queries for Algorand NFDs by reading on-chain data directly from the blockchain. When a DNS query arrives for a domain like `patrick.algo.xyz`, the plugin: * Strips the `.xyz` suffix * Checks a local cache for previously fetched records * Queries the Algorand blockchain if needed * Converts on-chain JSON data to standard DNS resource records * Returns the response as a normal DNS reply The resolver supports all NFD DNS record types (A, AAAA, CNAME, MX, TXT, SRV, CAA, NS, SOA, CERT) and honors TTL values. ### Run Your Own Resolver Anyone can run their own NFD DNS resolver using the Docker image: ```bash docker pull txnlab/nfd-dns:latest ``` See the [nfd-coredns GitHub repository](https://github.com/TxnLab/nfd-coredns) for configuration details and setup instructions. ### Live Resolvers * `algo.xyz` zone is currently served by: * [TxnLab Resolver](https://txnlab.dev) * [Nodely Resolver](https://nodely.io) *** ## Subdomain and Delegation Model Unlike traditional DNS, the NFD subdomain model **preserves segment ownership**: * `foo.bar.algo.xyz` first checks for `foo.bar.algo` as its own NFD. * If not found, it checks for a `foo` entry inside the `bar.algo` record set. * **But**: This fallback only applies if both `foo.bar.algo` and `bar.algo` are owned by the **same Algorand account**. This prevents parent domains from hijacking subdomain content they do not own. > Example: > > * `testing.testing.root.algo` may be a separate NFD. > * If it doesn't exist, and `root.algo` has a `testing.testing` DNS record, that's used—but only if ownership matches. *** ## Bluesky Integration If you've verified your Bluesky account with your NFD, a TXT record for `_atproto` is **automatically added**. You don't need to configure this manually. The system creates: ``` _atproto.patrick.algo.xyz. TXT "did=did:plc:abc123..." ``` This enables your NFD to serve as your Bluesky handle. *** ## Limitations 1. **Segment depth**: Maximum of 3 labels after your NFD name (e.g., `a.b.c.patrick.algo` is the limit) 2. **No NS records for subdomains**: Your NFD subdomains are not delegated zones. NS records only work at the zone apex (`algo.xyz` itself). 3. **Record types**: The following types are supported: A, AAAA, CNAME, MX, TXT, SRV, CAA, NS, SOA, CERT 4. **Expiration**: If your NFD registration expires, DNS records will return a default placeholder until renewed. *** ## Benefits Summary | Feature | Traditional DNS | NFD DNS | | --------------------------- | --------------- | ------- | | Registrar Required | Yes | No | | On-chain ownership | No | Yes | | Smart contract control | No | Yes | | Multisig/domain DAO control | No | Yes | | Trustless resolution | No | Yes | | Global compatibility | Yes | Yes | *** ## Next Steps * [DNS Record Types](/platform/manage/native-dns-for-nfds/dns-record-types.md) — Complete reference for all supported record types with examples * [Testing & Troubleshooting](/platform/manage/native-dns-for-nfds/testing-and-troubleshooting.md) — Verify your DNS configuration and debug common issues *** ## Conclusion The `.algo.xyz` DNS bridge transforms your Algorand NFD into a global, resolvable domain using native internet infrastructure. This is a powerful blend of decentralization, security, and real-world interoperability—and it's available now. **Your domain. Your keys. Your records.** Accessible from anywhere. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.nf.domains/platform/manage/native-dns-for-nfds.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.