commit 2567d8ab4855d1cf943474b73f1cfeb7d7237a15
Author: Kyle Isom <kyle@imap.cc>
Date:   Wed Mar 25 19:13:02 2026 -0700

    Initial CoreDNS setup as MCNS precursor
    
    Serves two internal zones for the Metacircular platform:
    - svc.mcp.metacircular.net (service addresses)
    - mcp.metacircular.net (node addresses)
    
    Forwards all other queries to 1.1.1.1 and 8.8.8.8. Includes rift
    deployment compose with CoreDNS 1.12.1 and zone files mapping
    metacrypt and rift to their LAN and Tailscale addresses.
    
    Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

diff --git a/CLAUDE.md b/CLAUDE.md
new file mode 100644
index 0000000..8a3504c
--- /dev/null
+++ b/CLAUDE.md
@@ -0,0 +1,47 @@
+# CLAUDE.md
+
+## Overview
+
+MCNS precursor — a CoreDNS instance serving internal DNS zones for the
+Metacircular platform until the full MCNS service is built.
+
+## Zones
+
+| Zone | Purpose |
+|------|---------|
+| `svc.mcp.metacircular.net` | Internal service addresses (e.g. `metacrypt.svc.mcp.metacircular.net`) |
+| `mcp.metacircular.net` | Node addresses (e.g. `rift.mcp.metacircular.net`) |
+
+Everything else forwards to 1.1.1.1 and 8.8.8.8.
+
+## Files
+
+- `Corefile` — CoreDNS configuration
+- `zones/` — Zone files (manually maintained until MCP manages them)
+- `deploy/docker/docker-compose-rift.yml` — Docker compose for rift deployment
+
+## Operations
+
+```bash
+# Start
+docker compose -f deploy/docker/docker-compose-rift.yml up -d
+
+# Test resolution
+dig @192.168.88.181 metacrypt.svc.mcp.metacircular.net
+dig @192.168.88.181 rift.mcp.metacircular.net
+
+# After editing zone files, bump the serial and restart
+docker compose -f deploy/docker/docker-compose-rift.yml restart
+```
+
+## Adding a service
+
+1. Add an A record to `zones/svc.mcp.metacircular.net.zone`
+2. Bump the serial number (YYYYMMDDNN format)
+3. Restart CoreDNS
+
+## Adding a node
+
+1. Add an A record to `zones/mcp.metacircular.net.zone`
+2. Bump the serial number
+3. Restart CoreDNS
diff --git a/Corefile b/Corefile
new file mode 100644
index 0000000..555601c
--- /dev/null
+++ b/Corefile
@@ -0,0 +1,20 @@
+# Internal zone for Metacircular service discovery.
+# Authoritative for svc.mcp.metacircular.net and mcp.metacircular.net.
+# Everything else forwards to public resolvers.
+
+svc.mcp.metacircular.net {
+    file /etc/coredns/zones/svc.mcp.metacircular.net.zone
+    log
+}
+
+mcp.metacircular.net {
+    file /etc/coredns/zones/mcp.metacircular.net.zone
+    log
+}
+
+. {
+    forward . 1.1.1.1 8.8.8.8
+    cache 30
+    log
+    errors
+}
diff --git a/deploy/docker/docker-compose-rift.yml b/deploy/docker/docker-compose-rift.yml
new file mode 100644
index 0000000..13fdc9b
--- /dev/null
+++ b/deploy/docker/docker-compose-rift.yml
@@ -0,0 +1,23 @@
+# CoreDNS on rift — MCNS precursor.
+#
+# Serves the svc.mcp.metacircular.net and mcp.metacircular.net zones.
+# Forwards everything else to 1.1.1.1 and 8.8.8.8.
+#
+# Usage:
+#   docker compose -f deploy/docker/docker-compose-rift.yml up -d
+#
+# To use as the network's DNS server, point clients or the router at
+# rift's IP (192.168.88.181) on port 53.
+
+services:
+  coredns:
+    image: coredns/coredns:1.12.1
+    container_name: mcns-coredns
+    restart: unless-stopped
+    command: -conf /etc/coredns/Corefile
+    ports:
+      - "53:53/udp"
+      - "53:53/tcp"
+    volumes:
+      - ../../Corefile:/etc/coredns/Corefile:ro
+      - ../../zones:/etc/coredns/zones:ro
diff --git a/zones/mcp.metacircular.net.zone b/zones/mcp.metacircular.net.zone
new file mode 100644
index 0000000..216ee94
--- /dev/null
+++ b/zones/mcp.metacircular.net.zone
@@ -0,0 +1,26 @@
+; Node addresses for Metacircular platform.
+; Maps node names to their network addresses.
+;
+; When MCNS is built, these will be managed via the MCNS API.
+; Until then, this file is manually maintained.
+
+$ORIGIN mcp.metacircular.net.
+$TTL 300
+
+@   IN SOA  ns.mcp.metacircular.net. admin.metacircular.net. (
+        2026032501  ; serial (YYYYMMDDNN)
+        3600        ; refresh
+        600         ; retry
+        86400       ; expire
+        300         ; minimum TTL
+    )
+
+    IN NS   ns.mcp.metacircular.net.
+
+; --- Nodes ---
+rift    IN A    192.168.88.181
+rift    IN A    100.95.252.120
+
+; ns record target — points to rift where CoreDNS runs.
+ns      IN A    192.168.88.181
+ns      IN A    100.95.252.120
diff --git a/zones/svc.mcp.metacircular.net.zone b/zones/svc.mcp.metacircular.net.zone
new file mode 100644
index 0000000..81aa570
--- /dev/null
+++ b/zones/svc.mcp.metacircular.net.zone
@@ -0,0 +1,22 @@
+; Internal service addresses for Metacircular platform.
+; Maps service names to the node where they currently run.
+;
+; When MCNS is built, MCP will manage these records dynamically.
+; Until then, this file is manually maintained.
+
+$ORIGIN svc.mcp.metacircular.net.
+$TTL 300
+
+@   IN SOA  ns.mcp.metacircular.net. admin.metacircular.net. (
+        2026032501  ; serial (YYYYMMDDNN)
+        3600        ; refresh
+        600         ; retry
+        86400       ; expire
+        300         ; minimum TTL
+    )
+
+    IN NS   ns.mcp.metacircular.net.
+
+; --- Services on rift ---
+metacrypt   IN A    192.168.88.181
+metacrypt   IN A    100.95.252.120