Initial CoreDNS setup as MCNS precursor

Serves two internal zones for the Metacircular platform:
- svc.mcp.metacircular.net (service addresses)
- mcp.metacircular.net (node addresses)

Forwards all other queries to 1.1.1.1 and 8.8.8.8. Includes rift
deployment compose with CoreDNS 1.12.1 and zone files mapping
metacrypt and rift to their LAN and Tailscale addresses.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

CLAUDE.md

@@ -0,0 +1,47 @@
+# CLAUDE.md
+
+## Overview
+
+MCNS precursor — a CoreDNS instance serving internal DNS zones for the
+Metacircular platform until the full MCNS service is built.
+
+## Zones
+
+| Zone | Purpose |
+|------|---------|
+| `svc.mcp.metacircular.net` | Internal service addresses (e.g. `metacrypt.svc.mcp.metacircular.net`) |
+| `mcp.metacircular.net` | Node addresses (e.g. `rift.mcp.metacircular.net`) |
+
+Everything else forwards to 1.1.1.1 and 8.8.8.8.
+
+## Files
+
+- `Corefile` — CoreDNS configuration
+- `zones/` — Zone files (manually maintained until MCP manages them)
+- `deploy/docker/docker-compose-rift.yml` — Docker compose for rift deployment
+
+## Operations
+
+```bash
+# Start
+docker compose -f deploy/docker/docker-compose-rift.yml up -d
+
+# Test resolution
+dig @192.168.88.181 metacrypt.svc.mcp.metacircular.net
+dig @192.168.88.181 rift.mcp.metacircular.net
+
+# After editing zone files, bump the serial and restart
+docker compose -f deploy/docker/docker-compose-rift.yml restart
+```
+
+## Adding a service
+
+1. Add an A record to `zones/svc.mcp.metacircular.net.zone`
+2. Bump the serial number (YYYYMMDDNN format)
+3. Restart CoreDNS
+
+## Adding a node
+
+1. Add an A record to `zones/mcp.metacircular.net.zone`
+2. Bump the serial number
+3. Restart CoreDNS

Corefile

@@ -0,0 +1,20 @@
+# Internal zone for Metacircular service discovery.
+# Authoritative for svc.mcp.metacircular.net and mcp.metacircular.net.
+# Everything else forwards to public resolvers.
+
+svc.mcp.metacircular.net {
+    file /etc/coredns/zones/svc.mcp.metacircular.net.zone
+    log
+}
+
+mcp.metacircular.net {
+    file /etc/coredns/zones/mcp.metacircular.net.zone
+    log
+}
+
+. {
+    forward . 1.1.1.1 8.8.8.8
+    cache 30
+    log
+    errors
+}

deploy/docker/docker-compose-rift.yml

@@ -0,0 +1,23 @@
+# CoreDNS on rift — MCNS precursor.
+#
+# Serves the svc.mcp.metacircular.net and mcp.metacircular.net zones.
+# Forwards everything else to 1.1.1.1 and 8.8.8.8.
+#
+# Usage:
+#   docker compose -f deploy/docker/docker-compose-rift.yml up -d
+#
+# To use as the network's DNS server, point clients or the router at
+# rift's IP (192.168.88.181) on port 53.
+
+services:
+  coredns:
+    image: coredns/coredns:1.12.1
+    container_name: mcns-coredns
+    restart: unless-stopped
+    command: -conf /etc/coredns/Corefile
+    ports:
+      - "53:53/udp"
+      - "53:53/tcp"
+    volumes:
+      - ../../Corefile:/etc/coredns/Corefile:ro
+      - ../../zones:/etc/coredns/zones:ro

zones/mcp.metacircular.net.zone

@@ -0,0 +1,26 @@
+; Node addresses for Metacircular platform.
+; Maps node names to their network addresses.
+;
+; When MCNS is built, these will be managed via the MCNS API.
+; Until then, this file is manually maintained.
+
+$ORIGIN mcp.metacircular.net.
+$TTL 300
+
+@   IN SOA  ns.mcp.metacircular.net. admin.metacircular.net. (
+        2026032501  ; serial (YYYYMMDDNN)
+        3600        ; refresh
+        600         ; retry
+        86400       ; expire
+        300         ; minimum TTL
+    )
+
+    IN NS   ns.mcp.metacircular.net.
+
+; --- Nodes ---
+rift    IN A    192.168.88.181
+rift    IN A    100.95.252.120
+
+; ns record target — points to rift where CoreDNS runs.
+ns      IN A    192.168.88.181
+ns      IN A    100.95.252.120

zones/svc.mcp.metacircular.net.zone

@@ -0,0 +1,22 @@
+; Internal service addresses for Metacircular platform.
+; Maps service names to the node where they currently run.
+;
+; When MCNS is built, MCP will manage these records dynamically.
+; Until then, this file is manually maintained.
+
+$ORIGIN svc.mcp.metacircular.net.
+$TTL 300
+
+@   IN SOA  ns.mcp.metacircular.net. admin.metacircular.net. (
+        2026032501  ; serial (YYYYMMDDNN)
+        3600        ; refresh
+        600         ; retry
+        86400       ; expire
+        300         ; minimum TTL
+    )
+
+    IN NS   ns.mcp.metacircular.net.
+
+; --- Services on rift ---
+metacrypt   IN A    192.168.88.181
+metacrypt   IN A    100.95.252.120