Kyle Isom
871b1fb8f4
Record mutations (create, update, delete) no longer require admin role. Authorization rules: - admin: full access (unchanged) - system mcp-agent: create/delete any record - system account α: create/delete records named α only - human users: read-only (unchanged) Zone mutations remain admin-only. Both REST and gRPC paths enforce the same rules. Update checks authorization against both old and new names. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
MCNS
Metacircular Networking Service -- an authoritative DNS server for the Metacircular platform. MCNS serves DNS zones backed by SQLite, forwards non-authoritative queries to upstream resolvers, and exposes a gRPC and REST management API authenticated through MCIAS. Records are updated dynamically via the API and visible to DNS immediately on commit.
Quick Start
Build the binary:
make mcns
Copy and edit the example configuration:
cp deploy/examples/mcns.toml /srv/mcns/mcns.toml
# Edit TLS paths, database path, MCIAS URL, upstream resolvers
Run the server:
./mcns server --config /srv/mcns/mcns.toml
The server starts three listeners:
| Port | Protocol | Purpose |
|---|---|---|
| 53 | UDP + TCP | DNS (no auth) |
| 8443 | TCP | REST management API (TLS, MCIAS auth) |
| 9443 | TCP | gRPC management API (TLS, MCIAS auth) |
Documentation
- ARCHITECTURE.md -- full technical specification, database schema, API surface, and security model.
- RUNBOOK.md -- operational procedures and incident response for operators.
- CLAUDE.md -- context for AI-assisted development.