DNS records from Nostr events. No registrar lock-in. Self-sovereign domains.
NoDNS is a protocol that resolves DNS records from Nostr events. Instead of registering domains through a traditional registrar and configuring DNS through a control panel, you publish cryptographically-signed events to Nostr relays. A NoDNS-compatible nameserver reads these events and serves them as standard DNS responses.
Your npub (Nostr public key) is your domain. No registration, no fees, no approval. Generate a keypair and publish your records.
This is a live record from a real kind 11111 event published on Nostr:
$ dig npub1ykal2phgzf6ljmql6l8khmf0ekf6ny0582r89m00j9vjt8qezhjqqpa3dl.nodns.shop A
;; ANSWER SECTION:
npub1ykal2...pa3dl.nodns.shop. 300 IN A 193.99.144.80That record came from this Nostr user's kind 11111 event. They published their DNS records to Nostr relays. Our nameserver picked them up and serves them via standard DNS. Try it in your terminal.
1. You publish a kind 11111 Nostr event with your DNS records:
{ "kind": 11111, "tags": [
["record", "A", "@", "193.99.144.80", "", ...],
["record", "CNAME", "www", "heise.de", "", ...]
] }
2. Our bot subscribes to Nostr relays and receives your event in seconds.
3. Bot sends a DDNS update to Knot DNS (authoritative nameserver).
4. Your domain resolves globally via standard DNS.
npub1{yourkey}.nodns.shop → your IP addressYour npub is your domain. Publish an event, it resolves. No accounts, no billing, no lock-in.
Every record is signed with your Nostr keypair. Events are verifiable by anyone. No certificate authorities needed.
Resolves via normal DNS. Works with every browser, every tool, every language. No special software needed on the client side.
Records propagate in ~3-5 seconds from Nostr event to global DNS resolution. TTL of 5 minutes; negative cache of 60 seconds.
Nostr Relays nodns-bot Knot DNS
┌──────────────┐ ┌──────────┐ ┌──────────────┐
│ relay.damus │──WebSocket──▶│ │──DDNS────▶│ │─── Internet
│ nostr.band │─────────────▶│ validate │ UPDATE │ nodns.shop │
│ nos.lol │─────────────▶│ parse │ (TSIG) │ zone │
│ nostr.wine │─────────────▶│ push │ │ DNSSEC │
└──────────────┘ └──────────┘ └──────┬───────┘
│ NOTIFY
▼
┌──────────────┐
│ puck.nether │
│ (secondary) │
└──────────────┘The bot does NOT run a DNS server. It's a bridge: Nostr events in, DDNS updates out. Knot DNS handles all DNS serving, DNSSEC signing, zone transfers, and NOTIFY to secondaries. It uses Read-Copy-Update (RCU) for lock-free zone updates — zero query interruption during changes.
The nodns-bot is a Go daemon that automates the entire pipeline. Currently updates are manual while we finalize the implementation.
NoDNS uses kind 11111 Nostr events with a fixed tag format:
// Legacy format (11 elements, currently in use):
["record", "TYPE", "name", "rdata", "", "", "", "", "", "", "ttl"]
// Examples:
["record", "A", "@", "193.99.144.80", "", "", "", "", "", "", "3600"]
["record", "CNAME", "www", "example.com", "", "", "", "", "", "", "3600"]
["record", "MX", "@", "10", "mail.example.com", "", "", "", "", "", "3600"]
// New format (5 elements, zone-file style):
["record", "A", "@", "3600", "193.99.144.80"]The protocol also defines kind 30003 for TLS certificate distribution and kind 5 for record deletion. Full spec: relay.ngit.dev (repos: nodns-protocol-spec and no-dns).
ns1.nodns.shop
46.224.104.12
Knot DNS 3.3.4
Hetzner, Finland
puck.nether.net
204.42.254.5
Southfield, MI, USA
Free AXFR secondary