Skip to content

[roadmap] Runbound as a sovereign public DNS resolver #206

Description

@redlemonbe

Vision

Operate Runbound as an independent, public, encrypted DNS resolver — the long-term
"sovereign" ambition. Be honest about the split: this is ~10 % software / ~90 % trust +
operations + adoption
. This epic tracks only the software + deployment artifacts that are
in scope for this repository; the rest (governance, jurisdiction, CERT/regulator relations,
anycast-infra funding, adoption) is non-code and handled elsewhere/later.

The ladder (do them roughly in order)

  1. Independence — full root-based recursion + QNAME minimisation (feat: full root-based recursive resolution + QNAME minimisation (resolver independence & privacy) #202). A sovereign
    resolver resolves from the root, not via a third-party forwarder (1.1.1.1 / 8.8.8.8).
  2. Public-safe — Response Rate Limiting + anti-amplification (feat: public anti-amplification — DNS Cookies (RFC 7873) + RRL slip/truncate + ANY-minimal (per-IP rate-limit already done) #203). Never expose a
    recursive resolver to the internet without this. Blocks step 3 (open case).
  3. Encrypted public endpoint — DoT/DoH/DoQ deployment + DDR discovery + ACME cert/ACL
    (feat: public encrypted resolver deployment — DoT/DoH/DoQ + DDR discovery + ACME cert/ACL #204). The client-facing "like 1.1.1.1" endpoint. DoT/DoH/DoQ already exist; this is the
    deployment + discovery story.
  4. Scale — anycast multi-PoP, graceful drain, node identity (feat: anycast-ready deployment support — health thresholds, graceful drain, node identity, PROXY protocol #21; anycast Level 1 already
    landed). Where "national reach" actually lives.
  5. Trust — verifiable no-log + transparency (feat: trust & transparency artifacts — verifiable no-log mode + transparency report #205); third-party human audit ([v1.0] Third-party human security audit #170);
    reproducible signed builds ([v1.0] Reproducible build + signed release binaries #171 ✅ done); open-source ✅ (AGPL-3.0). The credibility layer.

Out of scope here (non-code)

Governance / who operates it, jurisdiction & legal, CERT/regulator relationships, anycast
infrastructure funding, adoption. Tracked outside the repo.

Honest framing

"Sovereign / national" is the endgame vision, not the next step. The next concrete barrel is
a small, credible public resolver (steps 1→3) — full recursion, encrypted, RRL-protected,
used by early adopters — hardened operationally before any scale or trust claim. No premature
"nation-grade" marketing: credibility is earned from the verifiable artifacts above and granted
by others, never asserted (per the project's audit-doc conventions).

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions