This is a DNS server library which includes authentication (TSIG), dynamic updates (NSUPDATE), and notifications (DNSNOTIFY). I use it since several weeks in production as MirageOS unikernel (both primary and secondary). It interoperates fine with ISC bind. By careful design, the authentication data (shared symmetric secret keys) is part of the DNS trie, and thus dynamically updatable – furthermore, this allows for a nearly zero-configuration unikernel (the only required boot parameter is the root key to initiate updates!). See the examples in the repository (hidden under
mirage/examples) for details.
The main data structure is a Map, which key are resource record types, and its values are collections of resource records. My implementation uses GADT for tighter types!