Platform
ScaiWave ScaiGrid ScaiCore ScaiBot ScaiDrive ScaiKey Models Tools & Services
Solutions
Organisations Developers Internet Service Providers Managed Service Providers AI-in-a-Box
Resources
Support Documentation Blog Downloads
Company
About Research Careers Investment Opportunities Contact
Log in

Overview

ScaiDNS is an authoritative DNS management platform built on PowerDNS. It exposes a stable HTTP API that lets you provision zones, manage DNS records, sign zones with DNSSEC, and delegate fine-grained access to users and groups — with multi-tenant isolation from the first request.

Under the hood ScaiDNS operates as a thin, opinionated layer over PowerDNS: zones created through the API are materialized as PowerDNS zones, records are validated and written to the PowerDNS backend, and DNSSEC signing is delegated to PowerDNS with key management handled by ScaiDNS.

What it gives you#

Zone management, not just record CRUD. Create forward and reverse zones, rename them, import from BIND zone files, export them back, apply reusable templates to bootstrap common patterns (mail records, SPF/DKIM/DMARC, default NS+SOA). Domain validation proves ownership before a zone goes live.

DNSSEC that's not painful. One call to enable DNSSEC. KSK and ZSK are generated, the zone is signed, DS records are surfaced for publication at the registrar. Rotation is a single API call; ScaiDNS tracks key lifetimes and surfaces what to publish where.

Multi-tenancy, from day one. Every zone belongs to a tenant. Tenants, users, and groups are synchronized from ScaiKey — the ScaiLabs identity platform. Permissions scope through platform admin → tenant admin → domain admin → record editor → read only, with access grants for one-off per-domain delegation.

Machine access via API keys. API keys can be scoped to inherit from a user or a group, carry their own rate limit and IP whitelist, and are auditable per-request. Use API keys for CI, infrastructure automation, and service-to-service calls. Use JWTs when a human is in the loop.

Reverse zones that don't make you think in bytes. Give ScaiDNS a CIDR like 10.0.0.0/16, get a preview of the resulting in-addr.arpa zones, and create them with one call. PTR records are managed by IP, not by reversed octets.

Webhook-driven sync. ScaiDNS subscribes to ScaiKey webhooks for partner, tenant, user, and group lifecycle events. User accounts, tenant names, and group memberships stay current without periodic polling.

What it's not#

  • Not a recursive resolver. ScaiDNS is authoritative-only. If you need a caching resolver, use Unbound, BIND, or your platform's stub resolver.
  • Not a registrar. ScaiDNS manages DNS records for domains you already own. Registration, renewal, and transfers happen at your registrar.
  • Not a replacement for PowerDNS. PowerDNS is the data plane. ScaiDNS provides the control plane, permissions, audit, and multi-tenancy on top.

Who it's for#

  • Platforms and MSPs that manage DNS on behalf of multiple customers and need tenant isolation, delegated access, and audit trails.
  • Infrastructure teams building internal DNS-as-a-service who want a REST API instead of Terraform-ing raw PowerDNS.
  • Automation pipelines that need a clean API surface for zone and record management from CI, Terraform providers, or custom operators.

What's next#

Updated 2026-05-17 02:38:18 View source (.md) rev 2