Mist - Deep Dive

Mist operates a local authoritative DNS server for the land.playform.cloud zone, ensuring all private network communication stays on loopback and preventing sidecars from reaching unauthorized external hosts.

Architecture 🚀

Built on Hickory DNS. Two zones: an authoritative land.playform.cloud zone and a restricted forward allowlist.

Modules

|| Path | || ------------------------------------------------------------------------------ | | Source/lib.rs - Public API: start(port), dns_port(), LandDnsResolver | | Source/server.rs - Hickory UDP + TCP listeners, catalog wiring | | Source/zone.rs - land.playform.cloud zone: SOA, A records, wildcard resolution | | Source/resolver.rs - DNS client pointed at the local server for consumer use | | Source/forward_security.rs - Forward allowlist enforcement |

Configuration ⚙️

Parameter	Value
Preferred port	`5380` (fallback via portpicker)
Bind address	`127.0.0.1` (loopback only)
Authoritative zone	`land.playform.cloud` - all subdomains resolve to `127.0.0.1`
Forward allowlist	`update.land.playform.cloud` only domain resolvable externally
DNSSEC	ECDSA P-256 zone signing
Transport	UDP + TCP

Startup Sequence 🏁

Mountain calls Mist::start(5380) during initialization
Mist binds to port; portpicker selects alternative if unavailable
Bound port stored in Mountain’s DnsPort managed Tauri state
Mountain passes port to Air, SideCar, and Cocoon for DNS client configuration

Resolution Flow 🔍

For api.land.playform.cloud: query resolves to 127.0.0.1 (authoritative, with RRSIG). For external domains not in allowlist: query returns REFUSED.

Integration Points 🔗

Element	Direction	Mechanism
Mountain	Consumer	`Mist::start()` Rust API, stores port in DnsPort state
Air	Consumer	`LandDnsResolver` for HTTP client DNS override
SideCar	Consumer	Environment variable passed to Node.js processes
Cocoon	Consumer	Resolves `cocoon.land.playform.cloud` and gRPC addresses through Mist