DNS and Network Services
DNS and Network Services
When you connect to the Torus via WireGuard, your device automatically receives DNS configuration. Internal hostnames resolve without any extra setup — just connect and start using them.
How DNS Works on the Torus
Your WireGuard config includes a DNS server that handles:
.ring.nekotopia.iohostnames — internal services and user-registered names- Standard DNS — all other queries are forwarded to public resolvers (Cloudflare/Google)
The DNS server runs on every hub, so resolution works regardless of which region you're connected to. Hostnames registered by users and infrastructure services are visible across the entire mesh.
Testing DNS
After connecting, verify DNS is working:
# From your terminal
nslookup browse.ring.nekotopia.io
ping gateway.ring.nekotopia.io
If DNS doesn't resolve, check that your WireGuard client is using the DNS server from the config (not your ISP's DNS).
Platform Services
These services are available to all connected Torus members at any tier:
| Service | Address | Description |
|---|---|---|
| Browservice | http://browse.ring.nekotopia.io:8088/ | Retro browser proxy — renders modern websites for vintage browsers (Netscape, IE3, Mosaic). See Browservice wiki page for details. |
| Echo Service | echo.ring.nekotopia.io |
Network diagnostic — echoes back your connection info. Useful for verifying connectivity. See Echo Service wiki page. |
| sgai | https://sgai.nekotopia.io | AI-powered knowledge base for SGI IRIX and classic UNIX documentation. |
| CML | https://cml.nekotopia.io | Cisco Modeling Labs — network simulation and virtual lab environment. |
| EVE-NG | https://eve.nekotopia.io | Emulated virtual environment for network and security training. |
| Lab Camera | Live Feed | Live camera feed from the Neko-HQ home lab. |
Internal DNS Hostnames
These hostnames resolve automatically when connected:
| Hostname | What It Is |
|---|---|
browse.ring.nekotopia.io |
Browservice retro proxy (port 8088) |
echo.ring.nekotopia.io |
Echo service for connectivity testing |
jump.ring.nekotopia.io |
SSH jump host |
gateway.ring.nekotopia.io |
Your hub's WireGuard gateway (ping test target) |
docker.ring.nekotopia.io |
Infrastructure host (platform services) |
app.ring.nekotopia.io |
Application server |
proxy.ring.nekotopia.io |
nginx reverse proxy |
*.ring.nekotopia.io |
User-created hostnames (via DNS Manager on the dashboard) |
Registering Your Own Hostname
You can register custom DNS names that point to your WireGuard IP:
- Go to your Dashboard → DNS Manager
- Add a hostname (e.g.,
myserver) - It becomes reachable as
myserver.ring.nekotopia.ioacross the mesh
Other Torus members can resolve and reach your hostname as long as your WireGuard tunnel is up.
Publishing Services to the Directory
If you're running a service you want other members to discover:
- Go to your Dashboard → Hosted Services
- Click + Add Service and fill in the name, FQDN, and description
- Your service appears in the Network Directory for all members
You can also browse what other members have published in the Network Directory section of your dashboard.
Router / Edge Device DNS
If you're using a MikroTik or other router as your Torus edge device, DNS queries from devices behind the router will be forwarded through the WireGuard tunnel to the Torus DNS server. This means all devices on your LAN can resolve .ring.nekotopia.io hostnames without any client-side configuration.
For MikroTik, the WireGuard setup typically configures the hub gateway as a DNS upstream:
/ip dns set servers=10.254.100.1,1.1.1.1
This sends .ring.nekotopia.io queries through the tunnel while falling back to public DNS for everything else.
Troubleshooting
DNS not resolving
- Verify WireGuard is connected (check handshake timestamp)
- Check your client's DNS setting matches the config file
- Some clients (especially mobile) ignore the DNS field — try setting it manually
- On macOS, you may need to flush the DNS cache:
sudo dscacheutil -flushcache
Can't reach a service
- Confirm the service is online (check the Network Directory for status)
- Try the IP directly (e.g.,
http://10.255.9.241:8088/for Browservice) - Check that your firewall isn't blocking outbound to the mesh subnet (
10.254.0.0/16,10.255.0.0/16)
Hostname I registered isn't visible to others
- DNS changes sync within 30 seconds
- Verify the entry exists in your DNS Manager
- Other users may need to flush their local DNS cache