hypd is an implementation of a DNS Hybrid Proxy. The DNS Hybrid Proxy is specified in an Internet Draft standardized in the DNS-SD Working Group of the IETF.

The draft specification can be found here: https://tools.ietf.org/html/draft-ietf-dnssd-hybrid-03.

hypd was written in a highly scalable way for embedded devices such as switches and routers. It is available to license both exclusively and non-exclusively. Please contact Tom Pusateri for more information.


To install on Ubuntu 14.04 LTS (Trusty Tahr), please add this repo and update. 64-bit only.

            sudo apt-key adv --keyserver pgp.mit.edu --recv-keys F93418C56652E60C
            sudo add-apt-repository 'deb [arch=amd64] http://dl.dnshyp.com/ trusty main'
            sudo apt-get update

To install on Ubuntu 16.04 LTS (Xenial Xerus), please add this repo and update. 64-bit only.

            sudo apt-key adv --keyserver pgp.mit.edu --recv-keys F93418C56652E60C
            sudo add-apt-repository 'deb [arch=amd64] http://dl.dnshyp.com/ xenial main'
            sudo apt-get update

The software can then be installed with the following commands:

            sudo apt-get install hypd
            sudo apt-get install hypcli
            sudo apt-get install hypweb (coming soon)


Most configuration can be provided in the delegating DNS server. hypd queries this DNS server for subdomains and names to listen for. If you don't have full control over the delegating server, you can override or augment the configuration with a local config file.

There is a sample config file in $SYSCONFIDR/hypd.lua.For Linux, this is /etc/hypd.lua. Here, you can override the host and domain name as well as the subdomains for each interface. Some sample configuration is included below. While it might not be obvious, using a Lua language file for configuration provides a lot of flexibility for generating the variables to be read by the hypd daemon.

            hostname = 'foo.bar.com' -- only needed to override default
            port = {
                -- defaults, not yet implemented
                udp = 53, tcp = 53, tls = 853, llq = 5352, push = 853
            certificate = {
                -- looks for letsencrypt certs automatically
                crt = '/etc/letsenscrypt/live/foo.bar.com/cert.pem',
                key = '/etc/letsenscrypt/live/foo.bar.com/privkey.pem',
                chain = '/etc/letsenscrypt/live/foo.bar.com/fullchain.pem'
            interfaces = {
                -- currently required if no reverse PTR net records
                { name = 'eth0', subdomain = 'sub1.bar.com' },
                { name = 'eth1', disable = true },


LLQ and DNS Push Notifications are not fully implemented.

User Interface

hyp CLI is an open source tool available on github using an MIT License:


It talks to the RESTful interface of hypd and formats output in columnar form. Since most companies using hypd in their product will have their own user interface componenets, hyp CLI is only intended as an example tool to communicate with hypd.

hypd listens on http://localhost:8080/ for requests to the RESTful interface. More documentation about this interface is forthcoming.


hyp cli is a python tool installed in a virtual environment with its dependencies. After installing hypcli, open a shell to use it:

            $ export PATH=$PATH:/usr/share/python/hypcli/bin
            $ hyp
            Welcome to the Hyp shell. Type help or ? to list commands.


hyp Web is a similar open source tool that provides a browser based interface to communicate with hypd. It uses the same RESTful interface as hyp CLI but provides the output in a browser. Instructions for setting up the web interface are forthcoming.

Requirements of the delegating server

The hybrid proxy is an authoritative DNS server for one or more subdomains. Each of these subdomains MUST be delegated to the hybrid proxy by the parent zone.


Subdomains are delegated to another server by defining NS records in the delegating server. The following records create three subdomains and delegate those subdomains to the listed servers.

        floor1.example.com. IN      NS      server1.example.com.
        floor2.exmaple.com. IN      NS      server2.example.com.
        floor3.example.com. IN      NS      server3.example.com.

Browse Records

Service Discovery clients will query known search domains to see if they are browseable for services. Initially, they will query for b.dns-sd.udp.example.com. If the domain is browseable, it will have PTR records for one or more browseable domains. This could include a PTR record for the domain and also for subdomains. For a client to search a hybrid proxy for discoverable services, PTR records for the subdomain of each IP subnet represented by the hybrid proxy must be listed in the delegating server.

        b._dns-sd._udp IN      PTR     @                      ;the top level domain is browseable
        b._dns-sd._udp IN      PTR     floor1.example.com.    ;a hybrid proxy provides for floor1
        b._dns-sd._udp IN      PTR     floor2.example.com.
        b._dns-sd._udp IN      PTR     floor3.example.com.

The client will then query each of the subdomains listed to see if they are browseable, for example, b.dns-sd.udp.floor1.example.com. The hybrid proxy should answer this query with its hostname.