- Separate peer_sync.auth_username/password from the DA-facing credentials
so /internal/* uses its own basic auth; a compromised peer cannot push
zones or access the admin API
- Per-peer health tracking: consecutive failure count, degraded/recovered
log events at FAILURE_THRESHOLD (3) and on first successful contact after
degradation
- Gossip-lite mesh discovery: each sync pass calls /internal/peers on every
known peer and adds newly discovered node URLs automatically; a linear
chain of initial connections is sufficient to form a full mesh
- /internal/peers endpoint returns the node's live peer URL list
- Support DADNS_PEER_SYNC_PEER_N_URL/USERNAME/PASSWORD numbered env vars
for multi-peer env-var-only deployments (up to 9); original single-peer
DADNS_PEER_SYNC_PEER_URL retained for backward compatibility
- PeerSyncWorker reads DADNS_PEER_SYNC_PEER_URL / _USERNAME / _PASSWORD env
vars to populate a single peer without a config file; deduped against any
config-file peers so the URL never appears twice
- 2 new tests (119 total, all passing)
- README: peer sync single-peer env var table; Topology C compose example
updated to use env vars only (no config file needed for two-node setup)
- README: document cybercinch/coredns_mysql_extend built-in file caching —
serves from cache during MySQL outages, eliminates per-query round-trips
Migrate remaining session.query() calls in coredns_mysql.py to
select()/session.execute() style; update bulk delete to delete()
construct and count to func.count(); drop sessionmaker(bind=).
Update test fixtures and assertions to match.
Zero session.query() calls remaining across the entire codebase.
