P4

porkbun-mcp: managing Porkbun domains and DNS via MCP

porkbun-mcp logo

porkbun-mcp is an MCP server for Porkbun that lets an assistant safely inspect and manage domains and DNS records via a standard tool contract. The core goal is to reduce repetitive manual work and avoid "pressure mistakes" when you need to quickly verify or adjust DNS, redirects, or related settings.

Repo: korobkov-v/porkbun-mcp. It covers domains, nameservers, DNS, DNSSEC, SSL bundle retrieval, and URL forwarding, plus a set of scenario tools that default to dry_run.

What it can do

- Domains: list, nameservers, URL forwards, glue records
- DNS: list/get/create/edit/delete, including operations "by name and type"
- DNSSEC: list/create/delete
- SSL: retrieve certificate bundle
- Scenarios: dns_upsert, dns_batch_apply, domain_cutover_web

Safety model (what makes it different)

- Read-only by default: mutations are blocked until you explicitly enable write mode
- Scenario tools default to dry_run: true (plan first, then apply)
- Risky actions require extra flags and confirmations (e.g. domain registration is disabled by default)

Quick start (local)

Requirements: Node.js 20+ and Porkbun API keys (PORKBUN_API_KEY, PORKBUN_SECRET_KEY).

Read-only mode:
PORKBUN_API_KEY=... PORKBUN_SECRET_KEY=... node dist/index.js

Write mode (allows changes):
PORKBUN_API_KEY=... PORKBUN_SECRET_KEY=... node dist/index.js --get-muddy

DNS: plan -> apply example

The safest pattern is to call a scenario tool in dry_run mode first, review the proposed plan, and only then apply it.

Plan (example payload): 
{
  "domain": "example.com",
  "match": { "type": "A", "subdomain": "www" },
  "target": { "content": "203.0.113.10", "ttl": 300 },
  "dry_run": true
}

Why this matters in practice

- Less "click-ops": repetitive tasks are executed consistently and reproducibly
- Fewer mistakes: actions go through a structured contract with guardrails
- Faster incident triage: start with dns_list/domain_health_check, then move to a change plan
- Great fit for operational work around landing pages, redirects, and cutovers

Practical notes

- Do not commit API keys: use env vars or a secret manager
- Make sure the target domain is API-accessible in Porkbun (account keys alone are not enough if domain-level API access is disabled)
- Before any write action, run the scenario in dry_run first

← Back to Blog