diff --git a/srcpkgs/gdnsd/INSTALL b/srcpkgs/gdnsd/INSTALL
new file mode 100644
index 00000000000000..2e8a7085cc3ee7
--- /dev/null
+++ b/srcpkgs/gdnsd/INSTALL
@@ -0,0 +1,5 @@
+case "${ACTION}" in
+post)
+	setcap cap_net_bind_service+ei usr/bin/gdnsd
+	;;
+esac
diff --git a/srcpkgs/gdnsd/files/gdnsd/run b/srcpkgs/gdnsd/files/gdnsd/run
new file mode 100644
index 00000000000000..ab0b0077c332ee
--- /dev/null
+++ b/srcpkgs/gdnsd/files/gdnsd/run
@@ -0,0 +1,10 @@
+#!/bin/sh
+exec 2>&1
+install -d -m0750 -o _gdnsd -g _gdnsd /run/gdnsd
+exec setpriv --reuid _gdnsd --regid _gdnsd --groups _gdnsd \
+     --securebits +noroot,+noroot_locked,+no_setuid_fixup,+no_setuid_fixup_locked \
+     --bounding-set -all,+net_bind_service \
+     --ambient-caps -all,+net_bind_service \
+     --inh-caps     -all,+net_bind_service \
+     --no-new-privs \
+     gdnsd -c /etc/gdnsd -R start
diff --git a/srcpkgs/gdnsd/patches/musl.patch b/srcpkgs/gdnsd/patches/musl.patch
new file mode 100644
index 00000000000000..c405cb15552ac8
--- /dev/null
+++ b/srcpkgs/gdnsd/patches/musl.patch
@@ -0,0 +1,15 @@
+--- a/src/daemon.c	2024-09-19 13:22:52.000000000 -0700
++++ b/src/daemon.c	2025-12-03 21:31:09.368965368 -0700
+@@ -74,11 +74,11 @@ static void sysd_notify_ready(void)
+ 
+     const int fd = socket(AF_UNIX, SOCK_DGRAM | SOCK_CLOEXEC, 0);
+     if (fd < 0)
+         log_fatal("Cannot create AF_UNIX socket");
+ 
+-    const ssize_t strv = sendto(fd, msg, strlen(msg), 0, &sun, sun_len);
++    const ssize_t strv = sendto(fd, msg, strlen(msg), 0, (const struct sockaddr *)&sun, sun_len);
+     if (strv < 0)
+         log_fatal("sendto() systemd NOTIFY_SOCKET failed: %s", logf_errno());
+ 
+     if (close(fd))
+         log_fatal("close() of systemd NOTIFY_SOCKET failed: %s", logf_errno());
diff --git a/srcpkgs/gdnsd/template b/srcpkgs/gdnsd/template
new file mode 100644
index 00000000000000..c98dbc8deaa546
--- /dev/null
+++ b/srcpkgs/gdnsd/template
@@ -0,0 +1,35 @@
+# Template file for 'gdnsd'
+pkgname=gdnsd
+version=3.8.3
+revision=1
+build_style=gnu-configure
+configure_args="
+ --disable-silent-rules
+ --with-rundir=/run/gdnsd"
+hostmakedepends="automake pkg-config"
+makedepends="libunwind-devel libmaxminddb-devel perl xz
+ libev-devel liburcu-devel libsodium-devel"
+checkdepends="perl-Socket6 perl-IO-Socket-INET6
+ perl-HTTP-Daemon perl-Net-DNS"
+short_desc="Authoritative-only DNS server with geographic plugins"
+maintainer="JailBird <jailbird@fdf.net>"
+license="GPL-3.0-or-later"
+homepage="https://gdnsd.org/"
+changelog="https://raw.githubusercontent.com/gdnsd/gdnsd/refs/heads/main/NEWS"
+distfiles="https://github.com/gdnsd/gdnsd/releases/download/v${version}/gdnsd-${version}.tar.xz"
+checksum=16a81836273dcbc17e5527df2214e8664d0545bb18b55f08325710de10c8f64d
+
+system_accounts="_gdnsd"
+_gdnsd_homedir="/var/lib/gdnsd"
+
+make_dirs="/var/lib/gdnsd 0750 _gdnsd _gdnsd
+ /etc/gdnsd 0750 _gdnsd _gdnsd"
+
+# Skip tests as they require a Maxmind DB
+do_check() {
+	:
+}
+
+post_install() {
+	vsv gdnsd
+}