PowerDNS manual

PowerDNS BV

<pdns.bd@powerdns.com>

    It is a book about a Spanish guy called Manual. You should read it.
       -- Dilbert

Table of Contents

1. The PowerDNS dynamic nameserver

1.1. Function & design of PDNS

1.2. About this document

1.3. Release notes

1.3.1. Authoritative Server version 2.9.22 (UNRELEASED)
1.3.2. Authoritative Server version 2.9.21.2
1.3.3. Authoritative Server version 2.9.21.1
1.3.4. Recursor version 3.1.7
1.3.5. Recursor version 3.1.6
1.3.6. Recursor version 3.1.5
1.3.7. PowerDNS Authoritative Server version 2.9.21
1.3.8. Recursor version 3.1.4
1.3.9. Recursor version 3.1.3
1.3.10. Recursor version 3.1.2
1.3.11. Recursor version 3.1.1
1.3.12. Recursor version 3.0.1
1.3.13. Recursor version 3.0
1.3.14. Version 2.9.20
1.3.15. Version 2.9.19
1.3.16. Version 2.9.18
1.3.17. Version 2.9.17
1.3.18. Version 2.9.16
1.3.19. Version 2.9.15
1.3.20. Version 2.9.14
1.3.21. Version 2.9.13
1.3.22. Version 2.9.12
1.3.23. Version 2.9.11
1.3.24. Version 2.9.10
1.3.25. Version 2.9.8
1.3.26. Version 2.9.7
1.3.27. Version 2.9.6
1.3.28. Version 2.9.5
1.3.29. Version 2.9.4
1.3.30. Version 2.9.3a
1.3.31. Version 2.9.2
1.3.32. Version 2.9.1
1.3.33. Version 2.9
1.3.34. Version 2.8
1.3.35. Version 2.7 and 2.7.1
1.3.36. Version 2.6.1
1.3.37. Version 2.6
1.3.38. Version 2.5.1
1.3.39. Version 2.5
1.3.40. Version 2.4
1.3.41. Version 2.3
1.3.42. Version 2.2
1.3.43. Version 2.1
1.3.44. Version 2.0.1
1.3.45. Version 2.0
1.3.46. Version 2.0 Release Candidate 2
1.3.47. Version 2.0 Release Candidate 1
1.3.48. Version 1.99.12 Prerelease
1.3.49. Version 1.99.11 Prerelease
1.3.50. Version 1.99.10 Prerelease
1.3.51. Version 1.99.9 Early Access Prerelease
1.3.52. Version 1.99.8 Early Access Prerelease
1.3.53. Version 1.99.7 Early Access Prerelease
1.3.54. Version 1.99.6 Early Access Prerelease
1.3.55. Version 1.99.5 Early Access Prerelease
1.3.56. Version 1.99.4 Early Access Prerelease
1.3.57. Version 1.99.3 Early Access Prerelease
1.3.58. Version 1.99.2 Early Access Prerelease
1.3.59. Version 1.99.1 Early Access Prerelease

1.4. Security

1.5. PowerDNS Security Advisory 2006-01: Malformed TCP queries can lead to a buffer overflow which might be exploitable

1.6. PowerDNS Security Advisory 2006-02: Zero second CNAME TTLs can make PowerDNS exhaust allocated stack space, and crash

1.7. PowerDNS Security Advisory 2008-01: System random generator can be predicted, leading to the potential to 'spoof' PowerDNS Recursor

1.8. PowerDNS Security Advisory 2008-02: By not responding to certain queries, domains become easier to spoof

1.9. PowerDNS Security Advisory 2008-02: Some PowerDNS Configurations can be forced to restart remotely

1.10. Acknowledgements

2. Installing on Unix

2.1. Possible problems at this point

2.2. Testing your install

2.2.1. Typical errors

2.3. Running PDNS on unix

3. Installing on Microsoft Windows

3.1. Configuring PDNS on Microsoft Windows
3.2. Running PDNS on Microsoft Windows

4. Basic setup: configuring database connectivity

4.1. Example: configuring MySQL

4.1.1. Common problems

5. Dynamic resolution using the PipeBackend

5.1. Deploying the PipeBackend with the BindBackend

6. Logging & Monitoring Authoritative Server performance

6.1. Webserver
6.2. Via init.d commands
6.3. Operational logging using syslog

7. Security settings & considerations

7.1. Settings

7.1.1. Running as a less privileged identity
7.1.2. Jailing the process in a chroot

7.2. Considerations

8. Virtual hosting

9. Performance

9.1. General advice

9.2. Native Posix Thread Library vs LinuxThreads

9.3. Performance related settings

9.3.1. Packet Cache
9.3.2. Query Cache

10. Migrating to PDNS

10.1. Zone2sql

11. Recursion

11.1. Details

12. PowerDNS resolver/recursing nameserver

12.1. pdns_recursor settings

12.2. Controlling and querying the recursor

12.3. PowerDNS Recursor performance

12.4. Details

12.4.1. Anti-spoofing
12.4.2. Throttling

12.5. Statistics

12.6. Scripting

12.6.1. Configuring Lua scripts
12.6.2. Writing Lua PowerDNS Recursor scripts

12.7. Design and Engineering of the PowerDNS Recursor

12.7.1. The PowerDNS Recursor
12.7.2. Synchronous code using MTasker
12.7.3. MPlexer
12.7.4. MOADNSParser
12.7.5. The C++ Standard Library / Boost
12.7.6. Actual DNS Algorithm
12.7.7. The non-cached case
12.7.8. Some of the things we glossed over
12.7.9. The Recursor Cache
12.7.10. Some small things

13. Master/Slave operation & replication

13.1. Native replication

13.2. Slave operation

13.2.1. Supermaster automatic provisioning of slaves

13.3. Master operation

14. Fancy records for seamless email and URL integration

15. Index of all Authoritative Server settings

16. Index of all Authoritative Server metrics

16.1. Counters & variables

16.1.1. Counters
16.1.2. Ring buffers

17. Supported record types and their storage

18. HOWTO & Frequently Asked Questions

18.1. Getting support, free and paid FAQ
18.2. Using and Compiling PowerDNS FAQ
18.3. Backend developer HOWTO
18.4. About PowerDNS.COM BV, 'the company'

19. Other tools included with PowerDNS

19.1. Notification proxy (nproxy)

20. Tools to analyse DNS traffic

A. Backends in detail

A.1. PipeBackend

A.1.1. PipeBackend protocol

A.2. MySQL backend

A.2.1. Configuration settings
A.2.2. Notes

A.3. Random Backend

A.4. MySQL PDNS backend

A.4.1. Notes

A.5. Generic MySQL and PgSQL backends

A.5.1. MySQL specifics
A.5.2. PostgresSQL specifics
A.5.3. Oracle specifics
A.5.4. Basic functionality
A.5.5. Master/slave queries
A.5.6. Fancy records
A.5.7. Settings and specifying queries
A.5.8. Native operation
A.5.9. Slave operation
A.5.10. Superslave operation
A.5.11. Master operation

A.6. Oracle backend

A.6.1. Setting up Oracle for use with PowerDNS

A.7. Generic SQLite backend (2 and 3)

A.7.1. Compiling the SQLite backend
A.7.2. Setting up the database
A.7.3. Using the SQLite backend

A.8. DB2 backend

A.9. Bind zone file backend

A.9.1. Operation
A.9.2. Pdns_control commands
A.9.3. Performance
A.9.4. Master/slave configuration
A.9.5. Commands

A.10. ODBC backend

A.11. XDB Backend

A.12. LDAP backend

A.13. OpenDBX backend

A.14. Geo backend

B. PDNS internals

B.1. Controlsocket

B.1.1. pdns_control

B.2. Guardian

B.3. Modules & Backends

B.4. How PDNS translates DNS queries into backend queries

C. Backend writers' guide

C.1. Simple read-only native backends

C.1.1. A sample minimal backend
C.1.2. Interface definition

C.2. Reporting errors

C.3. Declaring and reading configuration details

C.4. Read/write slave-capable backends

C.4.1. Supermaster/Superslave capability

C.5. Read/write master-capable backends

D. Compiling PowerDNS

D.1. Compiling PowerDNS on Unix

D.1.1. AIX
D.1.2. FreeBSD
D.1.3. Linux
D.1.4. MacOS X
D.1.5. OpenBSD
D.1.6. Solaris

D.2. Compiling PowerDNS on Windows

D.2.1. Assumptions
D.2.2. Prequisites
D.2.3. Nullsoft Installer
D.2.4. Setting up the build-environment
D.2.5. Compilation
D.2.6. Miscellaneous

E. PowerDNS license (GNU General Public License version 2)

F. Further copyright statements

F.1. AES implementation by Brian Gladman

List of Tables
1-1. PowerDNS Security Advisory
1-2. PowerDNS Security Advisory
1-3. PowerDNS Security Advisory
1-4. PowerDNS Security Advisory
1-5. PowerDNS Security Advisory
17-1. SOA fields
A-1. PipeBackend capabilities
A-2. MySQL backend capabilities
A-3. Random Backend capabilities
A-4. MySQL backend capabilities
A-5. Generic PgSQL and MySQL backend capabilities
A-6. Oracle backend capabilities
A-7. Generic SQLite backend capabilities
A-8. DB2 backend capabilities
A-9. Bind zone file backend capabilities
A-10. ODBC backend capabilities
A-11. LDAP backend capabilities
A-12. OpenDBX backend capabilities
A-13. Geo backend capabilities
C-1. DNSResourceRecord class
C-2. SOAData struct
C-3. DomainInfo struct