PowerDNS manual

PowerDNS BV


          
        

Abstract


    It is a book about a Spanish guy called Manual. You should read it.
       -- Dilbert
       


Table of Contents

1. The PowerDNS Authoritative Server
1. Function & design of PDNS
2. About this document
3. Release notes
3.1. PowerDNS Recursor version 3.6
3.2. PowerDNS Authoritative Server version 3.3.1
3.3. PowerDNS Recursor version 3.5.3
3.4. PowerDNS Recursor version 3.5.2
3.5. PowerDNS Authoritative Server version 3.3
3.6. PowerDNS Recursor version 3.5.1
3.7. PowerDNS Recursor version 3.5
3.8. PowerDNS Authoritative Server 3.2
3.9. PowerDNS Authoritative Server 3.1
3.10. Authoritative Server version 2.9.22.6
3.11. Authoritative Server version 2.9.22.5
3.12. PowerDNS Authoritative Server 3.0.1
3.13. PowerDNS Authoritative Server 3.0
3.14. Recursor version 3.3.1
3.15. Recursor version 3.3
3.16. Recursor version 3.2
3.17. Recursor version 3.1.7.2
3.18. Recursor version 3.1.7.1
3.19. Authoritative Server version 2.9.22
3.20. Authoritative Server version 2.9.21.2
3.21. Authoritative Server version 2.9.21.1
3.22. Recursor version 3.1.7
3.23. Recursor version 3.1.6
3.24. Recursor version 3.1.5
3.25. PowerDNS Authoritative Server version 2.9.21
3.26. Recursor version 3.1.4
3.27. Recursor version 3.1.3
3.28. Recursor version 3.1.2
3.29. Recursor version 3.1.1
3.30. Recursor version 3.0.1
3.31. Recursor version 3.0
3.32. Version 2.9.20
3.33. Version 2.9.19
3.34. Version 2.9.18
3.35. Version 2.9.17
3.36. Version 2.9.16
3.37. Version 2.9.15
3.38. Version 2.9.14
3.39. Version 2.9.13
3.40. Version 2.9.12
3.41. Version 2.9.11
3.42. Version 2.9.10
3.43. Version 2.9.8
3.44. Version 2.9.7
3.45. Version 2.9.6
3.46. Version 2.9.5
3.47. Version 2.9.4
3.48. Version 2.9.3a
3.49. Version 2.9.2
3.50. Version 2.9.1
3.51. Version 2.9
3.52. Version 2.8
3.53. Version 2.7 and 2.7.1
3.54. Version 2.6.1
3.55. Version 2.6
3.56. Version 2.5.1
3.57. Version 2.5
3.58. Version 2.4
3.59. Version 2.3
3.60. Version 2.2
3.61. Version 2.1
3.62. Version 2.0.1
3.63. Version 2.0
3.64. Version 2.0 Release Candidate 2
3.65. Version 2.0 Release Candidate 1
3.66. Version 1.99.12 Prerelease
3.67. Version 1.99.11 Prerelease
3.68. Version 1.99.10 Prerelease
3.69. Version 1.99.9 Early Access Prerelease
3.70. Version 1.99.8 Early Access Prerelease
3.71. Version 1.99.7 Early Access Prerelease
3.72. Version 1.99.6 Early Access Prerelease
3.73. Version 1.99.5 Early Access Prerelease
3.74. Version 1.99.4 Early Access Prerelease
3.75. Version 1.99.3 Early Access Prerelease
3.76. Version 1.99.2 Early Access Prerelease
3.77. Version 1.99.1 Early Access Prerelease
4. Security
5. PowerDNS Security Advisory 2006-01: Malformed TCP queries can lead to a buffer overflow which might be exploitable
6. PowerDNS Security Advisory 2006-02: Zero second CNAME TTLs can make PowerDNS exhaust allocated stack space, and crash
7. PowerDNS Security Advisory 2008-01: System random generator can be predicted, leading to the potential to 'spoof' PowerDNS Recursor
8. PowerDNS Security Advisory 2008-02: By not responding to certain queries, domains become easier to spoof
9. PowerDNS Security Advisory 2008-02: Some PowerDNS Configurations can be forced to restart remotely
10. PowerDNS Security Advisory 2010-01: PowerDNS Recursor up to and including 3.1.7.1 can be brought down and probably exploited
11. PowerDNS Security Advisory 2010-02: PowerDNS Recursor up to and including 3.1.7.1 can be spoofed into accepting bogus data
12. PowerDNS Security Advisory 2012-01: PowerDNS Authoritative Server can be caused to generate a traffic loop
13. Acknowledgements
2. Installing on Unix
1. Possible problems at this point
2. Testing your install
2.1. Typical errors
3. Running PDNS on unix
3. Installing on Microsoft Windows
4. Basic setup: configuring database connectivity
1. Example: configuring MySQL
1.1. Common problems
5. Dynamic resolution using the PipeBackend
1. Deploying the PipeBackend with the BindBackend
6. Logging & Monitoring Authoritative Server performance
1. Webserver
2. Via init.d commands
3. Operational logging using syslog
7. Security settings & considerations
1. Settings
1.1. Running as a less privileged identity
1.2. Jailing the process in a chroot
2. Considerations
8. Virtual hosting
9. Authoritative Server Performance
1. General advice
2. Performance related settings
2.1. Packet Cache
2.2. Query Cache
10. Migrating to PowerDNS
1. Zone2sql
11. Notes on upgrading
1. From PowerDNS Authoritative Server 2.9.x to 3.0
1.1. Frequently Asked Questions about 3.0
2. From PowerDNS Authoritative Server 3.0 to 3.1
3. From PowerDNS Authoritative Server 3.1 to 3.2
4. From PowerDNS Authoritative Server 3.2 to 3.3
5. From PowerDNS Authoritative Server 3.3 to 3.3.1
6. From PowerDNS Authoritative Server 3.3.1 to 3.4
12. Serving authoritative DNSSEC data
1. A brief introduction to DNSSEC
2. Profile, Supported Algorithms, Record Types & Modes of operation
2.1. DNSSEC: live-signed vs orthodox 'pre-signed' mode
3. Migration
3.1. From an existing PowerDNS installation
3.2. From existing non-DNSSEC non-PowerDNS setups
3.3. From existing DNSSEC non-PowerDNS setups, pre-signed
3.4. From existing DNSSEC non-PowerDNS setups, live signing
4. Records, Keys, signatures, hashes within PowerDNSSEC in online signing mode
4.1. (Hashed) Denial of Existence
4.2. Signatures
5. 'pdnssec' for PowerDNSSEC command & control
6. DNSSEC advice & precautions
6.1. Packet sizes, fragments, TCP/IP service
7. Operational instructions
7.1. Publishing a DS
7.2. ZSK rollover
7.3. KSK rollover
7.4. Going insecure
7.5. NSEC(3) change
8. Modes of operation
8.1. PowerDNSSEC Pre-signed records
8.2. PowerDNSSEC Front-signing
8.3. PowerDNSSEC BIND-mode operation
8.4. PowerDNSSEC hybrid BIND-mode operation
8.5. Rules for filling out fields in database backends
9. Secure transfers
10. Security
11. Performance
12. Thanks to, acknowledgements
13. TSIG: shared secret authorization and authentication
1. Provisioning outbound AXFR access
2. Provisioning signed notification and AXFR requests
14. AXFR ACLs
15. Per zone settings aka Domain Metadata
16. RFC2136 Support (Dynamic DNS Update)
1. Configuration options
2. Per zone settings
3. SOA Serial Updates
3.1. SOA-EDIT-2136 settings
4. RFC2136 How-to: Setup dyndns/rfc2136 with dhcpd
4.1. Setting up dhcpd
4.2. Setting up PowerDNS
5. How it works
17. Recursion
1. Details
18. PowerDNS Recursor: a high performance resolving nameserver
1. pdns_recursor settings
2. pdns_recursor command line
3. Controlling and querying the recursor
4. PowerDNS Recursor performance
4.1. Recursor Caches
5. Details
5.1. Anti-spoofing
5.2. Throttling
6. Statistics
7. Scripting
7.1. Configuring Lua scripts
7.2. Writing Lua PowerDNS Recursor scripts
8. DNS64 support in the PowerDNS Recursor
9. Design and Engineering of the PowerDNS Recursor
9.1. The PowerDNS Recursor
9.2. Synchronous code using MTasker
9.3. MPlexer
9.4. MOADNSParser
9.5. The C++ Standard Library / Boost
9.6. Actual DNS Algorithm
9.7. The non-cached case
9.8. Some of the things we glossed over
9.9. The Recursor Cache
9.10. Some small things
19. Master/Slave operation & replication
1. Native replication
2. Slave operation
2.1. Supermaster automatic provisioning of slaves
2.2. Modifying a slave zone using a script
3. Master operation
20. Fancy records for seamless email and URL integration
21. Index of all Authoritative Server settings
22. Index of all Authoritative Server metrics
1. Counters & variables
1.1. Counters
1.2. Ring buffers
23. Supported record types and their storage
24. HOWTO & Frequently Asked Questions
1. Getting support, free and paid FAQ
2. Using and Compiling PowerDNS FAQ
3. Backend developer HOWTO
4. About PowerDNS.COM BV, 'the company'
25. Other tools included with PowerDNS
1. Notification proxy (nproxy)
26. Tools to analyse DNS traffic
27. PowerDNS Metrics, and how to display them
A. Backends in detail
1. PipeBackend
1.1. PipeBackend protocol
1.2. Notes
2. Random Backend
3. Generic MySQL and PgSQL backends
3.1. MySQL specifics
3.2. PostgreSQL specifics
3.3. Oracle specifics
3.4. Basic functionality
3.5. DNSSEC queries
3.6. Master/slave queries
3.7. Comments queries
3.8. Fancy records
3.9. Settings and specifying queries
3.10. Native operation
3.11. Slave operation
3.12. Superslave operation
3.13. Master operation
3.14. Disabled data
4. Oracle backend
4.1. The Database Schema
4.2. The SQL Statements
5. Generic SQLite backend (2 and 3)
5.1. Compiling the SQLite backend
5.2. Setting up the database
5.3. Using the SQLite backend
6. DB2 backend
7. Bind zone file backend
7.1. Operation
7.2. Pdns_control commands
7.3. Performance
7.4. Master/slave configuration
7.5. Commands
8. LMDB (high performance) backend
8.1. Operation
8.2. Database Format
9. ODBC backend
10. XDB Backend
11. LDAP backend
12. OpenDBX backend
13. Geo backend
14. Lua Backend
15. TinyDNS Backend
15.1. Configuration Parameters
15.2. Location and Timestamp support
15.3. Master mode
15.4. Useful implementation notes
16. Remote Backend
16.1. Important notices
16.2. Compiling
16.3. Usage
16.4. API
16.5. Examples
B. PDNS internals
1. Controlsocket
1.1. pdns_control
2. Guardian
3. Modules & Backends
4. How PDNS translates DNS queries into backend queries
5. Adding new DNS record types
C. Backend writers' guide
1. Simple read-only native backends
1.1. A sample minimal backend
1.2. Interface definition
2. Reporting errors
3. Declaring and reading configuration details
4. Read/write slave-capable backends
4.1. Supermaster/Superslave capability
5. Read/write master-capable backends
6. RFC2136 support
D. Compiling PowerDNS
1. Compiling PowerDNS on Unix
1.1. AIX
1.2. FreeBSD
1.3. Linux
1.4. MacOS X
1.5. OpenBSD
1.6. Solaris
E. PowerDNS license (GNU General Public License version 2)
F. Further copyright statements
1. OpenSSL linking exception
2. AES implementation by Brian Gladman
G. Cryptographic software and export control
1. Specific United States Export Control Notes

List of Tables

1.1. PowerDNS Security Advisory
1.2. PowerDNS Security Advisory
1.3. PowerDNS Security Advisory
1.4. PowerDNS Security Advisory
1.5. PowerDNS Security Advisory
1.6. PowerDNS Security Advisory
1.7. PowerDNS Security Advisory
1.8. PowerDNS Security Advisory
18.1. pdnslog() loglevels
23.1. SOA fields
A.1. PipeBackend capabilities
A.2. Random Backend capabilities
A.3. Generic PgSQL and MySQL backend capabilities
A.4. Oracle backend capabilities
A.5. Generic SQLite backend capabilities
A.6. DB2 backend capabilities
A.7. Bind zone file backend capabilities
A.8. LMDB backend capabilities
A.9. ODBC backend capabilities
A.10. LDAP backend capabilities
A.11. OpenDBX backend capabilities
A.12. Geo backend capabilities
A.13. Lua backend capabilities
A.14. TinyDNS backend capabilities
A.15. Remote backend capabilities
C.1. DNSResourceRecord class
C.2. SOAData struct
C.3. DomainInfo struct