PowerDNS manual

PowerDNS BV


          
        

v3.0-pre $Date: 2011-01-06 23:00:05 +0100 (Thu, 06 Jan 2011) $

Abstract


    It is a book about a Spanish guy called Manual. You should read it.
       -- Dilbert
       


Table of Contents

1. The PowerDNS dynamic nameserver
1. Function & design of PDNS
2. About this document
3. Release notes
3.1. PowerDNS Authoritative Server 3.2
3.2. PowerDNS Authoritative Server 3.1
3.3. Authoritative Server version 2.9.22.6
3.4. Authoritative Server version 2.9.22.5
3.5. PowerDNS Authoritative Server 3.0.1
3.6. PowerDNS Authoritative Server 3.0
3.7. Recursor version 3.3.1
3.8. Recursor version 3.3
3.9. Recursor version 3.2
3.10. Recursor version 3.1.7.2
3.11. Recursor version 3.1.7.1
3.12. Authoritative Server version 2.9.22
3.13. Authoritative Server version 2.9.21.2
3.14. Authoritative Server version 2.9.21.1
3.15. Recursor version 3.1.7
3.16. Recursor version 3.1.6
3.17. Recursor version 3.1.5
3.18. PowerDNS Authoritative Server version 2.9.21
3.19. Recursor version 3.1.4
3.20. Recursor version 3.1.3
3.21. Recursor version 3.1.2
3.22. Recursor version 3.1.1
3.23. Recursor version 3.0.1
3.24. Recursor version 3.0
3.25. Version 2.9.20
3.26. Version 2.9.19
3.27. Version 2.9.18
3.28. Version 2.9.17
3.29. Version 2.9.16
3.30. Version 2.9.15
3.31. Version 2.9.14
3.32. Version 2.9.13
3.33. Version 2.9.12
3.34. Version 2.9.11
3.35. Version 2.9.10
3.36. Version 2.9.8
3.37. Version 2.9.7
3.38. Version 2.9.6
3.39. Version 2.9.5
3.40. Version 2.9.4
3.41. Version 2.9.3a
3.42. Version 2.9.2
3.43. Version 2.9.1
3.44. Version 2.9
3.45. Version 2.8
3.46. Version 2.7 and 2.7.1
3.47. Version 2.6.1
3.48. Version 2.6
3.49. Version 2.5.1
3.50. Version 2.5
3.51. Version 2.4
3.52. Version 2.3
3.53. Version 2.2
3.54. Version 2.1
3.55. Version 2.0.1
3.56. Version 2.0
3.57. Version 2.0 Release Candidate 2
3.58. Version 2.0 Release Candidate 1
3.59. Version 1.99.12 Prerelease
3.60. Version 1.99.11 Prerelease
3.61. Version 1.99.10 Prerelease
3.62. Version 1.99.9 Early Access Prerelease
3.63. Version 1.99.8 Early Access Prerelease
3.64. Version 1.99.7 Early Access Prerelease
3.65. Version 1.99.6 Early Access Prerelease
3.66. Version 1.99.5 Early Access Prerelease
3.67. Version 1.99.4 Early Access Prerelease
3.68. Version 1.99.3 Early Access Prerelease
3.69. Version 1.99.2 Early Access Prerelease
3.70. Version 1.99.1 Early Access Prerelease
4. Security
5. PowerDNS Security Advisory 2006-01: Malformed TCP queries can lead to a buffer overflow which might be exploitable
6. PowerDNS Security Advisory 2006-02: Zero second CNAME TTLs can make PowerDNS exhaust allocated stack space, and crash
7. PowerDNS Security Advisory 2008-01: System random generator can be predicted, leading to the potential to 'spoof' PowerDNS Recursor
8. PowerDNS Security Advisory 2008-02: By not responding to certain queries, domains become easier to spoof
9. PowerDNS Security Advisory 2008-02: Some PowerDNS Configurations can be forced to restart remotely
10. PowerDNS Security Advisory 2010-01: PowerDNS Recursor up to and including 3.1.7.1 can be brought down and probably exploited
11. PowerDNS Security Advisory 2010-02: PowerDNS Recursor up to and including 3.1.7.1 can be spoofed into accepting bogus data
12. PowerDNS Security Advisory 2012-01: PowerDNS Authoritative Server can be caused to generate a traffic loop
13. Acknowledgements
2. Installing on Unix
1. Possible problems at this point
2. Testing your install
2.1. Typical errors
3. Running PDNS on unix
3. Installing on Microsoft Windows
1. Configuring PDNS on Microsoft Windows
2. Running PDNS on Microsoft Windows
4. Basic setup: configuring database connectivity
1. Example: configuring MySQL
1.1. Common problems
5. Dynamic resolution using the PipeBackend
1. Deploying the PipeBackend with the BindBackend
6. Logging & Monitoring Authoritative Server performance
1. Webserver
2. Via init.d commands
3. Operational logging using syslog
7. Security settings & considerations
1. Settings
1.1. Running as a less privileged identity
1.2. Jailing the process in a chroot
2. Considerations
8. Virtual hosting
9. Authoritative Server Performance
1. General advice
2. Native Posix Thread Library vs LinuxThreads
3. Performance related settings
3.1. Packet Cache
3.2. Query Cache
10. Migrating to PowerDNS
1. Zone2sql
11. Notes on upgrading
1. From PowerDNS Authoritative Server 2.9.x to 3.0
1.1. Frequently Asked Questions about 3.0
2. From PowerDNS Authoritative Server 3.0 to 3.1
3. From PowerDNS Authoritative Server 3.1 to 3.2
12. Serving authoritative DNSSEC data
1. A brief introduction to DNSSEC
2. Profile, Supported Algorithms, Record Types & Modes of operation
2.1. DNSSEC: live-signed vs orthodox 'pre-signed' mode
3. Migration
3.1. From an existing PowerDNS installation
3.2. From existing non-DNSSEC non-PowerDNS setups
3.3. From existing DNSSEC non-PowerDNS setups, pre-signed
3.4. From existing DNSSEC non-PowerDNS setups, live signing
4. Records, Keys, signatures, hashes within PowerDNSSEC in online signing mode
4.1. (Hashed) Denial of Existence
4.2. Signatures
5. 'pdnssec' for PowerDNSSEC command & control
6. DNSSEC advice & precautions
6.1. Packet sizes, fragments, TCP/IP service
7. Operational instructions
7.1. Publishing a DS
7.2. ZSK rollover
7.3. KSK rollover
7.4. Going insecure
7.5. NSEC(3) change
8. Modes of operation
8.1. PowerDNSSEC Pre-signed records
8.2. PowerDNSSEC Front-signing
8.3. PowerDNSSEC BIND-mode operation
8.4. PowerDNSSEC hybrid BIND-mode operation
8.5. Rules for filling out fields in database backends
9. Security
10. Performance
11. Thanks to, acknowledgements
13. TSIG: shared secret authorization and authentication
1. Provisioning outbound AXFR access
2. Provisioning signed notification and AXFR requests
14. AXFR ACLs
15. Per zone settings aka Domain Metadata
16. Recursion
1. Details
17. PowerDNS Recursor: a high performance resolving nameserver
1. pdns_recursor settings
2. pdns_recursor command line
3. Controlling and querying the recursor
4. PowerDNS Recursor performance
4.1. Recursor Caches
5. Details
5.1. Anti-spoofing
5.2. Throttling
6. Statistics
7. Scripting
7.1. Configuring Lua scripts
7.2. Writing Lua PowerDNS Recursor scripts
8. Design and Engineering of the PowerDNS Recursor
8.1. The PowerDNS Recursor
8.2. Synchronous code using MTasker
8.3. MPlexer
8.4. MOADNSParser
8.5. The C++ Standard Library / Boost
8.6. Actual DNS Algorithm
8.7. The non-cached case
8.8. Some of the things we glossed over
8.9. The Recursor Cache
8.10. Some small things
18. Master/Slave operation & replication
1. Native replication
2. Slave operation
2.1. Supermaster automatic provisioning of slaves
2.2. Modifying a slave zone using a script
3. Master operation
19. Fancy records for seamless email and URL integration
20. Index of all Authoritative Server settings
21. Index of all Authoritative Server metrics
1. Counters & variables
1.1. Counters
1.2. Ring buffers
22. Supported record types and their storage
23. HOWTO & Frequently Asked Questions
1. Getting support, free and paid FAQ
2. Using and Compiling PowerDNS FAQ
3. Backend developer HOWTO
4. About PowerDNS.COM BV, 'the company'
24. Other tools included with PowerDNS
1. Notification proxy (nproxy)
25. Tools to analyse DNS traffic
A. Backends in detail
1. PipeBackend
1.1. PipeBackend protocol
1.2. Notes
2. Random Backend
3. Generic MySQL and PgSQL backends
3.1. MySQL specifics
3.2. PostgreSQL specifics
3.3. Oracle specifics
3.4. Basic functionality
3.5. DNSSEC queries
3.6. Master/slave queries
3.7. Fancy records
3.8. Settings and specifying queries
3.9. Native operation
3.10. Slave operation
3.11. Superslave operation
3.12. Master operation
4. Oracle backend
4.1. The Database Schema
4.2. The SQL Statements
5. Generic SQLite backend (2 and 3)
5.1. Compiling the SQLite backend
5.2. Setting up the database
5.3. Using the SQLite backend
6. DB2 backend
7. Bind zone file backend
7.1. Operation
7.2. Pdns_control commands
7.3. Performance
7.4. Master/slave configuration
7.5. Commands
8. ODBC backend
9. XDB Backend
10. LDAP backend
11. OpenDBX backend
12. Geo backend
13. Lua Backend
14. TinyDNS Backend
14.1. Configuration Parameters
14.2. Location and Timestamp support
14.3. Master mode
14.4. Useful implementation notes
15. Remote Backend
15.1. Compiling
15.2. Usage
15.3. API
15.4. Examples
B. PDNS internals
1. Controlsocket
1.1. pdns_control
2. Guardian
3. Modules & Backends
4. How PDNS translates DNS queries into backend queries
5. Adding new DNS record types
C. Backend writers' guide
1. Simple read-only native backends
1.1. A sample minimal backend
1.2. Interface definition
2. Reporting errors
3. Declaring and reading configuration details
4. Read/write slave-capable backends
4.1. Supermaster/Superslave capability
5. Read/write master-capable backends
D. Compiling PowerDNS
1. Compiling PowerDNS on Unix
1.1. AIX
1.2. FreeBSD
1.3. Linux
1.4. MacOS X
1.5. OpenBSD
1.6. Solaris
2. Compiling PowerDNS on Windows
2.1. Assumptions
2.2. Prerequisites
2.3. Nullsoft Installer
2.4. Setting up the build-environment
2.5. Compilation
2.6. Miscellaneous
E. PowerDNS license (GNU General Public License version 2)
F. Further copyright statements
1. AES implementation by Brian Gladman
G. Cryptographic software and export control
1. Specific United States Export Control Notes

List of Tables

1.1. PowerDNS Security Advisory
1.2. PowerDNS Security Advisory
1.3. PowerDNS Security Advisory
1.4. PowerDNS Security Advisory
1.5. PowerDNS Security Advisory
1.6. PowerDNS Security Advisory
1.7. PowerDNS Security Advisory
1.8. PowerDNS Security Advisory
22.1. SOA fields
A.1. PipeBackend capabilities
A.2. Random Backend capabilities
A.3. Generic PgSQL and MySQL backend capabilities
A.4. Oracle backend capabilities
A.5. Generic SQLite backend capabilities
A.6. DB2 backend capabilities
A.7. Bind zone file backend capabilities
A.8. ODBC backend capabilities
A.9. LDAP backend capabilities
A.10. OpenDBX backend capabilities
A.11. Geo backend capabilities
A.12. Lua backend capabilities
A.13. TinyDNS backend capabilities
A.14. Remote backend capabilities
C.1. DNSResourceRecord class
C.2. SOAData struct
C.3. DomainInfo struct