PowerDNS

PowerDNS DNSdist
Original author(s)	PowerDNS.com B.V.
Developer(s)	PowerDNS Community, Bert Hubert
Stable release	1.9.3 / April 5, 2024
Repository	github.com/PowerDNS/pdns ;
Written in	C++
Operating system	Unix-like
Type	DNS server
License	GNU General Public License v2
Website	www.powerdns.com

PowerDNS Recursor
Original author(s)	PowerDNS.com B.V.
Developer(s)	PowerDNS Community, Bert Hubert
Stable release	5.0.4 / April 24, 2024
Repository	github.com/PowerDNS/pdns ;
Written in	C++
Operating system	Unix-like
Type	DNS server
License	GNU General Public License v2
Website	www.powerdns.com

PowerDNS Server
Original author(s)	PowerDNS.com B.V.
Developer(s)	PowerDNS Community, Bert Hubert
Stable release	4.9.0 / March 15, 2024
Repository	github.com/PowerDNS/pdns ;
Written in	C++
Operating system	Unix-like
Type	DNS server
License	GNU General Public License v2
Website	www.powerdns.com

Last updated April 25, 2024

PowerDNS is a DNS server program, written in C++ and licensed under the GPL. It runs on most Unix derivatives. PowerDNS features a large number of different backends ranging from simple BIND style zonefiles to relational databases ^[4] and load balancing/failover algorithms. A DNS recursor is provided as a separate program.

History

PowerDNS development began in 1999 and was originally a commercial proprietary product. In November 2002, the source code was made public under the open-source GPL v2 license.^[5]^[6]

Features

PowerDNS Authoritative Server (pdns_server) consists of a single core, and multiple dynamically loadable backends that run multi-threaded. The core handles all packet processing and DNS intelligence, while one or more backends deliver DNS records using arbitrary storage methods.

Zone transfers and update notifications are supported, and the processes can run unprivileged and chrooted . Various caches are maintained to speed up query processing. Run-time control is available through the pdns_control command, which allows reloading of separate zones, cache purges, zone notifications and dumps statistics in Multi Router Traffic Grapher / rrdtool format. Realtime information can also be obtained through the optional built-in web server.

There are many independent projects to create management interfaces for PowerDNS.

DNSSEC

The PowerDNS Authoritative Server supports DNSSEC as of version 3.0. While pre-signed zones can be served, it is also possible to perform online signing & key management. This has the upside of being relatively easy, but the downside that the cryptographic keying material is present on the servers itself (which is also true of any HTTPS server when not used with a HSM for example).

Recursor

PowerDNS Recursor (pdns_recursor^[7]) is a resolving DNS server, that runs as a separate process.

This part of PowerDNS uses a combination of native threads and user-space threads, through the use of Boost and the MTasker library,^[8] which is a simple cooperative multitasking library. It is also available as a standalone package.

It does not have to run a pdns_server process as a gatekeeper for pdns_recursor, if the goal is simply to provide caching/recursing/resolving nameservice as running pdns_recursor on its own is even more efficient than behind the authoritative component.

Support for DNSSEC validation was added to the pdns_recursor in version 4.0.

DNSdist

PowerDNS DNSdist (dnsdist^[9]) is a caching DNS proxy, with many features including:

Load Balancing of DNS Queries
DNS Encryption Support - DNS over HTTPS, DNS over TLS, both upstream and downstream (i.e. to clients and backends)
Lua Policy Engine - Extensive capabilities for creating rules for processing DNS packets, such as changing the response, re-routing a query or blocking traffic over a max QPS from a subnet.
Dynamic Rule Generation - Used to create Dynamic Blocks which are short-lived rules, automatically inserted based on configurable thresholds and the analysis of recently received traffic. Used to deal with DoS attacks

DNSdist is available as a standalone package, and can be deployed with PowerDNS Authoritative Server or Recursor, or any other third-party DNS server.

Related Research Articles

The Domain Name System (DNS) is a hierarchical and distributed naming system for computers, services, and other resources in the Internet or other Internet Protocol (IP) networks. It associates various information with domain names assigned to each of the associated entities. Most prominently, it translates readily memorized domain names to the numerical IP addresses needed for locating and identifying computer services and devices with the underlying network protocols. The Domain Name System has been an essential component of the functionality of the Internet since 1985.

The djbdns software package is a DNS implementation. It was created by Daniel J. Bernstein in response to his frustrations with repeated security holes in the widely used BIND DNS software. As a challenge, Bernstein offered a $1000 prize for the first person to find a security hole in djbdns, which was awarded in March 2009 to Matthew Dempsky.

A name server is a computer application that implements a network service for providing responses to queries against a directory service. It translates an often humanly meaningful, text-based identifier to a system-internal, often numeric identification or addressing component. This service is performed by the server in response to a service protocol request.

In computing, load balancing is the process of distributing a set of tasks over a set of resources, with the aim of making their overall processing more efficient. Load balancing can optimize the response time and avoid unevenly overloading some compute nodes while other compute nodes are left idle.

The DNS root zone is the top-level DNS zone in the hierarchical namespace of the Domain Name System (DNS) of the Internet.

The Domain Name System Security Extensions (DNSSEC) are a suite of extension specifications by the Internet Engineering Task Force (IETF) for securing data exchanged in the Domain Name System (DNS) in Internet Protocol (IP) networks. The protocol provides cryptographic authentication of data, authenticated denial of existence, and data integrity, but not availability or confidentiality.

Microsoft DNS is the name given to the implementation of domain name system services provided in Microsoft Windows operating systems.

DNS spoofing, also referred to as DNS cache poisoning, is a form of computer security hacking in which corrupt Domain Name System data is introduced into the DNS resolver's cache, causing the name server to return an incorrect result record, e.g. an IP address. This results in traffic being diverted to any computer that the attacker chooses.

pdnsd is a caching DNS proxy server created originally by Thomas Moestl and currently maintained by Paul Rombouts.

This article presents a comparison of the features, platform support, and packaging of many independent implementations of Domain Name System (DNS) name server software.

dnsmasq is free software providing Domain Name System (DNS) caching, a Dynamic Host Configuration Protocol (DHCP) server, router advertisement and network boot features, intended for small computer networks.

DNS management software is computer software that controls Domain Name System (DNS) server clusters. DNS data is typically deployed on multiple physical servers. The main purposes of DNS management software are:

mysqlBind/unxsBind is a DNS management software system. It supports Internet Systems Consortium BIND Domain Name System (DNS) and is distributed as open source software under the GNU General Public License.

Fast flux is a domain name system (DNS) based evasion technique used by cyber criminals to hide phishing and malware delivery websites behind an ever-changing network of compromised hosts acting as reverse proxies to the backend botnet master—a bulletproof autonomous system. It can also refer to the combination of peer-to-peer networking, distributed command and control, web-based load balancing and proxy redirection used to make malware networks more resistant to discovery and counter-measures.

Blackhole DNS servers are Domain Name System (DNS) servers that return a "nonexistent address" answer to reverse DNS lookups for addresses reserved for private use.

Unbound is a validating, recursive, and caching DNS resolver product from NLnet Labs. It is distributed free of charge in open-source form under the BSD license.

In computer networking, split-horizon DNS is the facility of a Domain Name System (DNS) implementation to provide different sets of DNS information, usually selected by the source address of the DNS request.

MaraDNS is an open-source Domain Name System (DNS) implementation, which acts as either a caching, recursive, or authoritative nameserver.

<span class="mw-page-title-main">Knot DNS</span>

Knot DNS is an open-source authoritative-only server for the Domain Name System. It was created from scratch and is actively developed by CZ.NIC, the .CZ domain registry. The purpose of this project is to supply an alternative open-source implementation of an authoritative DNS server suitable for TLD operators to increase overall security, stability and resiliency of the Domain Name System. It is implemented as a multi-threaded daemon, using a number of programming techniques and data structures to make the server very fast, notably Read-copy-update or a special kind of a radix tree.

References

↑ "Changelogs for Authoritative Server 4.9.x" . Retrieved 15 March 2024.
↑ "Changelogs for Recursor 5.0.x". 2024-04-24. Retrieved 2024-04-24.
↑ "Changelogs for DNSdist 1.9.3". 2024-04-05. Retrieved 2024-04-05.
↑ Jeannerot, Christophe (21 October 2016). "POWERDNS[sic]". Azylis dot net (in French). Archived from the original on 27 July 2019. Retrieved 27 July 2019. Nous allons utiliser POWERDNS avec un stockage des tables DNS dans une base de données MARIADB.
↑ Mens, Jan-Piet (2008). Alternative DNS Servers: Choice and Deployment, and Optional SQL/LDAP Back-Ends (Paperback). UIT Cambridge Ltd. p. 114. ISBN 978-0-9544529-9-5.
↑ "About". PowerDNS. PowerDNS.COM BV. n.d. Retrieved 24 January 2019. PowerDNS was launched in 1999"; "Originally closed source"; "In 2002, all PowerDNS software was released as open source
↑ "PowerDNS Recursor". Doc.powerdns.com. Retrieved 2014-05-11.
↑ MTasker
↑ "PowerDNS DNSdist". dnsdist.org. Retrieved 2023-05-11.

External links

Official website
pdns on GitHub

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] "Changelogs for Authoritative Server 4.9.x" . Retrieved 15 March 2024.

[2] "Changelogs for Recursor 5.0.x". 2024-04-24. Retrieved 2024-04-24.

[3] "Changelogs for DNSdist 1.9.3". 2024-04-05. Retrieved 2024-04-05.

[Jeannerot,_Azylis_Net,_2016-4] Jeannerot, Christophe (21 October 2016). "POWERDNS[sic]". Azylis dot net (in French). Archived from the original on 27 July 2019. Retrieved 27 July 2019. Nous allons utiliser POWERDNS avec un stockage des tables DNS dans une base de données MARIADB.

[5] Mens, Jan-Piet (2008). Alternative DNS Servers: Choice and Deployment, and Optional SQL/LDAP Back-Ends (Paperback). UIT Cambridge Ltd. p. 114. ISBN 978-0-9544529-9-5.

[6] "About". PowerDNS. PowerDNS.COM BV. n.d. Retrieved 24 January 2019. PowerDNS was launched in 1999"; "Originally closed source"; "In 2002, all PowerDNS software was released as open source

[7] "PowerDNS Recursor". Doc.powerdns.com. Retrieved 2014-05-11.

[8] MTasker

[9] "PowerDNS DNSdist". dnsdist.org. Retrieved 2023-05-11.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]