PowerDNS

Last updated
PowerDNS Server
Original author(s) PowerDNS.com B.V.
Developer(s) PowerDNS Community, Bert Hubert
Stable release
4.9.3 / December 17, 2024 (2024-12-17) [1]
Repository
Written in C++
Operating system Unix-like
Type DNS server
License GNU General Public License v2
Website www.powerdns.com   OOjs UI icon edit-ltr-progressive.svg
PowerDNS Recursor
Original author(s) PowerDNS.com B.V.
Developer(s) PowerDNS Community, Bert Hubert
Stable release
5.1.3 / November 5, 2024 (2024-11-05) [2]
Repository
Written in C++
Operating system Unix-like
Type DNS server
License GNU General Public License v2
Website www.powerdns.com   OOjs UI icon edit-ltr-progressive.svg
PowerDNS DNSdist
Original author(s) PowerDNS.com B.V.
Developer(s) PowerDNS Community, Bert Hubert
Stable release
1.9.8 / December 17, 2024 (2024-12-17) [3]
Repository
Written in C++
Operating system Unix-like
Type DNS server
License GNU General Public License v2
Website www.powerdns.com   OOjs UI icon edit-ltr-progressive.svg

PowerDNS is a DNS server program, written in C++ and licensed under the GPL. It runs on most Unix derivatives. PowerDNS features a large number of different backends ranging from simple BIND style zonefiles to relational databases [4] and load balancing/failover algorithms. A DNS recursor is provided as a separate program.

Contents

History

PowerDNS development began in 1999 and was originally a commercial proprietary product. In November 2002, the source code was made public under the open-source GPL v2 license. [5] [6]

Features

PowerDNS Authoritative Server (pdns_server) consists of a general purpose authoritative server, and multiple dynamically loadable backends that both run multi-threaded. The core handles all packet processing and DNS intelligence, while one or more backends deliver DNS records using arbitrary storage methods.

Zone transfers and update notifications are supported, and the processes can run unprivileged and chrooted . Various caches are maintained to speed up query processing. Run-time control is available through the pdns_control command, which allows reloading of separate zones, cache purges, zone notifications and dumps statistics in Multi Router Traffic Grapher / rrdtool format. Realtime information can also be obtained through the optional built-in web server.

There are many independent projects to create management interfaces for PowerDNS.

DNSSEC

The PowerDNS Authoritative Server supports DNSSEC as of version 3.0. While pre-signed zones can be served, it is also possible to perform online signing & key management. This has the upside of being relatively easy, but the downside that the cryptographic keying material is present on the servers itself (which is also true of any HTTPS server when not used with a HSM for example).

Recursor

PowerDNS Recursor (pdns_recursor [7] ) is a resolving DNS server, that runs as a separate process.

This part of PowerDNS uses a combination of native threads and user-space threads, through the use of Boost and the MTasker library, [8] which is a simple cooperative multitasking library. It is also available as a standalone package.

It does not have to run a pdns_server process as a gatekeeper for pdns_recursor, if the goal is simply to provide caching/recursing/resolving nameservice as running pdns_recursor on its own is even more efficient than behind the authoritative component.

Support for DNSSEC validation was added to the pdns_recursor in version 4.0.

DNSdist

PowerDNS DNSdist (dnsdist [9] ) is a caching DNS proxy, with many features including:

DNSdist is available as a standalone package, and can be deployed with PowerDNS Authoritative Server or Recursor, or any other third-party DNS server.

See also

Related Research Articles

The Domain Name System (DNS) is a hierarchical and distributed name service that provides a naming system for computers, services, and other resources on the Internet or other Internet Protocol (IP) networks. It associates various information with domain names assigned to each of the associated entities. Most prominently, it translates readily memorized domain names to the numerical IP addresses needed for locating and identifying computer services and devices with the underlying network protocols. The Domain Name System has been an essential component of the functionality of the Internet since 1985.

The djbdns software package is a DNS implementation. It was created by Daniel J. Bernstein in response to his frustrations with repeated security holes in the widely used BIND DNS software. As a challenge, Bernstein offered a $1000 prize for the first person to find a security hole in djbdns, which was awarded in March 2009 to Matthew Dempsky.

A name server is a computer application that implements a network service for providing responses to queries against a directory service. It translates an often humanly meaningful, text-based identifier to a system-internal, often numeric identification or addressing component. This service is performed by the server in response to a service protocol request.

<span class="mw-page-title-main">Load balancing (computing)</span> Set of techniques to improve the distribution of workloads across multiple computing resources

In computing, load balancing is the process of distributing a set of tasks over a set of resources, with the aim of making their overall processing more efficient. Load balancing can optimize response time and avoid unevenly overloading some compute nodes while other compute nodes are left idle.

The DNS root zone is the top-level DNS zone in the hierarchical namespace of the Domain Name System (DNS) of the Internet.

The Domain Name System Security Extensions (DNSSEC) is a suite of extension specifications by the Internet Engineering Task Force (IETF) for securing data exchanged in the Domain Name System (DNS) in Internet Protocol (IP) networks. The protocol provides cryptographic authentication of data, authenticated denial of existence, and data integrity, but not availability or confidentiality.

Microsoft DNS is the name given to the implementation of domain name system services provided in Microsoft Windows operating systems.

DNS spoofing, also referred to as DNS cache poisoning, is a form of computer security hacking in which corrupt Domain Name System data is introduced into the DNS resolver's cache, causing the name server to return an incorrect result record, e.g. an IP address. This results in traffic being diverted to any computer that the attacker chooses.

pdnsd is a caching DNS proxy server created originally by Thomas Moestl and currently maintained by Paul Rombouts.

This article presents a comparison of the features, platform support, and packaging of many independent implementations of Domain Name System (DNS) name server software.

dnsmasq Lightweight DNS and DHCP server software

dnsmasq is free software providing Domain Name System (DNS) caching, a Dynamic Host Configuration Protocol (DHCP) server, router advertisement and network boot features, intended for small computer networks.

Varnish is a reverse caching proxy used as HTTP accelerator for content-heavy dynamic web sites as well as APIs. In contrast to other web accelerators, such as Squid, which began life as a client-side cache, or Apache and nginx, which are primarily origin servers, Varnish was designed as an HTTP accelerator. Varnish is focused exclusively on HTTP, unlike other proxy servers that often support FTP, SMTP, and other network protocols.

DNS management software is computer software that controls Domain Name System (DNS) server clusters. DNS data is typically deployed on multiple physical servers. The main purposes of DNS management software are:

mysqlBind/unxsBind is a DNS management software system. It supports Internet Systems Consortium BIND Domain Name System (DNS) and is distributed as open source software under the GNU General Public License.

<span class="mw-page-title-main">Fast flux</span> DNS evasion technique against origin server fingerprinting.

Fast flux is a domain name system (DNS) based evasion technique used by cyber criminals to hide phishing and malware delivery websites behind an ever-changing network of compromised hosts acting as reverse proxies to the backend botnet master—a bulletproof autonomous system. It can also refer to the combination of peer-to-peer networking, distributed command and control, web-based load balancing and proxy redirection used to make malware networks more resistant to discovery and counter-measures.

Unbound is a validating, recursive, and caching DNS resolver product from NLnet Labs. It is distributed free of charge in open-source form under the BSD license.

In computer networking, split-horizon DNS is the facility of a Domain Name System (DNS) implementation to provide different sets of DNS information, usually selected by the source address of the DNS request.

MaraDNS is an open-source Domain Name System (DNS) implementation, which acts as either a caching, recursive, or authoritative nameserver.

<span class="mw-page-title-main">Knot DNS</span>

Knot DNS is an open-source authoritative-only server for the Domain Name System. It was created from scratch and is actively developed by CZ.NIC, the .CZ domain registry. The purpose of this project is to supply an alternative open-source implementation of an authoritative DNS server suitable for TLD operators to increase overall security, stability and resiliency of the Domain Name System. It is implemented as a multi-threaded daemon, using a number of programming techniques and data structures to make the server very fast, notably Read-copy-update or a special kind of a radix tree.

References

  1. "Changelogs for Authoritative Server 4.9.x" . Retrieved 17 December 2024.
  2. "Changelogs for Recursor 5.1.x". 2024-11-05. Retrieved 2024-11-05.
  3. "Changelogs for DNSdist 1.9.8". 2024-12-17. Retrieved 2024-12-17.
  4. Jeannerot, Christophe (21 October 2016). "POWERDNS[sic]". Azylis dot net (in French). Archived from the original on 27 July 2019. Retrieved 27 July 2019. Nous allons utiliser POWERDNS avec un stockage des tables DNS dans une base de données MARIADB.
  5. Mens, Jan-Piet (2008). Alternative DNS Servers: Choice and Deployment, and Optional SQL/LDAP Back-Ends (Paperback). UIT Cambridge Ltd. p. 114. ISBN   978-0-9544529-9-5.
  6. "About". PowerDNS. PowerDNS.COM BV. n.d. Retrieved 24 January 2019. PowerDNS was launched in 1999"; "Originally closed source"; "In 2002, all PowerDNS software was released as open source
  7. "PowerDNS Recursor". Doc.powerdns.com. Retrieved 2014-05-11.
  8. MTasker
  9. "PowerDNS DNSdist". dnsdist.org. Retrieved 2023-05-11.