Generic MySQL and PostgreSQL backends

Native Yes
Master Yes
Slave Yes
Superslave Yes
Autoserial Yes (v3.1 and up)
Case All lower
DNSSEC Yes (set gmysql-dnssec or gpgsql-dnssec)
Disabled data Yes (v3.4.0 and up)
Comments Yes (v3.4.0 and up)
Module name < 2.9.3 pgmysql
Module name > 2.9.2 gmysql and gpgsql
Launch name gmysql and gpgsql2 and gpgsql

PostgreSQL and MySQL backend with easily configurable SQL statements, allowing you to graft PowerDNS on any PostgreSQL or MySQL database of your choosing. Because all database schemas will be different, a generic backend is needed to cover all needs.

Warning: Host names and the MNAME of a SOA records are NEVER terminated with a '.' in PowerDNS storage! If a trailing '.' is present it will inevitably cause problems, problems that may be hard to debug.

The template queries are expanded using the C function 'snprintf' which implies that substitutions are performed on the basis of %-place holders. To place a % in a query which will not be substituted, use %%. Make sure to fill out the search key, often called 'name' in lower case!

There are in fact two backends, one for PostgreSQL and one for MySQL but they accept the same settings and use almost exactly the same database schema.

MySQL specifics

Warning: If using MySQL with 'slave' support enabled in PowerDNS you must run MySQL with a table engine that supports transactions.

In practice, great results are achieved with the 'InnoDB' tables. PowerDNS will silently function with non-transaction aware MySQLs but at one point this is going to harm your database, for example when an incoming zone transfer fails.

Warning: For MySQL 5.1.11 and earlier, and for MySQL 5.1.29 and later the default binary logging format is STATEMENT which is nondeterministic and can cause differences in data between master and slave. See "5.2.4.2, Setting The Binary Log Format" for more information.

The default setup conforms to the following schema:

CREATE TABLE domains (
  id                    INT AUTO_INCREMENT,
  name                  VARCHAR(255) NOT NULL,
  master                VARCHAR(128) DEFAULT NULL,
  last_check            INT DEFAULT NULL,
  type                  VARCHAR(6) NOT NULL,
  notified_serial       INT DEFAULT NULL,
  account               VARCHAR(40) DEFAULT NULL,
  PRIMARY KEY (id)
) Engine=InnoDB;

CREATE UNIQUE INDEX name_index ON domains(name);


CREATE TABLE records (
  id                    INT AUTO_INCREMENT,
  domain_id             INT DEFAULT NULL,
  name                  VARCHAR(255) DEFAULT NULL,
  type                  VARCHAR(10) DEFAULT NULL,
  content               VARCHAR(64000) DEFAULT NULL,
  ttl                   INT DEFAULT NULL,
  prio                  INT DEFAULT NULL,
  change_date           INT DEFAULT NULL,
  disabled              TINYINT(1) DEFAULT 0,
  ordername             VARCHAR(255) BINARY DEFAULT NULL,
  auth                  TINYINT(1) DEFAULT 1,
  PRIMARY KEY (id)
) Engine=InnoDB;

CREATE INDEX nametype_index ON records(name,type);
CREATE INDEX domain_id ON records(domain_id);
CREATE INDEX recordorder ON records (domain_id, ordername);


CREATE TABLE supermasters (
  ip                    VARCHAR(64) NOT NULL,
  nameserver            VARCHAR(255) NOT NULL,
  account               VARCHAR(40) NOT NULL,
  PRIMARY KEY (ip, nameserver)
) Engine=InnoDB;


CREATE TABLE comments (
  id                    INT AUTO_INCREMENT,
  domain_id             INT NOT NULL,
  name                  VARCHAR(255) NOT NULL,
  type                  VARCHAR(10) NOT NULL,
  modified_at           INT NOT NULL,
  account               VARCHAR(40) NOT NULL,
  comment               VARCHAR(64000) NOT NULL,
  PRIMARY KEY (id)
) Engine=InnoDB;

CREATE INDEX comments_domain_id_idx ON comments (domain_id);
CREATE INDEX comments_name_type_idx ON comments (name, type);
CREATE INDEX comments_order_idx ON comments (domain_id, modified_at);


CREATE TABLE domainmetadata (
  id                    INT AUTO_INCREMENT,
  domain_id             INT NOT NULL,
  kind                  VARCHAR(32),
  content               TEXT,
  PRIMARY KEY (id)
) Engine=InnoDB;

CREATE INDEX domainmetadata_idx ON domainmetadata (domain_id, kind);


CREATE TABLE cryptokeys (
  id                    INT AUTO_INCREMENT,
  domain_id             INT NOT NULL,
  flags                 INT NOT NULL,
  active                BOOL,
  content               TEXT,
  PRIMARY KEY(id)
) Engine=InnoDB;

CREATE INDEX domainidindex ON cryptokeys(domain_id);


CREATE TABLE tsigkeys (
  id                    INT AUTO_INCREMENT,
  name                  VARCHAR(255),
  algorithm             VARCHAR(50),
  secret                VARCHAR(255),
  PRIMARY KEY (id)
) Engine=InnoDB;

CREATE UNIQUE INDEX namealgoindex ON tsigkeys(name, algorithm);

zone2sql with the --gmysql flag also assumes this layout is in place.

For full migration notes, please see Migration.

This schema contains all elements needed for master, slave and superslave operation.

When using the InnoDB storage engine, we suggest adding the following lines to the 'create table records' command above:

CONSTRAINT `records_ibfk_1` FOREIGN KEY (`domain_id`) REFERENCES `domains`
(`id`) ON DELETE CASCADE

Or, if you have already created the tables, execute:

ALTER TABLE `records` ADD CONSTRAINT `records_ibfk_1` FOREIGN KEY (`domain_id`)
REFERENCES `domains` (`id`) ON DELETE CASCADE;

This automates deletion of records on deletion of a domain from the domains table.

PostgreSQL specifics

The default setup conforms to the following schema, which you should add to a PostgreSQL database.

CREATE TABLE domains (
  id                    SERIAL PRIMARY KEY,
  name                  VARCHAR(255) NOT NULL,
  master                VARCHAR(128) DEFAULT NULL,
  last_check            INT DEFAULT NULL,
  type                  VARCHAR(6) NOT NULL,
  notified_serial       INT DEFAULT NULL,
  account               VARCHAR(40) DEFAULT NULL,
  CONSTRAINT c_lowercase_name CHECK (((name)::TEXT = LOWER((name)::TEXT)))
);

CREATE UNIQUE INDEX name_index ON domains(name);


CREATE TABLE records (
  id                    SERIAL PRIMARY KEY,
  domain_id             INT DEFAULT NULL,
  name                  VARCHAR(255) DEFAULT NULL,
  type                  VARCHAR(10) DEFAULT NULL,
  content               VARCHAR(65535) DEFAULT NULL,
  ttl                   INT DEFAULT NULL,
  prio                  INT DEFAULT NULL,
  change_date           INT DEFAULT NULL,
  disabled              BOOL DEFAULT 'f',
  ordername             VARCHAR(255),
  auth                  BOOL DEFAULT 't',
  CONSTRAINT domain_exists
  FOREIGN KEY(domain_id) REFERENCES domains(id)
  ON DELETE CASCADE,
  CONSTRAINT c_lowercase_name CHECK (((name)::TEXT = LOWER((name)::TEXT)))
);

CREATE INDEX rec_name_index ON records(name);
CREATE INDEX nametype_index ON records(name,type);
CREATE INDEX domain_id ON records(domain_id);
CREATE INDEX recordorder ON records (domain_id, ordername text_pattern_ops);


CREATE TABLE supermasters (
  ip                    INET NOT NULL,
  nameserver            VARCHAR(255) NOT NULL,
  account               VARCHAR(40) NOT NULL,
  PRIMARY KEY(ip, nameserver)
);


CREATE TABLE comments (
  id                    SERIAL PRIMARY KEY,
  domain_id             INT NOT NULL,
  name                  VARCHAR(255) NOT NULL,
  type                  VARCHAR(10) NOT NULL,
  modified_at           INT NOT NULL,
  account               VARCHAR(40) DEFAULT NULL,
  comment               VARCHAR(65535) NOT NULL,
  CONSTRAINT domain_exists
  FOREIGN KEY(domain_id) REFERENCES domains(id)
  ON DELETE CASCADE,
  CONSTRAINT c_lowercase_name CHECK (((name)::TEXT = LOWER((name)::TEXT)))
);

CREATE INDEX comments_domain_id_idx ON comments (domain_id);
CREATE INDEX comments_name_type_idx ON comments (name, type);
CREATE INDEX comments_order_idx ON comments (domain_id, modified_at);


CREATE TABLE domainmetadata (
  id                    SERIAL PRIMARY KEY,
  domain_id             INT REFERENCES domains(id) ON DELETE CASCADE,
  kind                  VARCHAR(32),
  content               TEXT
);

CREATE INDEX domainidmetaindex ON domainmetadata(domain_id);


CREATE TABLE cryptokeys (
  id                    SERIAL PRIMARY KEY,
  domain_id             INT REFERENCES domains(id) ON DELETE CASCADE,
  flags                 INT NOT NULL,
  active                BOOL,
  content               TEXT
);

CREATE INDEX domainidindex ON cryptokeys(domain_id);


CREATE TABLE tsigkeys (
  id                    SERIAL PRIMARY KEY,
  name                  VARCHAR(255),
  algorithm             VARCHAR(50),
  secret                VARCHAR(255),
  CONSTRAINT c_lowercase_name CHECK (((name)::TEXT = LOWER((name)::TEXT)))
);

CREATE UNIQUE INDEX namealgoindex ON tsigkeys(name, algorithm);

zone2sql with the --gpgsql flag also assumes this layout is in place.

This schema contains all elements needed for master, slave and superslave operation.

For full migration notes, please see Migration.

With PostgreSQL, you may have to run createdb powerdns first and then connect to that database with psql powerdns, and feed it the schema above.

Oracle specifics

Generic Oracle support is only available since version 2.9.18. The default setup conforms to the following schema, which you should add to an Oracle database. You may need or want to add namespace statements.

CREATE TABLE domains (
  id                    SERIAL PRIMARY KEY,
  name                  VARCHAR(255) NOT NULL,
  master                VARCHAR(128) DEFAULT NULL,
  last_check            INT DEFAULT NULL,
  type                  VARCHAR(6) NOT NULL,
  notified_serial       INT DEFAULT NULL,
  account               VARCHAR(40) DEFAULT NULL,
  CONSTRAINT c_lowercase_name CHECK (((name)::TEXT = LOWER((name)::TEXT)))
);

CREATE UNIQUE INDEX name_index ON domains(name);


CREATE TABLE records (
  id                    SERIAL PRIMARY KEY,
  domain_id             INT DEFAULT NULL,
  name                  VARCHAR(255) DEFAULT NULL,
  type                  VARCHAR(10) DEFAULT NULL,
  content               VARCHAR(65535) DEFAULT NULL,
  ttl                   INT DEFAULT NULL,
  prio                  INT DEFAULT NULL,
  change_date           INT DEFAULT NULL,
  disabled              BOOL DEFAULT 'f',
  ordername             VARCHAR(255),
  auth                  BOOL DEFAULT 't',
  CONSTRAINT domain_exists
  FOREIGN KEY(domain_id) REFERENCES domains(id)
  ON DELETE CASCADE,
  CONSTRAINT c_lowercase_name CHECK (((name)::TEXT = LOWER((name)::TEXT)))
);

CREATE INDEX rec_name_index ON records(name);
CREATE INDEX nametype_index ON records(name,type);
CREATE INDEX domain_id ON records(domain_id);
CREATE INDEX recordorder ON records (domain_id, ordername text_pattern_ops);


CREATE TABLE supermasters (
  ip                    INET NOT NULL,
  nameserver            VARCHAR(255) NOT NULL,
  account               VARCHAR(40) NOT NULL,
  PRIMARY KEY(ip, nameserver)
);


CREATE TABLE comments (
  id                    SERIAL PRIMARY KEY,
  domain_id             INT NOT NULL,
  name                  VARCHAR(255) NOT NULL,
  type                  VARCHAR(10) NOT NULL,
  modified_at           INT NOT NULL,
  account               VARCHAR(40) DEFAULT NULL,
  comment               VARCHAR(65535) NOT NULL,
  CONSTRAINT domain_exists
  FOREIGN KEY(domain_id) REFERENCES domains(id)
  ON DELETE CASCADE,
  CONSTRAINT c_lowercase_name CHECK (((name)::TEXT = LOWER((name)::TEXT)))
);

CREATE INDEX comments_domain_id_idx ON comments (domain_id);
CREATE INDEX comments_name_type_idx ON comments (name, type);
CREATE INDEX comments_order_idx ON comments (domain_id, modified_at);


CREATE TABLE domainmetadata (
  id                    SERIAL PRIMARY KEY,
  domain_id             INT REFERENCES domains(id) ON DELETE CASCADE,
  kind                  VARCHAR(32),
  content               TEXT
);

CREATE INDEX domainidmetaindex ON domainmetadata(domain_id);


CREATE TABLE cryptokeys (
  id                    SERIAL PRIMARY KEY,
  domain_id             INT REFERENCES domains(id) ON DELETE CASCADE,
  flags                 INT NOT NULL,
  active                BOOL,
  content               TEXT
);

CREATE INDEX domainidindex ON cryptokeys(domain_id);


CREATE TABLE tsigkeys (
  id                    SERIAL PRIMARY KEY,
  name                  VARCHAR(255),
  algorithm             VARCHAR(50),
  secret                VARCHAR(255),
  CONSTRAINT c_lowercase_name CHECK (((name)::TEXT = LOWER((name)::TEXT)))
);

CREATE UNIQUE INDEX namealgoindex ON tsigkeys(name, algorithm);

This schema contains all elements needed for master, slave and superslave operation.

Inserting records is a bit different compared to MySQL and PostgreSQL, you should use:

INSERT INTO domains (id,name,type) VALUES (domains_id_sequence.nextval, 'example.net', 'NATIVE');

Furthermore, use the goracle-tnsname setting to specify which TNSNAME the Generic Oracle Backend should be connecting to. There are no goracle-dbname, goracle-host or goracle-port settings, their equivalent is in /etc/tnsnames.ora.

Basic functionality

4 queries are needed for regular lookups and 1 is needed for zone transfers.

The 4+4 regular queries must return the following 6 fields, in this exact order:

Please note that the names of the fields are not relevant, but the order is!

As said earlier, there are 8 SQL queries for regular lookups. To configure them, set gmysql-basic-query or gpgsql-basic-query, depending on your choice of backend.

Queries and settings

Regular Queries

basic-query

Default: select content,ttl,prio,type,domain_id,disabled,name,auth from records where type='%s' and name='%s' This is the most used query, needed for doing 1:1 lookups of qtype/name values. First %s is replaced by the ASCII representation of the qtype of the question, the second by the name.

id-query

Default: select content,ttl,prio,type,domain_id,disabled,name,auth from records where type='%s' and name='%s' and domain_id=%d Used for doing lookups within a domain. First %s is replaced by the qtype, the %d which should appear after the %s by the numeric domain_id.

any-query

For doing ANY queries. Also used internally. Default: select content,ttl,prio,type,domain_id,disabled,name,auth from records where name='%s' The %s is replaced by the qname of the question.

any-id-query

For doing ANY queries within a domain. Also used internally. Default: select content,ttl,prio,type,domain_id,disabled,name,auth from records where name='%s' and domain_id=%d The %s is replaced by the name of the domain, the %d by the numerical domain id.

The last query is for listing the entire contents of a zone. This is needed when performing a zone transfer, but sometimes also internally:

list-query

To list an entire zone. Default: select content,ttl,prio,type,domain_id,disabled,name,auth from records where (disabled=0 OR %d) AND domain_id=%d The first %d is replaced by the "include disabled" flag (default 0), the second %d is replaced by the domain_id.

DNSSEC queries

If DNSSEC is enabled (through the -dnssec flag on a gsql backend), many queries are replaced by slightly extended variants that also query the auth column. The auth column is always added as the rightmost column. These are the -auth defaults:

basic-query-auth

Basic query. Default: select content,ttl,prio,type,domain_id,name, auth from records where type='%s' and name='%s'

id-query-auth

Basic with ID query. Default: select content,ttl,prio,type,domain_id,name, auth from records where type='%s' and name='%s' and domain_id=%d

wildcard-query-auth

Wildcard query. Default: select content,ttl,prio,type,domain_id,name, auth from records where type='%s' and name like '%s'

wildcard-id-query-auth

Wildcard with ID query. Default: select content,ttl,prio,type,domain_id,name, auth from records where type='%s' and name like '%s' and domain_id='%d'

any-query-auth

Any query. Default: select content,ttl,prio,type,domain_id,name, auth from records where name='%s'

any-id-query-auth

Any with ID query. Default: select content,ttl,prio,type,domain_id,name, auth from records where name='%s' and domain_id=%d

wildcard-any-query-auth

Wildcard ANY query. Default: select content,ttl,prio,type,domain_id,name, auth from records where name like '%s'

wildcard-any-id-query-auth

Wildcard ANY with ID query. Default: select content,ttl,prio,type,domain_id,name, auth from records where name like '%s' and domain_id='%d'

list-query-auth

AXFR query. Default: select content,ttl,prio,type,domain_id,name, auth from records where domain_id='%d' order by name, type

Additionally, there are some new queries to determine NSEC(3) order:

get-order-first-query

DNSSEC Ordering Query, first. Default: select ordername, name from records where domain_id=%d and ordername is not null order by 1 asc limit 1

get-order-before-query

DNSSEC Ordering Query, before. Default: select ordername, name from records where ordername &lt;= '%s' and domain_id=%d and ordername is not null order by 1 desc limit 1

get-order-after-query

DNSSEC Ordering Query, after. Default: select min(ordername) from records where ordername &gt; '%s' and domain_id=%d and ordername is not null

get-order-last-query

DNSSEC Ordering Query, last. Default: select ordername, name from records where ordername != '' and domain_id=%d and ordername is not null order by 1 desc limit 1

Finally, these two queries are used to set ordername and auth correctly in a database:

set-order-and-auth-query

DNSSEC set ordering query. Default: update records set ordername='%s',auth=%d where name='%s' and domain_id='%d'

nullify-ordername-and-auth-query

DNSSEC nullify ordername query. Default: update records set ordername=NULL,auth=0 where name='%s' and type='%s' and domain_id='%d'

Make sure to read Rules for filling out fields in database backends if you wish to calculate ordername and auth without using pdns-rectify.

Master/slave queries

Most installations will have zero need to change the following settings, but should the need arise, here they are:

master-zone-query

Called to determine the master of a zone. Default: select master from domains where name='%s' and type='SLAVE'

info-zone-query

Called to retrieve (nearly) all information for a domain: Default: select id,name,master,last_check,notified_serial,type from domains where name='%s'

info-all-slaves-query

Called to retrieve all slave domains Default: select id,name,master,last_check,type from domains where type='SLAVE'

supermaster-query

Called to determine if a certain host is a supermaster for a certain domain name. Default: select account from supermasters where ip='%s' and nameserver='%s';

insert-slave-query

Called to add a domain as slave after a supermaster notification. Default: insert into domains (type,name,master,account) values('SLAVE','%s','%s','%s')

insert-record-query

Called during incoming AXFR. Default: insert into records (content,ttl,prio,type,domain_id,name) values ('%s',%d,%d,'%s',%d,'%s')

update-serial-query

Called to update the last notified serial of a master domain. Default: update domains set notified_serial=%d where id=%d

update-lastcheck-query

Called to update the last time a slave domain was successfully checked for freshness. Default: update domains set last_check=%d where id=%d

info-all-master-query

Called to get data on all domains for which the server is master. Default: select id,name,master,last_check,notified_serial,type from domains where type='MASTER'

delete-zone-query

Called to delete all records of a zone. Used before an incoming AXFR. Default: delete from records where domain_id=%d

Comment queries

For listing/modifying comments. For defaults, please see pdns_server --load=BACKEND --config.

list-comments-query

Called to get all comments in a zone. Returns fields: domain_id, name, type, modified_at, account, comment.

insert-comment-query

Called to create a single comment for a specific RRSet. Given fields: domain_id, name, type, modified_at, account, comment

delete-comment-rrset-query

Called to delete all comments for a specific RRset. Given fields: domain_id, name, type

delete-comments-query

Called to delete all comments for a zone. Usually called before deleting the entire zone. Given fields: domain_id

wildcard-query

Can be left blank. See above for an explanation. Default: select content,ttl,prio,type,domain_id,name from records where type='%s' and name like '%s'

wildcard-id-query

Can be left blank. See above for an explanation. Default: select content,ttl,prio,type,domain_id,name from records where type='%s' and name like '%s' and domain_id=%d Used for doing lookups within a domain.

wildcard-any-query

For doing wildcard ANY queries. Default: select content,ttl,prio,type,domain_id,name from records where name like '%s'

wildcard-any-id-query

For doing wildcard ANY queries within a domain. Default: select content,ttl,prio,type,domain_id,name from records where name like '%s' and domain_id=%d

Settings and specifying queries

The queries above are specified in pdns.conf. For example, the basic-query would appear as:

gpgsql-basic-query=select content,ttl,prio,type,domain_id,disabled,name,auth from records where type='%s' and name='%s'

When using the Generic PostgreSQL backend, they appear as above. When using the generic MySQL backend, change the "gpgsql-" prefix to "gmysql-".

Queries can span multiple lines, like this:

gpgsql-basic-query=select content,ttl,prio,type,domain_id,name from records \
where type='%s' and name='%s'

Do not wrap statements in quotes as this will not work. Besides the query related settings, the following configuration options are available, where one should substitute gmysql, gpgsql, or goracle for the prefix backend. So backend-dbname can stand for gpgsql-dbname or gmysql-dbname etc.

backend-dbname

Database name to connect to

backend-host

Database host to connect to. WARNING: When specified as a hostname a chicken/egg situation might arise where the database is needed to resolve the IP address of the database. It is best to supply an IP address of the database here.

Only for PostgreSQL: If host begins with a slash, it specifies Unix-domain communication rather than TCP/IP communication; the value is the name of the directory in which the socket file is stored.

backend-port

Database port to connect to.

gmysql-socket (only for MySQL!)

File name where the MySQL connection socket resides. Often /tmp/mysql.sock or /var/run/mysqld/mysqld.sock.

backend-password

Database password to connect with.

backend-user

Database user to connect as.

backend-group (MySQL only, since 3.2)

MySQL "group" to connect as, defaults to "client".

Native operation

To add a domain, issue the following:

INSERT INTO domains (name, type) VALUES ('powerdns.com', 'NATIVE');

The records table can now be filled by with the domain_id set to the id of the domains table row just inserted.

Slave operation

These backends are fully slave capable. To become a slave of the 'example.com' domain, execute this:

INSERT INTO domains (name, master, type) VALUES ('example.com', '198.51.100.6', 'SLAVE');

And wait a while for PowerDNS to pick up the addition - which happens within one minute. There is no need to inform PowerDNS that a new domain was added. Typical output is:

Apr 09 13:34:29 All slave domains are fresh
Apr 09 13:35:29 1 slave domain needs checking
Apr 09 13:35:29 Domain powerdns.com is stale, master serial 1, our serial 0
Apr 09 13:35:30 [gPgSQLBackend] Connected to database
Apr 09 13:35:30 AXFR started for 'powerdns.com'
Apr 09 13:35:30 AXFR done for 'powerdns.com'
Apr 09 13:35:30 [gPgSQLBackend] Closing connection

From now on, PowerDNS is authoritative for the 'powerdns.com' zone and will respond accordingly for queries within that zone.

Periodically, PowerDNS schedules checks to see if domains are still fresh. The default slave-cycle-interval is 60 seconds, large installations may need to raise this value. Once a domain has been checked, it will not be checked before its SOA refresh timer has expired. Domains whose status is unknown get checked every 60 seconds by default.

Superslave operation

To configure a supermaster with IP address 203.0.113.53 which lists this installation as 'autoslave.example.com', issue the following:

INSERT INTO supermasters VALUES ('203.0.113.53', 'autoslave.example.com', 'internal');

From now on, valid notifies from 203.0.113.53 that list a NS record containing 'autoslave.example.com' will lead to the provisioning of a slave domain under the account 'internal'. See Supermaster for details.

Master operation

The PostgreSQL backend is fully master capable with automatic discovery of serial changes. Raising the serial number of a domain suffices to trigger PowerDNS to send out notifications. To configure a domain for master operation instead of the default native replication, issue:

INSERT INTO domains (name, type) VALUES ('powerdns.com', 'MASTER');

Make sure that the assigned id in the domains table matches the domain_id field in the records table!

Disabled data

PowerDNS understands the notion of disabled records. They are marked by setting "disabled" to 1 (for PostgreSQL: true). By extension, when the SOA record for a domain is disabled, the entire domain is considered to be disabled.

Effects: the record (or domain, respectively) will not be visible to DNS clients. The REST API will still see the record (or domain). Even if a domain is disabled, slaving still works. Slaving considers a disabled domain to have a serial of 0; this implies that a slaved domain will not stay disabled.