* If provided by the responder (your script).
This backend provides Unix socket, Pipe, HTTP and ZeroMQ remoting for powerdns. You should think this as normal RPC thin client, which converts native C++ calls into JSON/RPC and passes them to you via connector.
There is a breaking change on v4.0 and later. Before version 4.0, the DNS names passed in queries were without trailing dot, after version 4.0 the DNS names are sent with trailing dot. F.ex. example.org is now sent as example.org.
In some (broken) network setups, the IP addresses provided in the
request (when this is an IPv6 address) may be suffixed with a % and
the name of the network interface (e.g. %eth1). Keep this in mind
when checking the IP addresses.
To compile this backend, you need to configure
--with-modules="remote".
For versions prior to 3.4.0, if you want to use http connector, you need
libcurl and use --enable-remotebackend-http.
If you want to use ZeroMQ connector, you need libzmq-dev or libzmq3-dev
and use --enable-remotebackend-zeromq.
The only configuration options for backend are remote-connection-string and remote-dnssec.
remote-connection-string=<type>:<param>=<value>,<param>=<value>...
You can pass as many parameters as you want. For unix and pipe connectors, these are passed along to the remote end as initialization. See API. Initialize is not called for http connector.
parameters: path, timeout (default 2000ms)
remote-connection-string=unix:path=/path/to/socket
parameters: command,timeout (default 2000ms)
remote-connection-string=pipe:command=/path/to/executable,timeout=2000
parameters: url, url-suffix, post, post_json, timeout (default 2000ms)
remote-connection-string=http:url=http://localhost:63636/dns,url-suffix=.php
HTTP connector tries to do RESTful requests to your server. See examples. You can also use post to change behaviour so that it will send POST request to url/method + url_suffix with parameters=json-formatted-parameters. If you use post and post_json, it will POST url with text/javascript containing JSON formatted RPC request, just like for pipe and unix. You can use ‘1’, ‘yes’, ‘on’ or ‘true’ to turn these features on.
URL should not end with /, and url-suffix is optional, but if you define it, it’s up to you to write the “.php” or “.json”. Lack of dot causes lack of dot in URL. Timeout is divided by 1000 because libcurl only supports seconds, but this is given in milliseconds for consistency with other connectors.
HTTPS is not supported, stunnel is the suggested workaround. HTTP Authentication is not supported.
parameters: endpoint, timeout (default 2000ms)
remote-connection-string=zeromq:endpoint=ipc:///tmp/tmp.sock
0MQ connector implements a REQ/REP RPC model. Please see http://zeromq.org/ for more information.
Unix, Pipe and ZeroMQ connectors send JSON formatted strings to the remote end. Each JSON query has two sections, ‘method’ and ‘parameters’.
HTTP connector calls methods based on URL and has parameters in the query string. Most calls are GET; see the methods listing for details. You can change this with post and post_json attributes.
You must always reply with JSON hash with at least one key, ‘result’. This must be boolean false if the query failed. Otherwise it must conform to the expected result. For HTTP connector, to signal bare success, you can just reply with HTTP 200 OK, and omit any output. This will result in same outcome as sending {“result”:true}.
You can optionally add an array of strings to the ‘log’ array; each line
in this array will be logged in PowerDNS at loglevel info (6).
| Always required: | |
|---|---|
initialize, lookup |
|
| Master operation: | |
list, getUpdatedMasters, setNotified |
|
| Slave operation: | |
getUnfreshSlaveInfos, startTransaction, commitTransaction, abortTransaction, feedRecord, setFresh |
|
| DNSSEC operation (live-signing): | |
getDomainKeys, getBeforeAndAfterNamesAbsolute |
|
| Filling the Zone Cache: | |
getAllDomains |
|
initialize¶Called to initialize the backend. This is not called for HTTP connector. You should do your initializations here.
Query:
{"method":"initialize", "parameters":{"command":"/path/to/something", "timeout":"2000", "something":"else"}}
Response:
{"result":true}
lookup¶This method is used to do the basic query. You can omit auth, but if you are using DNSSEC this can lead into trouble.
qtype,qname,content,ttl,domain_id,scopeMask,authQuery:
{"method":"lookup", "parameters":{"qtype":"ANY", "qname":"www.example.com.", "remote":"192.0.2.24", "local":"192.0.2.1", "real-remote":"192.0.2.24", "zone-id":-1}}
Response:
{"result":[{"qtype":"A", "qname":"www.example.com", "content":"203.0.113.2", "ttl": 60}]}
Query:
GET /dnsapi/lookup/www.example.com./ANY HTTP/1.1
X-RemoteBackend-remote: 192.0.2.24
X-RemoteBackend-local: 192.0.2.1
X-RemoteBackend-real-remote: 192.0.2.24
X-RemoteBackend-zone-id: -1
Response:
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
{"result":[{"qtype":"A", "qname":"www.example.com", "content":"203.0.113.2", "ttl": 60}]}
list¶Lists all records for the zonename. If you are running dnssec, you should take care of setting auth to appropriate value, otherwise things can go wrong.
qtype,qname,content,ttl,domain_id,scopeMask,authQuery:
{"method":"list", "parameters":{"zonename":"example.com.","domain_id":-1}}
Response (split into lines for ease of reading)
{"result":[
{"qtype":"SOA", "qname":"example.com", "content":"dns1.icann.org. hostmaster.icann.org. 2012081600 7200 3600 1209600 3600", "ttl": 3600},
{"qtype":"NS", "qname":"example.com", "content":"ns1.example.com", "ttl": 60},
{"qtype":"MX", "qname":"example.com", "content":"10 mx1.example.com.", "ttl": 60},
{"qtype":"A", "qname":"www.example.com", "content":"203.0.113.2", "ttl": 60},
{"qtype":"A", "qname":"ns1.example.com", "content":"192.0.2.2", "ttl": 60},
{"qtype":"A", "qname":"mx1.example.com", "content":"192.0.2.3", "ttl": 60}
]}
Query:
GET /dnsapi/list/-1/example.com HTTP/1.1
X-RemoteBackend-domain-id: -1
Response:
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
{"result":[{"qtype":"SOA", "qname":"example.com", "content":"dns1.icann.org. hostmaster.icann.org. 2012081600 7200 3600 1209600 3600", "ttl": 3600},{"qtype":"NS", "qname":"example.com", "content":"ns1.example.com", "ttl": 60},{"qtype":"MX", "qname":"example.com", "content":"10 mx1.example.com.", "ttl": 60},{"qtype":"A", "qname":"www.example.com", "content":"203.0.113.2", "ttl": 60},{"qtype":"A", "qname":"ns1.example.com", "content":"192.0.2.2", "ttl": 60},{"qtype":"A", "qname":"mx1.example.com", "content":"192.0.2.3", "ttl": 60}]}
getBeforeAndAfterNamesAbsolute¶Asks the names before and after qname. qname is given without domain part.
Care must be taken to handle wrap-around when qname is first or last in the ordered list.
Do not return nil or an empty string for before and after.
When using NSEC, unhashed can be an empty string (but MUST be present in the response).
The qname will be hashed when using NSEC3 and in the response, unhashed should be the records’ real name without the domain part, and before and after should be the hashes.
Query:
{"method":"getBeforeAndAfterNamesAbsolute", "params":{"id":0,"qname":"www."}}
Response:
{"result":{"before":"ns1","after":""}}
Query:
/dnsapi/getbeforeandafternamesabsolute/0/www.example.com
Response:
{"result":{"before":"ns1","after":""}}
getAllDomainMetadata¶Returns the value(s) for variable kind for zone name. You must always return something, if there are no values, you shall return empty set.
Query:
{"method":"getalldomainmetadata", "parameters":{"name":"example.com"}}
Response:
{"result":{"PRESIGNED":["0"]}}
Query:
GET /dnsapi/getalldomainmetadata/example.com HTTP/1.1
Response:
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
{"result":{"PRESIGNED":["0"]}}
getDomainMetadata¶Returns the value(s) for variable kind for zone name. Most commonly it’s one of NSEC3PARAM, PRESIGNED, SOA-EDIT. Can be others, too. You must always return something, if there are no values, you shall return empty array.
Query:
{"method":"getdomainmetadata", "parameters":{"name":"example.com.","kind":"PRESIGNED"}}
Response:
{"result":["0"]}
Query:
GET /dnsapi/getdomainmetadata/example.com./PRESIGNED HTTP/1.1
Response:
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
{"result":["0"]}
setDomainMetadata¶Replaces the value(s) on domain name for variable kind to string(s) on array value. The old value is discarded. Value can be an empty array, which can be interpreted as deletion request.
Query:
{"method":"setdomainmetadata","parameters":{"name":"example.com","kind":"PRESIGNED","value":["YES"]}}
Response:
{"result":true}
Query:
PATCH /dnsapi/setdomainmetadata/example.com/PRESIGNED HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 12
value[]=YES&
Response:
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
{"result":true}
getDomainKeys¶Retrieves any keys of kind. The id, flags are unsigned integers, and active and published are boolean. Content must be valid key record in format that PowerDNS understands. You are encouraged to implement the section called “addDomainKey”, as you can use pdnsutil to provision keys.
id, flags, active, published, contentQuery:
{"method":"getDomainKeys","parameters":{"name":"example.com."}}
Response:
{"result":[{"id":1,"flags":256,"active":true,"published":true,"content":"Private-key-format: v1.2
Algorithm: 8 (RSASHA256)
Modulus: r+vmQll38ndQqNSCx9eqRBUbSOLcH4PZFX824sGhY2NSQChqt1G4ZfndzRwgjXMUwiE7GkkqU2Vbt/g4iP67V/+MYecMV9YHkCRnEzb47nBXvs9JCf8AHMCnma567GQjPECh4HevPE9wmcOfpy/u7UN1oHKSKRWuZJadUwcjbp8=
PublicExponent: AQAB
PrivateExponent: CYC93UtVnOM6wrFJZ+qA9+Yx+p5yk0CSi0Q7c+/6EVMuABQ5gNyTuu0j65lU3X81bwUk2wHPx6smfgoVDRAW5jjO4jgIFV6nE4inzk5YQKycQSL8YG3Nm9GciLFya1KUXs81sHsQpkvK7MNaSbvkaHZQ6iv16bZ4t73Wascwa/E=
Prime1: 6a165cIC0nNsGlTW/s2jRu7idq5+U203iE1HzSIddmWgx5KIKE/s3I+pwfmXYRUmq+4H9ASd/Yot1lSYW98szw==
Prime2: wLoCPKxxnuxDx6/9IKOYz8t9ZNLY74iCeQ85koqvTctkFmB9jpOUHTU9BhecaFY2euP9CuHV7z3PLtCoO8s1MQ==
Exponent1: CuzJaiR/7UboLvL4ekEy+QYCIHpX/Z6FkiHK0ZRevEJUGgCHzRqvgEBXN3Jr2WYbwL4IMShmGoxzSCn8VY9BkQ==
Exponent2: LDR9/tyu0vzuLwc20B22FzNdd5rFF2wAQTQ0yF/3Baj5NAi9w84l0u07KgKQZX4g0N8qUyypnU5YDyzc6ZoagQ==
Coefficient: 6S0vhIQITWzqfQSLj+wwRzs6qCvJckHb1+SD1XpwYjSgMTEUlZhf96m8WiaE1/fIt4Zl2PC3fF7YIBoFLln22w=="}]}
Query:
GET /dnsapi/getdomainkeys/example.com/0 HTTP/1.1
Response:
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
{"result":[{"id":1,"flags":256,"active":true,"published":true,"content":"Private-key-format: v1.2
Algorithm: 8 (RSASHA256)
Modulus: r+vmQll38ndQqNSCx9eqRBUbSOLcH4PZFX824sGhY2NSQChqt1G4ZfndzRwgjXMUwiE7GkkqU2Vbt/g4iP67V/+MYecMV9YHkCRnEzb47nBXvs9JCf8AHMCnma567GQjPECh4HevPE9wmcOfpy/u7UN1oHKSKRWuZJadUwcjbp8=
PublicExponent: AQAB
PrivateExponent: CYC93UtVnOM6wrFJZ+qA9+Yx+p5yk0CSi0Q7c+/6EVMuABQ5gNyTuu0j65lU3X81bwUk2wHPx6smfgoVDRAW5jjO4jgIFV6nE4inzk5YQKycQSL8YG3Nm9GciLFya1KUXs81sHsQpkvK7MNaSbvkaHZQ6iv16bZ4t73Wascwa/E=
Prime1: 6a165cIC0nNsGlTW/s2jRu7idq5+U203iE1HzSIddmWgx5KIKE/s3I+pwfmXYRUmq+4H9ASd/Yot1lSYW98szw==
Prime2: wLoCPKxxnuxDx6/9IKOYz8t9ZNLY74iCeQ85koqvTctkFmB9jpOUHTU9BhecaFY2euP9CuHV7z3PLtCoO8s1MQ==
Exponent1: CuzJaiR/7UboLvL4ekEy+QYCIHpX/Z6FkiHK0ZRevEJUGgCHzRqvgEBXN3Jr2WYbwL4IMShmGoxzSCn8VY9BkQ==
Exponent2: LDR9/tyu0vzuLwc20B22FzNdd5rFF2wAQTQ0yF/3Baj5NAi9w84l0u07KgKQZX4g0N8qUyypnU5YDyzc6ZoagQ==
Coefficient: 6S0vhIQITWzqfQSLj+wwRzs6qCvJckHb1+SD1XpwYjSgMTEUlZhf96m8WiaE1/fIt4Zl2PC3fF7YIBoFLln22w=="}]}
addDomainKey¶Adds key into local storage. See getDomainKeys for more information.
<flags,active,published,content>, idQuery:
{"method":"adddomainkey", "parameters":{"key":{"id":1,"flags":256,"active":true,"published":true,"content":"Private-key-format: v1.2
Algorithm: 8 (RSASHA256)
Modulus: r+vmQll38ndQqNSCx9eqRBUbSOLcH4PZFX824sGhY2NSQChqt1G4ZfndzRwgjXMUwiE7GkkqU2Vbt/g4iP67V/+MYecMV9YHkCRnEzb47nBXvs9JCf8AHMCnma567GQjPECh4HevPE9wmcOfpy/u7UN1oHKSKRWuZJadUwcjbp8=
PublicExponent: AQAB
PrivateExponent: CYC93UtVnOM6wrFJZ+qA9+Yx+p5yk0CSi0Q7c+/6EVMuABQ5gNyTuu0j65lU3X81bwUk2wHPx6smfgoVDRAW5jjO4jgIFV6nE4inzk5YQKycQSL8YG3Nm9GciLFya1KUXs81sHsQpkvK7MNaSbvkaHZQ6iv16bZ4t73Wascwa/E=
Prime1: 6a165cIC0nNsGlTW/s2jRu7idq5+U203iE1HzSIddmWgx5KIKE/s3I+pwfmXYRUmq+4H9ASd/Yot1lSYW98szw==
Prime2: wLoCPKxxnuxDx6/9IKOYz8t9ZNLY74iCeQ85koqvTctkFmB9jpOUHTU9BhecaFY2euP9CuHV7z3PLtCoO8s1MQ==
Exponent1: CuzJaiR/7UboLvL4ekEy+QYCIHpX/Z6FkiHK0ZRevEJUGgCHzRqvgEBXN3Jr2WYbwL4IMShmGoxzSCn8VY9BkQ==
Exponent2: LDR9/tyu0vzuLwc20B22FzNdd5rFF2wAQTQ0yF/3Baj5NAi9w84l0u07KgKQZX4g0N8qUyypnU5YDyzc6ZoagQ==
Coefficient: 6S0vhIQITWzqfQSLj+wwRzs6qCvJckHb1+SD1XpwYjSgMTEUlZhf96m8WiaE1/fIt4Zl2PC3fF7YIBoFLln22w=="}}}
Response:
{"result":true}
Query:
PUT /dnsapi/adddomainkey/example.com HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 965
flags=256&active=1&published=1&content=Private-key-format: v1.2
Algorithm: 8 (RSASHA256)
Modulus: r+vmQll38ndQqNSCx9eqRBUbSOLcH4PZFX824sGhY2NSQChqt1G4ZfndzRwgjXMUwiE7GkkqU2Vbt/g4iP67V/+MYecMV9YHkCRnEzb47nBXvs9JCf8AHMCnma567GQjPECh4HevPE9wmcOfpy/u7UN1oHKSKRWuZJadUwcjbp8=
PublicExponent: AQAB
PrivateExponent: CYC93UtVnOM6wrFJZ+qA9+Yx+p5yk0CSi0Q7c+/6EVMuABQ5gNyTuu0j65lU3X81bwUk2wHPx6smfgoVDRAW5jjO4jgIFV6nE4inzk5YQKycQSL8YG3Nm9GciLFya1KUXs81sHsQpkvK7MNaSbvkaHZQ6iv16bZ4t73Wascwa/E=
Prime1: 6a165cIC0nNsGlTW/s2jRu7idq5+U203iE1HzSIddmWgx5KIKE/s3I+pwfmXYRUmq+4H9ASd/Yot1lSYW98szw==
Prime2: wLoCPKxxnuxDx6/9IKOYz8t9ZNLY74iCeQ85koqvTctkFmB9jpOUHTU9BhecaFY2euP9CuHV7z3PLtCoO8s1MQ==
Exponent1: CuzJaiR/7UboLvL4ekEy+QYCIHpX/Z6FkiHK0ZRevEJUGgCHzRqvgEBXN3Jr2WYbwL4IMShmGoxzSCn8VY9BkQ==
Exponent2: LDR9/tyu0vzuLwc20B22FzNdd5rFF2wAQTQ0yF/3Baj5NAi9w84l0u07KgKQZX4g0N8qUyypnU5YDyzc6ZoagQ==
Coefficient: 6S0vhIQITWzqfQSLj+wwRzs6qCvJckHb1+SD1XpwYjSgMTEUlZhf96m8WiaE1/fIt4Zl2PC3fF7YIBoFLln22w==
Response:
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
{"result":true}
removeDomainKey¶Removes key id from domain name.
Query:
{"method":"removedomainkey","parameters":{"name":"example.com","id":1}}
Response:
{"result":true}
Query:
DELETE /dnsapi/removedomainkey/example.com/1 HTTP/1.1
Response:
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
{"result":true}
activateDomainKey¶Activates key id for domain name.
Query:
{"method":"activatedomainkey","parameters":{"name":"example.com","id":1}}
Response:
{"result":true}
Query:
POST /dnsapi/activatedomainkey/example.com/1 HTTP/1.1
Response:
HTTP/1.1 200 OK
Content-Type: text/javascript; utf-8
{"result": true}
deactivateDomainKey¶Deactivates key id for domain name.
Query:
{"method":"deactivatedomainkey","parameters":{"name":"example.com","id":1}}
Response:
{"result": true}
Query:
POST /dnsapi/deactivatedomainkey/example.com/1 HTTP/1.1
Response:
HTTP/1.1 200 OK
Content-Type: text/javascript; utf-8
{"result": true}
publishDomainKey¶Publish key id for domain name.
Query:
{"method":"publishdomainkey","parameters":{"name":"example.com","id":1}}
Response:
{"result": true}
Query:
POST /dnsapi/publishdomainkey/example.com/1 HTTP/1.1
Response:
HTTP/1.1 200 OK
Content-Type: text/javascript; utf-8
{"result": true}
unpublishDomainKey¶Unpublish key id for domain name.
Query:
{"method":"unpublishdomainkey","parameters":{"name":"example.com","id":1}}
Response:
{"result": true}
Query:
POST /dnsapi/unpublishdomainkey/example.com/1 HTTP/1.1
Response:
HTTP/1.1 200 OK
Content-Type: text/javascript; utf-8
{"result": true}
getTSIGKey¶Retrieves the key needed to sign AXFR.
Query:
{"method":"gettsigkey","parameters":{"name":"example.com."}}
Response:
{"result":{"algorithm":"hmac-md5","content":"kp4/24gyYsEzbuTVJRUMoqGFmN3LYgVDzJ/3oRSP7ys="}}
Query:
GET /dnsapi/gettsigkey/example.com. HTTP/1.1
Response:
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
{"result":{"algorithm":"hmac-md5","content":"kp4/24gyYsEzbuTVJRUMoqGFmN3LYgVDzJ/3oRSP7ys="}}
getDomainInfo¶Retrieves information about given domain from the backend. If your return value has no zone attribute, the backend will signal error. Everything else will default to something. Default values: serial:0, kind:NATIVE, id:-1, notified_serial:-1, last_check:0, masters: []. Masters, if present, must be array of strings.
Query:
{"method":"getdomaininfo","parameters":{"name":"example.com"}}
Response:
{"result":{"id":1,"zone":"example.com","kind":"NATIVE","serial":2002010100}}
Query:
GET /dnsapi/getdomaininfo/example.com HTTP/1.1
Response:
HTTP/1.1 200 OK
content-Type: text/javascript: charset=utf-8
{"result":{id:1,"zone":"example.com","kind":"NATIVE","serial":2002010100}}
setNotified¶Updates last notified serial for the domain id. Any errors are ignored.
Query:
{"method":"setnotified","parameters":{"id":1,"serial":2002010100}}
Response:
{"result":true}
Query:
PATCH /dnsapi/setnotified/1 HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 17
serial=2002010100
Response:
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
{"result":true}
isMaster¶Determines whether given IP is master for given domain name.
Query:
{"method":"isMaster","parameters":{"name":"example.com","ip":"198.51.100.0.1"}}
Response:
{"result":true}
Query:
GET /dnsapi/isMaster/example.com/198.51.100.0.1 HTTP/1.1
Response:
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
{"result":true}
superMasterBackend¶Creates new domain with given record(s) as master servers. IP address is the address where notify is received from. nsset is array of NS resource records.
Query:
{"method":"superMasterBackend","parameters":{"ip":"198.51.100.0.1","domain":"example.com","nsset":[{"qtype":"NS","qname":"example.com","qclass":1,"content":"ns1.example.com","ttl":300,"auth":true},{"qtype":"NS","qname":"example.com","qclass":1,"content":"ns2.example.com","ttl":300,"auth":true}]}}
Response:
{"result":true}
Alternative response:
{"result":{"account":"my account","nameserver":"ns2.example.com"}}
Query:
POST /dnsapi/supermasterbackend/198.51.100.0.1/example.com HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 317
nsset[1][qtype]=NS&nsset[1][qname]=example.com&nsset[1][qclass]=1&nsset[1][content]=ns1.example.com&nsset[1][ttl]=300&nsset[1][auth]=true&nsset[2][qtype]=NS&nsset[2][qname]=example.com&nsset[2][qclass]=1&nsset[2][content]=ns2.example.com&nsset[2][ttl]=300&nsset[2][auth]=true
Response:
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
{"result":true}
Alternative response
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
{"result":{"account":"my account"}}
createSlaveDomain¶Creates new domain. This method is called when NOTIFY is received and you are superslaving.
- Mandatory: No
- Parameters: ip, domain
- Optional parameters: nameserver, account
- Reply: true for success, false for failure
Query:
{"method":"createSlaveDomain","parameters":{"ip":"198.51.100.0.1","domain":"pirate.example.net"}}
Response:
{"result":true}
Query:
POST /dnsapi/createslavedomain/198.51.100.0.1/pirate.example.net HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 0
Response:
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
{"result":true}
replaceRRSet¶This method replaces a given resource record with new set. The new qtype can be different from the old.
Query:
{"method":"replaceRRSet","parameters":{"domain_id":2,"qname":"replace.example.com","qtype":"A","trxid":1370416133,"rrset":[{"qtype":"A","qname":"replace.example.com","qclass":1,"content":"1.1.1.1","ttl":300,"auth":true}]}}
Response:
{"result":true}
Query:
PATCH /dnsapi/replacerrset/2/replace.example.com/A HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 135
trxid=1370416133&rrset[qtype]=A&rrset[qname]=replace.example.com&rrset[qclass]=1&rrset[content]=1.1.1.1&rrset[auth]=1
Response:
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
{"result":true}
feedRecord¶Asks to feed new record into system. If startTransaction was called, trxId identifies a transaction. It is not always called by PowerDNS.
Query:
{"method":"feedRecord","parameters":{"rr":{"qtype":"A","qname":"replace.example.com","qclass":1,"content":"127.0.0.1","ttl":300,"auth":true},"trxid":1370416133}}
Response:
{"result":true}
Query:
PATCH /dnsapi/feedrecord/1370416133 HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 117
rr[qtype]=A&rr[qname]=replace.example.com&rr[qclass]=1&rr[content]=127.0.0.1&rr[ttl]=300&rr[auth]=true
Response:
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
{"result":true}
feedEnts¶This method is used by pdnsutil rectify-zone to populate missing non-terminals. This is used when you have, say, record like _sip._upd.example.com, but no _udp.example.com. PowerDNS requires that there exists a non-terminal in between, and this instructs you to add one. If startTransaction is called, trxid identifies a transaction.
Query:
{"method":"feedEnts","parameters":{"domain_id":2,"trxid":1370416133,"nonterm":["_sip._udp","_udp"]}}
Response:
{"result":true}
Query:
PATCH /dnsapi/feedents/2 HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 50
trxid=1370416133&nonterm[]=_udp&nonterm[]=_sip.udp
Response:
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
{"result":true}
feedEnts3¶Same as feedEnts, but provides NSEC3 hashing parameters. Note that salt is BYTE value, and can be non-readable text.
Query:
{"method":"feedEnts3","parameters":{"domain_id":2,"domain":"example.com","times":1,"salt":"9642","narrow":false,"trxid":1370416356,"nonterm":["_sip._udp","_udp"]}}
Response:
{"result":true}
Query:
PATCH /dnsapi/2/example.com HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 78
trxid=1370416356×=1&salt=9642&narrow=0&nonterm[]=_sip._udp&nonterm[]=_udp
Response:
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
{"result":true}
startTransaction¶Starts a new transaction. Transaction ID is chosen for you. Used to identify f.ex. AXFR transfer.
Query:
{"method":"startTransaction","parameters":{"trxid":1234,"domain_id":1,"domain":"example.com"}}
Response:
{"result":true}
Query:
POST /dnsapi/starttransaction/1/example.com HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 10
trxid=1234
Response:
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
{"result":true}
commitTransaction¶Signals successful transfer and asks to commit data into permanent storage.
Query:
{"method":"commitTransaction","parameters":{"trxid":1234}}
Response:
{"result":true}
Query:
POST /dnsapi/committransaction/1234 HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 0
Response:
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
{"result":true}
abortTransaction¶Signals failed transaction, and that you should rollback any changes.
Query:
{"method":"abortTransaction","parameters":{"trxid":1234}}
Response:
{"result":true}
Query:
POST /dnsapi/aborttransaction/1234 HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 0
Response:
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
{"result":true}
calculateSOASerial¶Asks you to calculate a new serial based on the given data and update the serial.
Query:
{"method":"calculateSOASerial","parameters":{"domain":"unit.test","sd":{"qname":"unit.test","nameserver":"ns.unit.test","hostmaster":"hostmaster.unit.test","ttl":300,"serial":1,"refresh":2,"retry":3,"expire":4,"default_ttl":5,"domain_id":-1,"scopeMask":0}}}
Response:
{"result":2013060501}
Query:
POST /dnsapi/calculatesoaserial/unit.test HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 198
sd[qname]=unit.test&sd[nameserver]=ns.unit.test&sd[hostmaster]=hostmaster.unit.test&sd[ttl]=300&sd[serial]=1&sd[refresh]=2&sd[retry]=3&sd[expire]=4&sd[default_ttl]=5&sd[domain_id]=-1&sd[scopemask]=0
Response:
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
{"result":2013060501}
directBackendCmd¶Can be used to send arbitrary commands to your backend using pdnsutil and DNSSEC.
Query:
{"method":"directBackendCmd","parameters":{"query":"PING"}}
Response:
{"result":"PONG"}
Query:
POST /dnsapi/directBackendCmd HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 10
query=PING
Response:
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
{"result":"PONG"}
getAllDomains¶Get DomainInfo records for all domains in your backend.
0 (not recommended for performance reasons)(since 4.5.0)Query:
{"method": "getAllDomains", "parameters": {"include_disabled": true}}
Response:
{"result":[{"id":1,"zone":"unit.test.","masters":["10.0.0.1"],"notified_serial":2,"serial":2,"last_check":1464693331,"kind":"native"}]}
Query:
GET /dnsapi/getAllDomains?includeDisabled=true HTTP/1.1
Response:
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
Content-Length: 135
{"result":[{"id":1,"zone":"unit.test.","masters":["10.0.0.1"],"notified_serial":2,"serial":2,"last_check":1464693331,"kind":"native"}]}
searchRecords¶Can be used to search records from the backend. This is used by web api.
Query:
{"method":"searchRecords","parameters":{"pattern":"www.example*","maxResults":100}}
Response:
{"result":[{"qtype":"A", "qname":"www.example.com", "content":"203.0.113.2", "ttl": 60}]}
Query:
GET /dnsapi/searchRecords?q=www.example*&maxResults=100 HTTP/1.1
Response:
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
{"result":[{"qtype":"A", "qname":"www.example.com", "content":"203.0.113.2", "ttl": 60}]}
getUpdatedMasters¶Used to find out any updates to master domains. This is used to trigger notifications in master mode.
id, zone, serial and notified_serial fieldsQuery:
{"method": "getUpdatedMasters", "parameters": {}}
Response:
{"result":[{"id":1,"zone":"unit.test.","masters":["10.0.0.1"],"notified_serial":2,"serial":2,"last_check":1464693331,"kind":"master"}]}
Query:
GET /dnsapi/getUpdatedMasters HTTP/1.1
Response:
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
Content-Length: 135
{"result":[{"id":1,"zone":"unit.test.","masters":["10.0.0.1"],"notified_serial":2,"serial":2,"last_check":1464693331,"kind":"master"}]}
getUnfreshSlaveInfos¶Used to find out if slave zones need checking of the master’s SOA Serial.
id, zone, serial and last_check fieldsQuery:
{"method": "getUnfreshSlaveInfos", "parameters": {}}
Response:
{"result":[{"id":1,"zone":"unit.test.","masters":["10.0.0.1"],"serial":2,"last_check":1464693331,"kind":"slave"}]}
Query:
GET /dnsapi/getUnfreshSlaveInfos HTTP/1.1
Response:
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
Content-Length: 135
{"result":[{"id":1,"zone":"unit.test.","masters":["10.0.0.1"],"serial":2,"last_check":1464693331,"kind":"slave"}]}
setFresh¶Called when a slave freshness check succeeded. This does not indicate the zone was updated on the master.
Query:
PATCH /dnsapi/setFresh/1 HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 0
Response:
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
{"result":true}
Query:
{
"method": "lookup",
"parameters": {
"qname": "example.com",
"qtype": "SOA",
"zone_id": "-1"
}
}
Reply:
{
"result":
[
{ "qtype": "SOA",
"qname": "example.com",
"content": "dns1.icann.org. hostmaster.icann.org. 2012080849 7200 3600 1209600 3600",
"ttl": 3600,
"domain_id": -1
}
]
}
Query:
/dns/lookup/example.com/SOA
Reply:
{
"result":
[
{ "qtype": "SOA",
"qname": "example.com",
"content": "dns1.icann.org. hostmaster.icann.org. 2012080849 7200 3600 1209600 3600",
"ttl": 3600,
"domain_id": -1
}
]
}