PowerDNS Authoritative Server

• PowerDNS Authoritative Nameserver
  • Getting Started
  • Getting Support
    • My information is confidential, must I send it to the mailing list, discuss it on IRC, or post it in a GitHub ticket?
    • I have a question!
    • What details should I supply?
    • I found a bug!
    • I found a security issue!
    • I have a good idea for a feature!
• Installing PowerDNS
  • Binary Packages
    • Debian-based Systems
    • Red Hat-based Systems
    • FreeBSD
    • Mac OS X
  • After installation
• Upgrade Notes
  • 5.0.0 to 5.1.0
    • zone display
    • Record handling in the API
  • 4.9.0 to 5.0.0
    • LMDB backend, views
    • LMDB backend, DNS Update support
    • LMDB backend, search support
    • LOC record parsing
    • LUA records whitespace insertion
    • lua-records-exec-limit feature restored
    • ixfrdist IPv6 support
    • pdnsutil syntax and behaviour changes
  • 4.8.0 to 4.9.0
    • Removed options
    • Renamed options
  • any version to 4.8.x
    • Use of (RSA-)SHA1 on Red Hat Enterprise Linux 9 and derivatives
    • LMDB backend
  • 4.6.0 to 4.7.0
    • Schema changes
  • 4.5.x to 4.6.0
    • Automatic conversion of @ signs in SOA
    • New default NSEC3 parameters
    • SHA1 DSes
    • Privileged port binding in Docker
  • 4.4.x to 4.5.0
    • Automatic conversion of @ signs in SOA
    • Record type changes
    • Changed options
  • 4.3.x to 4.4.0
    • Latency calculation changes
    • MySQL character set detection
    • Record type changes
    • PostgreSQL configuration escaping
    • New LMDB schema
    • Removed features
  • 4.3.1 to 4.3.2
    • Latency calculation changes
  • 4.3.0 to 4.3.1
  • 4.2.x to 4.3.0
    • NSEC/NSEC3 TTL changed
    • Lua Netmask class methods changed
    • socket-dir changed
    • Systemd service and permissions
    • New settings
    • Deprecated settings
    • Changed defaults
    • Schema changes
    • Implicit 5->7 algorithm upgrades
    • IXFR-in corruption
  • 4.2.X to 4.2.3
  • 4.X.X to 4.2.2
    • IXFR-in corruption
  • 4.1.X to 4.2.0
  • 4.1.X to 4.1.14
  • 4.1.0 to 4.1.1
  • 4.0.X to 4.1.0
    • Changed options
    • Other changes
  • 4.0.X to 4.0.2
    • Changed options
  • 3.4.X to 4.0.0
    • Database changes
    • Changed options
    • API
    • Resource Record Changes
• DNS Modes of Operation
  • Native replication
  • Primary operation
  • Secondary operation
  • Primary/Secondary Setup Requirements
  • IXFR: incremental zone transfers
  • Autoprimary: automatic provisioning of secondaries
  • Modifying a secondary zone using a script
• Migrating to PowerDNS
  • Using AXFR to a Secondary-Capable Backend
    • To A Generic SQL Backend
    • To the BIND backend
  • From zonefiles to PowerDNS
    • Using the BIND backend
    • To a Generic SQL backend
  • Migrating Data from one Backend to Another Backend
    • Prerequisites
    • Moving from source to target
• Running and Operating
  • Guardian
  • Logging to syslog on systemd-based operating systems
  • Logging to syslog
  • Controlling A Running PowerDNS Server
    • Control Socket
    • pdns_control
    • Backend manipulation
    • pdnsutil
  • Running in the foreground
• Security of PowerDNS
  • PowerDNS Security Policy
    • YesWeHack
    • Disclosure Policy
  • Securing the Process
    • Running as a less privileged identity
    • Jailing the process in a chroot
  • Security Considerations
  • Security Polling
    • Details
  • Trusting zone files
• Performance and Tuning
  • Performance related settings
  • Packet Cache
  • Query Cache
  • Caches & Memory Allocations & glibc
  • Performance Monitoring
    • Counters
    • Ring buffers
    • Sending metrics to Graphite/Metronome over Carbon
• DNSSEC
  • A brief introduction to DNSSEC
  • DNSSEC Profile and Support
    • Supported Algorithms
  • DNSSEC Modes of Operation
    • Online Signing
    • Pre-signed records
    • Front-signing
    • Signed AXFR
    • BIND-mode operation
    • Hybrid BIND-mode operation
  • pdnsutil and DNSSEC
    • DNSSEC Defaults
  • Migrating (Signed) Zones to PowerDNS
    • From an existing PowerDNS installation
    • From existing non-DNSSEC, non-PowerDNS setups
    • From existing DNSSEC non-PowerDNS setups, pre-signed
    • From existing DNSSEC non-PowerDNS setups, live signing
    • Secure transfers
  • Operational instructions
    • Publishing a DS
    • Going insecure
    • Setting the NSEC modes and parameters
    • SOA-EDIT: ensure signature freshness on secondaries
    • Security
    • Performance
    • Some notes on TTL usage
  • DNSSEC advice & precautions
    • Packet sizes, fragments, TCP/IP service
  • PKCS#11 support
    • Using PKCS#11 with SoftHSM
    • SoftHSM2 with forwarding
    • Using CryptAS
  • Thanks to, acknowledgements
• Per zone settings: Domain Metadata
  • ALLOW-AXFR-FROM
  • ALLOW-DNSUPDATE-FROM, FORWARD-DNSUPDATE, NOTIFY-DNSUPDATE, SOA-EDIT-DNSUPDATE
  • ALSO-NOTIFY
  • API-RECTIFY
  • AXFR-MASTER-TSIG
  • AXFR-SOURCE
  • ENABLE-LUA-RECORDS
  • GSS-ACCEPTOR-PRINCIPAL
  • GSS-ALLOW-AXFR-PRINCIPAL
  • IXFR
  • LUA-AXFR-SCRIPT
  • NSEC3NARROW
  • NSEC3PARAM
  • PRESIGNED
  • PUBLISH-CDNSKEY, PUBLISH-CDS
  • RFC1123-CONFORMANCE
  • SIGNALING-ZONE
  • SLAVE-RENOTIFY
  • SOA-EDIT
  • SOA-EDIT-API
  • TSIG-ALLOW-AXFR
  • TSIG-ALLOW-DNSUPDATE
  • Extra metadata
• Dynamic DNS Update (RFC 2136)
  • Configuration options
    • dnsupdate
    • allow-dnsupdate-from
    • dnsupdate-require-tsig
    • forward-dnsupdate
    • lua-dnsupdate-policy-script
  • Per zone settings
    • ALLOW-DNSUPDATE-FROM
    • TSIG-ALLOW-DNSUPDATE
    • FORWARD-DNSUPDATE
    • NOTIFY-DNSUPDATE
    • SOA-EDIT-DNSUPDATE
  • SOA Serial Updates
    • SOA-EDIT-DNSUPDATE settings
  • DNS update How-to: Setup dyndns/rfc2136 with dhcpd
    • Setting up dhcpd
    • Setting up PowerDNS
  • How it works
  • Update policy
• Catalog Zones (RFC 9432)
  • Supported catalog versions
  • Configuration options
  • Per zone settings
    • CATALOG-HASH
  • Setting up catalog zones
    • Setting up a producer zone
    • Assigning members to a producer zone
    • Setting up a consumer zone
    • Updating a secondary server when primary address/port changes
• TSIG
  • Provisioning outbound AXFR access
  • Provisioning signed notification and AXFR requests
  • GSS-TSIG support
    • Prerequisites
    • Setting up
• Views
  • Requirements
  • Concepts
    • Zone Variants
    • Networks
    • Views
  • Resolution Algorithm
  • Configuration tweaks
  • Examples
    • Simple setup
    • Bind configuration adaptation
  • Interaction with catalog zones
• Lua Records
  • Examples
  • Using LUA Records with Generic SQL backends
  • Record format
  • More powerful example
  • Advanced topics
  • Details & Security
  • Shared Lua state model
  • Reference
    • Preset variables
    • Functions available
    • LUA Reference
• Guides and How Tos
  • Basic setup: configuring database connectivity
    • Common problems
    • Typical Errors after Installing
  • Migrating from using recursion on the Authoritative Server to using a Recursor
    • Scenario 1: Authoritative Server as Recursor with private zones
    • Scenario 2: Authoritative Server as Recursor for clients and serving public domains
  • Running Virtual Instances
    • Starting virtual instances with Sysv init-scripts
    • Starting virtual instances with systemd
  • Using ALIAS records
    • AXFR Zone transfers
    • ALIAS and DNSSEC
  • Using SVCB and derived records
    • Automatic hints
  • KSK Rollover
    • Phase: Initial
    • Phase: new DNSKEY
    • Phase: DS change
    • Phase: DNSKEY removal
    • Conclusion
  • KSK Rollover using CDS & CDNSKEY Key Rollover
  • ZSK Rollover
    • Phase: Initial
    • Phase: new DNSKEY
    • Phase: new RRSIGs
    • Phase: DNSKEY removal
    • Conclusion
  • Algorithm Rollover
    • Phase: initial
    • Phase: new RRSIGs
    • Phase: new DNSKEY
    • Phase: new DS
    • Phase: DNSKEY removal
    • Phase: RRSIGs removal
    • Conclusion
  • Adding new DNS record types
• Backends
• Built-in Webserver and HTTP API
  • Webserver
  • Metrics Endpoint
  • Enabling the API
  • Working with the API
    • Authentication
    • Errors
    • Data format
  • Endpoints and Objects in the API
    • Servers
    • Zones
    • Views
    • Networks
    • Cryptokeys
    • Metadata
    • TSIGKeys
    • Autoprimaries
    • Searching
    • Statistics
    • Cache
• Manual Pages
  • calidns
    • Synopsis
    • Description
    • QUERY_FILE format
    • Options
  • dnsbulktest
    • Synopsis
    • Description
    • Options
  • dnsgram
    • Synopsis
    • Description
    • Options
    • See also
  • dnspcap2calidns
    • Synopsis
    • Description
    • Options
    • See also
  • dnspcap2protobuf
    • Synopsis
    • Description
    • Options
  • dnsreplay
    • Synopsis
    • Description
    • Options
    • Bugs
    • See also
  • dnsscan
    • Synopsis
    • Description
    • Options
    • See also
  • dnsscope
    • Synopsis
    • Description
    • Options
    • See also
  • dnstcpbench
    • Synopsis
    • Description
    • Options
    • Bugs
  • dnswasher
    • Synopsis
    • Description
    • Options
    • See also
  • dumresp
    • Synopsis
    • Description
    • Options
    • See also
  • ixfrdist
    • Synopsis
    • Description
    • Options
    • See also
  • ixplore
    • Synopsis
    • Description
    • Options
    • diff-mode
    • track-mode
    • See also
  • nproxy
    • Synopsis
    • Description
    • Options
  • nsec3dig
    • Synopsis
    • Description
    • Example
  • pdns_control
    • Synopsis
    • Description
    • Options
    • Commands
    • See also
  • pdns_notify
    • Synopsis
    • Description
    • Options
  • pdns_server
    • Synopsis
    • Description
    • Options
    • See also
  • pdnsutil
    • Synopsis
    • Description
    • Options
    • Commands
    • AUTOPRIMARY COMMANDS
    • CATALOG ZONE COMMANDS
    • ZONE METADATA COMMANDS
    • NETWORK COMMANDS
    • ZONE RECORD COMMANDS
    • TSIG RELATED COMMANDS
    • VIEWS COMMANDS
    • ZONE MANIPULATION COMMANDS
    • SECONDARY ZONE COMMANDS
    • DNSSEC-RELATED COMMANDS
    • ZONE KEY COMMANDS
    • OTHER/MISCELLANEOUS COMMANDS
    • See also
  • saxfr
    • Synopsis
    • Description
    • Options
  • sdig
    • Synopsis
    • Description
    • Options
    • Examples
  • zone2json
    • Synopsis
    • Description
    • Options
    • INPUT Options
    • OTHER Options
    • See also
  • zone2ldap
    • Synopsis
    • Description
    • Options
    • See also
  • zone2sql
    • Synopsis
    • Description
    • Options
    • INPUT Options
    • BACKENDS
    • OUTPUT Options
    • OTHER Options
    • JSON COMMENTS
    • See also
  • ixfrdist.yml
    • Synopsis
    • Description
    • Example
    • Options
    • See also
• Authoritative Server Settings
  • 8bit-dns
  • allow-axfr-ips
  • allow-dnsupdate-from
  • allow-notify-from
  • allow-unsigned-autoprimary
  • allow-unsigned-notify
  • allow-unsigned-supermaster
  • also-notify
  • any-to-tcp
  • api
  • api-key
  • autosecondary
  • axfr-fetch-timeout
  • axfr-lower-serial
  • cache-ttl
  • carbon-instance
  • carbon-interval
  • carbon-namespace
  • carbon-ourname
  • carbon-server
  • chroot
  • secondary-check-signature-freshness
  • config-dir
  • config-name
  • consistent-backends
  • control-console
  • daemon
  • default-api-rectify
  • default-catalog-zone
  • default-ksk-algorithm
  • default-ksk-size
  • default-publish-cdnskey
  • default-publish-cds
  • default-soa-content
  • default-soa-edit
  • default-soa-edit-signed
  • default-soa-mail
  • default-soa-name
  • default-ttl
  • default-zsk-algorithm
  • default-zsk-size
  • delay-notifications
  • direct-dnskey
  • direct-dnskey-signature
  • disable-axfr
  • disable-axfr-rectify
  • disable-syslog
  • distributor-threads
  • dname-processing
  • dnsproxy-udp-port-range
  • dnssec-key-cache-ttl
  • dnsupdate
  • dnsupdate-require-tsig
  • do-ipv6-additional-processing
  • domain-metadata-cache-ttl
  • edns-cookie-secret
  • edns-subnet-processing
  • enable-gss-tsig
  • enable-lua-records
  • entropy-source
  • expand-alias
  • resolve-across-zones
  • forward-dnsupdate
  • forward-notify
  • guardian
  • ignore-unknown-settings
  • include-dir
  • launch
  • load-modules
  • local-address
  • local-address-nonexist-fail
  • local-ipv6
  • local-ipv6-nonexist-fail
  • local-port
  • log-dns-details
  • log-dns-queries
  • log-timestamp
  • logging-facility
  • loglevel
  • loglevel-show
  • lua-axfr-script
  • lua-consistent-hashes-cleanup-interval
  • lua-consistent-hashes-expire-delay
  • lua-global-include-dir
  • lua-health-checks-expire-delay
  • lua-health-checks-interval
  • lua-prequery-script
  • lua-records-exec-limit
  • lua-records-insert-whitespace
  • master
  • max-cache-entries
  • max-ent-entries
  • max-include-depth
  • max-generate-steps
  • max-nsec3-iterations
  • max-packet-cache-entries
  • max-queue-length
  • max-signature-cache-entries
  • max-tcp-connection-duration
  • max-tcp-connections
  • max-tcp-connections-per-client
  • max-tcp-transactions-per-conn
  • module-dir
  • negquery-cache-ttl
  • no-config
  • no-shuffle
  • non-local-bind
  • only-notify
  • outgoing-axfr-expand-alias
  • overload-queue-length
  • prevent-self-notification
  • primary
  • proxy-protocol-from
  • proxy-protocol-maximum-size
  • query-cache-ttl
  • query-local-address
  • query-local-address6
  • query-logging
  • queue-limit
  • receiver-threads
  • resolver
  • retrieval-threads
  • reuseport
  • rng
  • secondary
  • secondary-do-renotify
  • security-poll-suffix
  • send-signed-notify
  • server-id
  • setgid
  • setuid
  • signing-threads
  • slave
  • slave-cycle-interval
  • slave-renotify
  • soa-expire-default
  • soa-minimum-ttl
  • soa-refresh-default
  • soa-retry-default
  • socket-dir
  • superslave
  • svc-autohints
  • tcp-control-address
  • tcp-control-port
  • tcp-control-range
  • tcp-control-secret
  • tcp-fast-open
  • tcp-idle-timeout
  • traceback-handler
  • trusted-notification-proxy
  • udp-truncation-threshold
  • upgrade-unknown-types
  • version-string
  • views
  • webserver
  • webserver-address
  • webserver-allow-from
  • webserver-hash-plaintext-credentials
  • webserver-loglevel
  • webserver-max-bodysize
  • webserver-connection-timeout
  • webserver-password
  • webserver-port
  • webserver-print-arguments
  • write-pid
  • workaround-11804
  • xfr-cycle-interval
  • xfr-max-received-mbytes
  • zone-cache-refresh-interval
  • zone-metadata-cache-ttl
• Security Advisories
  • PowerDNS Security Advisory 2022-01: incomplete validation of incoming IXFR transfer in Authoritative Server and Recursor
  • PowerDNS Security Advisory 2021-01: Specific query crashes Authoritative Server
  • PowerDNS Security Advisory 2020-06: Various issues in our GSS-TSIG support
  • PowerDNS Security Advisory 2020-05: Leaking uninitialised memory through crafted zone records
  • PowerDNS Security Advisory 2019-06: Denial of service via crafted zone records
  • PowerDNS Security Advisory 2019-05: Denial of service via NOTIFY packets
  • PowerDNS Security Advisory 2019-04: Denial of service via crafted zone records
  • PowerDNS Security Advisory 2019-03: Insufficient validation in the HTTP remote backend
  • PowerDNS Security Advisory 2018-05: Packet cache pollution via crafted query
  • PowerDNS Security Advisory 2018-03: Crafted zone record can cause a denial of service
  • PowerDNS Security Advisory 2018-02: Buffer overflow in dnsreplay
  • PowerDNS Security Advisory 2017-04: Missing check on API operations
  • PowerDNS Security Advisory 2016-05: Crafted zone record can cause a denial of service
  • PowerDNS Security Advisory 2016-04: Insufficient validation of TSIG signatures
  • PowerDNS Security Advisory 2016-03: Denial of service via the web server
  • PowerDNS Security Advisory 2016-02: Crafted queries can cause abnormal CPU usage
  • PowerDNS Security Advisory 2016-01: Crafted queries can cause unexpected backend load
  • PowerDNS Security Advisory 2015-03: Packet parsing bug can lead to crashes
  • PowerDNS Security Advisory 2015-02: Packet parsing bug can cause thread or process abortion
  • PowerDNS Security Advisory 2015-01: Label decompression bug can cause crashes or CPU spikes
  • PowerDNS Security Advisory 2012-01: PowerDNS Authoritative Server can be caused to generate a traffic loop
  • PowerDNS Security Advisory 2008-03: Some PowerDNS Configurations can be forced to restart remotely
  • PowerDNS Security Advisory 2008-02: By not responding to certain queries, domains become easier to spoof
  • Older security advisories
• Changelogs
  • Changelogs for 5.0.x
    • 5.0.0
    • 5.0.0-beta1
    • 5.0.0-alpha1
  • Changelogs for 4.9.x
    • 4.9.11
    • 4.9.10
    • 4.9.9
    • 4.9.8
    • 4.9.7
    • 4.9.6
    • 4.9.5
    • 4.9.4
    • 4.9.3
    • 4.9.2
    • 4.9.1
    • 4.9.0
    • 4.9.0-beta2
    • 4.9.0-beta1
    • 4.9.0-alpha1
  • Changelogs for 4.8.x
    • 4.8.5
    • 4.8.4
    • 4.8.3
    • 4.8.2
    • 4.8.1
    • 4.8.0
    • 4.8.0-beta1
    • 4.8.0-alpha1
  • Changelogs for 4.7.x
    • 4.7.5
    • 4.7.4
    • 4.7.3
    • 4.7.2
    • 4.7.1
    • 4.7.0
    • 4.7.0-rc1
    • 4.7.0-beta2
    • 4.7.0-beta1
    • 4.7.0-alpha1
  • Changelogs for 4.6.x
    • 4.6.4
    • 4.6.3
    • 4.6.2
    • 4.6.1
    • 4.6.0
    • 4.6.0-rc1
    • 4.6.0-beta1
    • 4.6.0-alpha1
  • Changelogs for 4.5.x
    • 4.5.5
    • 4.5.4
    • 4.5.3
    • 4.5.2
    • 4.5.1
    • 4.5.0
    • 4.5.0-rc2
    • 4.5.0-rc1
    • 4.5.0-beta1
    • 4.5.0-alpha1
  • Changelogs for 4.4.x
    • 4.4.3
    • 4.4.2
    • 4.4.1
    • 4.4.0
    • 4.4.0-rc1
    • 4.4.0-beta1
    • 4.4.0-alpha3
    • 4.4.0-alpha1
  • Changelogs for 4.3.x
    • 4.3.2
    • 4.3.1
    • 4.3.0
    • 4.3.0-rc2
    • 4.3.0-beta2
    • 4.3.0-beta1
    • 4.3.0-alpha1
  • Changelogs for 4.2.x
    • 4.2.3
    • 4.2.2
    • 4.2.1
    • 4.2.0
    • 4.2.0-rc3
    • 4.2.0-rc2
    • 4.2.0-rc1
  • Changelogs for 4.1.x
    • 4.1.14
    • 4.1.13
    • 4.1.12
    • 4.1.11
    • 4.1.10
    • 4.1.9
    • 4.1.8
    • 4.1.7
    • 4.1.6
    • 4.1.5
    • 4.1.4
    • 4.1.3
    • 4.1.2
    • 4.1.1
    • 4.1.0
    • 4.1.0-rc3
    • 4.1.0-rc2
    • 4.1.0-rc1
  • Changelogs for 4.0.x
    • PowerDNS Authoritative Server 4.0.9
    • PowerDNS Authoritative Server 4.0.8
    • PowerDNS Authoritative Server 4.0.7
    • PowerDNS Authoritative Server 4.0.6
    • PowerDNS Authoritative Server 4.0.5
    • PowerDNS Authoritative Server 4.0.4
    • PowerDNS Authoritative Server 4.0.3
    • PowerDNS Authoritative Server 4.0.2
    • PowerDNS Authoritative Server 4.0.1
    • PowerDNS Authoritative Server 4.0.0
    • PowerDNS Authoritative Server 4.0.0-rc2
    • PowerDNS Authoritative Server 4.0.0-beta1
    • PowerDNS Authoritative Server 4.0.0-alpha3
    • PowerDNS Authoritative Server 4.0.0-alpha2
    • PowerDNS Authoritative Server 4.0.0-alpha1
  • Changelogs for 3.x and older
    • PowerDNS Authoritative Server 3.4.9
    • PowerDNS Authoritative Server 3.4.8
    • PowerDNS Authoritative Server 3.4.7
    • PowerDNS Authoritative Server 3.4.6
    • PowerDNS Authoritative Server 3.3.3
    • PowerDNS Authoritative Server 3.4.5
    • PowerDNS Authoritative Server 3.3.2
    • PowerDNS Authoritative Server 3.4.4
    • PowerDNS Authoritative Server 3.4.3
    • PowerDNS Authoritative Server 3.4.2
    • PowerDNS Authoritative Server 3.4.1
    • PowerDNS Authoritative Server 3.4.0
    •  PowerDNS Authoritative Server version 3.3.1
    • PowerDNS Authoritative Server version 3.3
    • PowerDNS Authoritative Server 3.2
    •  PowerDNS Authoritative Server 3.1
    • Changes between RC1 and RC2
    • Authoritative Server version 2.9.22.6
    •  Authoritative Server version 2.9.22.5
    • PowerDNS Authoritative Server 3.0.1
    • PowerDNS Authoritative Server 3.0
    • Authoritative Server version 2.9.22
    • Authoritative Server version 2.9.21.2
    • Authoritative Server version 2.9.21.1
    • PowerDNS Authoritative Server version 2.9.21
    • Version 2.9.20
    • Version 2.9.19
    • Version 2.9.18
    • Version 2.9.17
    • Version 2.9.16
    • Version 2.9.15
    • Version 2.9.14
    • Version 2.9.13
    • Version 2.9.12
    • Version 2.9.11
    • Version 2.9.10
    • Version 2.9.8
    • Version 2.9.7
    • Version 2.9.6
    • Version 2.9.5
    • Version 2.9.4
    • Version 2.9.3a
    •  Version 2.9.2
    • Version 2.9.1
    • Version 2.9
    • Version 2.8
    • Version 2.7 and 2.7.1
    • Version 2.6.1
    •  Version 2.6
    • Version 2.5.1
    • Version 2.5
    • Version 2.4
    • Version 2.3
    • Version 2.2
    • Version 2.1
    • Version 2.0.1
    • Version 2.0
    • Version 2.0 Release Candidate 2
    • Version 2.0 Release Candidate 1
    • Version 1.99.12 Prerelease
    • Version 1.99.11 Prerelease
    • Version 1.99.10 Prerelease
    • Version 1.99.9 Early Access Prerelease
    • Version 1.99.8 Early Access Prerelease
    • Version 1.99.7 Early Access Prerelease
    • Version 1.99.6 Early Access Prerelease
    • Version 1.99.5 Early Access Prerelease
    • Version 1.99.4 Early Access Prerelease
    • Version 1.99.3 Early Access Prerelease
    • Version 1.99.2 Early Access Prerelease
    • Version 1.99.1 Early Access Prerelease
• End of life statements
  • PowerDNS Authoritative Server 3.x
  • PowerDNS Authoritative Server 2.x
• Frequently Asked Questions
  • Replication
    • My PowerDNS Authoritative Server does not send NOTIFY messages
    • My PowerDNS Authoritative Server does not start AXFRs
    • Can PowerDNS Server act as Secondary and Primary at the same time?
    • How can I limit Zone Transfers (AXFR) per Domain?
    • I have a working Autoprimary/Autosecondary setup but when I remove Zones from the Primary they still remain on the Secondary. Am I doing something wrong?
  • Operational
    • The ADDITIONAL is section different than BIND’s answer, why?
    • PowerDNS does not give authoritative answers, how come?
    • Primary or Secondary support is not working, PowerDNS is not picking up changes
    • My primaries won’t allow PowerDNS to access zones as it is using the wrong local IP address
    • PowerDNS does not answer queries on all my IP addresses (and I’ve ignored the warning I got about that at startup)
    • Linux Netfilter says your conntrack table is full?
    • I get an error about writing to /etc
  • Backends
    • Does PowerDNS support splitting of TXT records (multipart or multiline) with the MySQL backend?
    • I see this a lot of “Failed to execute mysql_query” or similar log-entries
    • Which backend should I use? There are so many!
    • Can I launch multiple backends simultaneously?
    • I’ve added extra fields to the domains and/or records table. Will this eventually affect the resolution process in any way?
    • Can I specify custom sql queries for the gmysql / gpgsql backend or are those hardcoded?
• Backend writers’ guide
  • Notes
  • Simple read-only native backends
  • A sample minimal backend
  • Interface definition
    • Classes
    • Methods
  • Reporting errors
  • Declaring and reading configuration details
  • Read/write secondary-capable backends
  • Autoprimary/autosecondary capability
  • Read/write primary-capable backends
  • DNS update support
  • Domain metadata support
  • TSIG keys
  • DNSSEC support
  • Miscellaneous
    • ENT (Empty Non-Terminal)
    • Storage classes
• Compiling PowerDNS
  • Getting the sources
  • Dependencies
  • Optional dependencies
    • ed25519 support with libsodium
    • systemd notify support
• Cryptographic software and export control
  • Specific United States Export Control Notes
• Internals
  • How PowerDNS translates DNS queries into backend queries
• Supported Record Types
  • A
  • AAAA
  • AFSDB
  • ALIAS
  • APL
  • CAA
  • CERT
  • CDNSKEY
  • CDS
  • CNAME
  • CSYNC
  • DNSKEY
  • DNAME
  • DS
  • HINFO
  • HTTPS
  • KEY
  • LOC
  • MX
  • NAPTR
  • NS
  • NSEC, NSEC3, NSEC3PARAM
  • OPENPGPKEY
  • PTR
  • RP
  • RRSIG
  • SMIMEA
  • SOA
  • SPF
  • SSHFP
  • SRV
  • SVCB, HTTPS
  • TKEY, TSIG
  • TLSA
  • TXT
  • URI
  • ZONEMD
  • Other types
  • Unknown DNS Resource Record (RR) Types
• PowerDNS/dnsdist license