PowerDNS Authoritative Server¶
- Overview
- Getting Started
- Features
- DNS Modes of Operation
- Performance and Tuning
- DNSSEC
- Per zone settings: Domain Metadata
- ALLOW-AXFR-FROM
- ALLOW-DNSUPDATE-FROM, FORWARD-DNSUPDATE, NOTIFY-DNSUPDATE, SOA-EDIT-DNSUPDATE
- ALSO-NOTIFY
- API-RECTIFY
- AXFR-MASTER-TSIG
- AXFR-SOURCE
- ENABLE-LUA-RECORDS
- GSS-ACCEPTOR-PRINCIPAL
- GSS-ALLOW-AXFR-PRINCIPAL
- IXFR
- LUA-AXFR-SCRIPT
- NSEC3NARROW
- NSEC3PARAM
- PRESIGNED
- PUBLISH-CDNSKEY, PUBLISH-CDS
- RFC1123-CONFORMANCE
- SIGNALING-ZONE
- SLAVE-RENOTIFY
- SOA-EDIT
- SOA-EDIT-API
- TSIG-ALLOW-AXFR
- TSIG-ALLOW-DNSUPDATE
- Extra metadata
- Dynamic DNS Update (RFC 2136)
- Catalog Zones (RFC 9432)
- TSIG
- Views
- Lua Records
- Guides and How Tos
- Basic setup: configuring database connectivity
- Migrating from using recursion on the Authoritative Server to using a Recursor
- Running Virtual Instances
- Using ALIAS records
- Using SVCB and derived records
- KSK Rollover
- KSK Rollover using CDS & CDNSKEY Key Rollover
- ZSK Rollover
- Algorithm Rollover
- Adding new DNS record types
- Backends
- HTTP API
- Configuration
8bit-dnsallow-axfr-ipsallow-dnsupdate-fromallow-notify-fromallow-unsigned-autoprimaryallow-unsigned-notifyallow-unsigned-supermasteralso-notifyany-to-tcpapiapi-keyautosecondaryaxfr-fetch-timeoutaxfr-lower-serialcache-ttlcarbon-instancecarbon-intervalcarbon-namespacecarbon-ournamecarbon-serverchrootsecondary-check-signature-freshnessconfig-dirconfig-nameconsistent-backendscontrol-consoledaemondefault-api-rectifydefault-catalog-zonedefault-ksk-algorithmdefault-ksk-sizedefault-publish-cdnskeydefault-publish-cdsdefault-soa-contentdefault-soa-editdefault-soa-edit-signeddefault-soa-edit-apidefault-soa-maildefault-soa-namedefault-ttldefault-zsk-algorithmdefault-zsk-sizedelay-notificationsdirect-dnskeydirect-dnskey-signaturedisable-axfrdisable-axfr-rectifydisable-syslogdistributor-threadsdname-processingdnsproxy-udp-port-rangednssec-key-cache-ttldnsupdatednsupdate-require-tsigdo-ipv6-additional-processingdomain-metadata-cache-ttledns-cookie-secretedns-subnet-processingenable-gss-tsigenable-lua-recordsentropy-sourceexpand-aliasresolve-across-zonesforward-dnsupdateforward-notifyguardianignore-unknown-settingsinclude-dirlaunchload-moduleslocal-addresslocal-address-nonexist-faillocal-ipv6local-ipv6-nonexist-faillocal-portlog-dns-detailslog-dns-querieslog-timestamplogging-facilitylogging-structuredloglevelloglevel-showlua-axfr-scriptlua-consistent-hashes-cleanup-intervallua-consistent-hashes-expire-delaylua-global-include-dirlua-health-checks-expire-delaylua-health-checks-intervallua-prequery-scriptlua-records-exec-limitlua-records-insert-whitespacemastermax-cache-entriesmax-ent-entriesmax-include-depthmax-generate-stepsmax-nsec3-iterationsmax-packet-cache-entriesmax-queue-lengthmax-signature-cache-entriesmax-tcp-connection-durationmax-tcp-connectionsmax-tcp-connections-per-clientmax-tcp-transactions-per-connmodule-dirnegquery-cache-ttlno-configno-shufflenon-local-bindonly-notifyoutgoing-axfr-expand-aliasoverload-queue-lengthprevent-self-notificationprimaryproxy-protocol-fromproxy-protocol-maximum-sizequery-cache-ttlquery-local-addressquery-local-address6query-loggingqueue-limitreceiver-threadsresolverretrieval-threadsreuseportrngsecondarysecondary-do-renotifysecurity-poll-suffixsend-signed-notifyserver-idsetgidsetuidsigning-threadsslaveslave-cycle-intervalslave-renotifysoa-expire-defaultsoa-minimum-ttlsoa-refresh-defaultsoa-retry-defaultsocket-dirsuperslavesvc-autohintstcp-control-addresstcp-control-porttcp-control-rangetcp-control-secrettcp-fast-opentcp-idle-timeouttraceback-handlertrusted-notification-proxyudp-truncation-thresholdupgrade-unknown-typesversion-stringviewswebserverwebserver-addresswebserver-allow-fromwebserver-hash-plaintext-credentialswebserver-loglevelwebserver-max-bodysizewebserver-connection-timeoutwebserver-passwordwebserver-portwebserver-print-argumentswrite-pidworkaround-11804xfr-cycle-intervalxfr-max-received-mbyteszone-cache-refresh-intervalzone-metadata-cache-ttl
- Security of PowerDNS
- Changelogs
- Changelogs for 5.1.x
- Changelogs for 5.0.x
- Changelogs for 4.9.x
- Changelogs for 4.8.x
- Changelogs for 4.7.x
- Changelogs for 4.6.x
- Changelogs for 4.5.x
- Changelogs for 4.4.x
- Changelogs for 4.3.x
- Changelogs for 4.2.x
- Changelogs for 4.1.x
- Changelogs for 4.0.x
- PowerDNS Authoritative Server 4.0.9
- PowerDNS Authoritative Server 4.0.8
- PowerDNS Authoritative Server 4.0.7
- PowerDNS Authoritative Server 4.0.6
- PowerDNS Authoritative Server 4.0.5
- PowerDNS Authoritative Server 4.0.4
- PowerDNS Authoritative Server 4.0.3
- PowerDNS Authoritative Server 4.0.2
- PowerDNS Authoritative Server 4.0.1
- PowerDNS Authoritative Server 4.0.0
- PowerDNS Authoritative Server 4.0.0-rc2
- PowerDNS Authoritative Server 4.0.0-beta1
- PowerDNS Authoritative Server 4.0.0-alpha3
- PowerDNS Authoritative Server 4.0.0-alpha2
- PowerDNS Authoritative Server 4.0.0-alpha1
- Changelogs for 3.x and older
- PowerDNS Authoritative Server 3.4.9
- PowerDNS Authoritative Server 3.4.8
- PowerDNS Authoritative Server 3.4.7
- PowerDNS Authoritative Server 3.4.6
- PowerDNS Authoritative Server 3.3.3
- PowerDNS Authoritative Server 3.4.5
- PowerDNS Authoritative Server 3.3.2
- PowerDNS Authoritative Server 3.4.4
- PowerDNS Authoritative Server 3.4.3
- PowerDNS Authoritative Server 3.4.2
- PowerDNS Authoritative Server 3.4.1
- PowerDNS Authoritative Server 3.4.0
- PowerDNS Authoritative Server version 3.3.1
- PowerDNS Authoritative Server version 3.3
- PowerDNS Authoritative Server 3.2
- PowerDNS Authoritative Server 3.1
- Changes between RC1 and RC2
- Authoritative Server version 2.9.22.6
- Authoritative Server version 2.9.22.5
- PowerDNS Authoritative Server 3.0.1
- PowerDNS Authoritative Server 3.0
- Authoritative Server version 2.9.22
- Authoritative Server version 2.9.21.2
- Authoritative Server version 2.9.21.1
- PowerDNS Authoritative Server version 2.9.21
- Version 2.9.20
- Version 2.9.19
- Version 2.9.18
- Version 2.9.17
- Version 2.9.16
- Version 2.9.15
- Version 2.9.14
- Version 2.9.13
- Version 2.9.12
- Version 2.9.11
- Version 2.9.10
- Version 2.9.8
- Version 2.9.7
- Version 2.9.6
- Version 2.9.5
- Version 2.9.4
- Version 2.9.3a
- Version 2.9.2
- Version 2.9.1
- Version 2.9
- Version 2.8
- Version 2.7 and 2.7.1
- Version 2.6.1
- Version 2.6
- Version 2.5.1
- Version 2.5
- Version 2.4
- Version 2.3
- Version 2.2
- Version 2.1
- Version 2.0.1
- Version 2.0
- Version 2.0 Release Candidate 2
- Version 2.0 Release Candidate 1
- Version 1.99.12 Prerelease
- Version 1.99.11 Prerelease
- Version 1.99.10 Prerelease
- Version 1.99.9 Early Access Prerelease
- Version 1.99.8 Early Access Prerelease
- Version 1.99.7 Early Access Prerelease
- Version 1.99.6 Early Access Prerelease
- Version 1.99.5 Early Access Prerelease
- Version 1.99.4 Early Access Prerelease
- Version 1.99.3 Early Access Prerelease
- Version 1.99.2 Early Access Prerelease
- Version 1.99.1 Early Access Prerelease
- Appendices
- Internals
- Compiling PowerDNS
- Backend writers’ guide
- Notes
- Simple read-only native backends
- A sample minimal backend
- Interface definition
- Reporting errors
- Declaring and reading configuration details
- Read/write secondary-capable backends
- Autoprimary/autosecondary capability
- Read/write primary-capable backends
- DNS update support
- Domain metadata support
- TSIG keys
- DNSSEC support
- Miscellaneous
- Cryptographic software and export control
- Frequently Asked Questions
- Supported Record Types
- End of life statements
- PowerDNS/dnsdist license
- Manual Pages
- Security Advisories
- PowerDNS Security Advisory 2022-01: incomplete validation of incoming IXFR transfer in Authoritative Server and Recursor
- PowerDNS Security Advisory 2021-01: Specific query crashes Authoritative Server
- PowerDNS Security Advisory 2020-06: Various issues in our GSS-TSIG support
- PowerDNS Security Advisory 2020-05: Leaking uninitialised memory through crafted zone records
- PowerDNS Security Advisory 2019-06: Denial of service via crafted zone records
- PowerDNS Security Advisory 2019-05: Denial of service via NOTIFY packets
- PowerDNS Security Advisory 2019-04: Denial of service via crafted zone records
- PowerDNS Security Advisory 2019-03: Insufficient validation in the HTTP remote backend
- PowerDNS Security Advisory 2018-05: Packet cache pollution via crafted query
- PowerDNS Security Advisory 2018-03: Crafted zone record can cause a denial of service
- PowerDNS Security Advisory 2018-02: Buffer overflow in dnsreplay
- PowerDNS Security Advisory 2017-04: Missing check on API operations
- PowerDNS Security Advisory 2016-05: Crafted zone record can cause a denial of service
- PowerDNS Security Advisory 2016-04: Insufficient validation of TSIG signatures
- PowerDNS Security Advisory 2016-03: Denial of service via the web server
- PowerDNS Security Advisory 2016-02: Crafted queries can cause abnormal CPU usage
- PowerDNS Security Advisory 2016-01: Crafted queries can cause unexpected backend load
- PowerDNS Security Advisory 2015-03: Packet parsing bug can lead to crashes
- PowerDNS Security Advisory 2015-02: Packet parsing bug can cause thread or process abortion
- PowerDNS Security Advisory 2015-01: Label decompression bug can cause crashes or CPU spikes
- PowerDNS Security Advisory 2012-01: PowerDNS Authoritative Server can be caused to generate a traffic loop
- PowerDNS Security Advisory 2008-03: Some PowerDNS Configurations can be forced to restart remotely
- PowerDNS Security Advisory 2008-02: By not responding to certain queries, domains become easier to spoof
- Older security advisories