PowerDNS dnsdist

dnsdist is a highly DNS-, DoS- and abuse-aware loadbalancer. Its goal in life is to route traffic to the best server, delivering top performance to legitimate users while shunting or blocking abusive traffic.

dnsdist is dynamic, its configuration language is Lua and it can be can be changed at runtime, and its statistics can be queried from a console-like interface or an HTTP API.

dnsdist is used to protect and optimize the DNS traffic of hundreds of millions of internet subscribers.

Please find a list of major features below.

To verify the presence or absence of a desired feature, please consult the documentation or contact us. A full list of supported standards can be found in our compliance table. Complete documentation for dnsdist can be found here.

Common to all PowerDNS products:

  • IPv4, UDP/TCP
  • IPv6, UDP/TCP, 100% compliant
  • Remotely pollable statistics for real time graphing
  • High performance
  • SNMP statistics bridge (read only)


  • Dynamically route queries to backend servers
  • Advanced anti-spoofing measures
  • Reconfiguration without downtime
  • Kernel based filtering of harmful traffic, rejecting packets at 'line speed'
  • Internal Lua-based scripted answer generation
  • Question interception, answer reconditioning, NXDOMAIN redirection
    • Including ‘block lists’ and security measures
  • Built-in memory efficient cache for increased performance
  • Ability to continue serving data from cache for non-responsive backends
  • Smart rate limiting per user, per subnet, per domain
  • Capable of writing dynamic rules to block harmful traffic