Skip to content

PowerDNS dstore

DNS Data Storage for Reporting and Investigation 

 

Enhance your PowerDNS infrastructure with dstore, a high-performance data storage backend. dstore processes Protocol Buffer (protobuf) log messages from PowerDNS Recursor and DNSdist. It receives events over the network, distributes them to multiple destinations, converts them into different formats, and aggregates them into reports. This simplifies the investigation of DNS-related issues and provides valuable insights into blocked or suspicious requests.

dstore powerDNS

Detailed Insights into Queries, Responses, and Decisions

The protobuf messages received by dstore provide detailed insights into DNS queries, responses, and policy decisions. The messages include key information such as the IP address of the client initiating the query, the receiving IP address, the transport protocol (UDP or TCP), a timestamp, and query details including qname, qtype, and qclass.

Response-related messages further enrich this data by including record details such as name, type, class, and rdata for A, AAAA, and CNAME records, as well as the corresponding response code. If a Response Policy Zone (RPZ) or a custom Lua policy is applied, the message also contains the policy name and associated tags. This comprehensive level of detail makes it significantly easier to detect, analyze, and respond to potentially compromised hosts.

Curious to learn more?

Discover more details about dstore in our documentation.

With its core component dstore-dist, dstore acts as a central distributor for protobuf messages generated by PowerDNS Recursor and DNSdist. Messages can be routed to multiple destinations, and each route can apply filtering before forwarding data.

A YAML-based configuration enables a simple and flexible setup. In addition, dstore-dist supports sampling and can generate Top N domain reports, providing a clear overview of the most frequently requested domains.

Flexible Routing and Data Distribution

Modular Architecture

dstore consists of several components that work together to collect and process DNS data across your infrastructure:

dstore-dist – primary daemon for receiving and processing events

dstore-dist-top-reporter – generates reports from protobuf messages

dstore-dist-eventforwarder – stores events related to DNS filtering

dstore-dist-report-api – provides access to filtering-related reports

dnspcap2protobuf – converts PCAP files into protobuf messages

dstore architecture

Operate deployments without touching the command line

When changes are needed – configuration updates, new zones, or restarts – you can act and restart deployments directly from the UI. There’s no need to SSH into servers or work through complex Kubernetes commands.

Single Pane of Glass lets you safely manage deployments across all accessible clusters, with full visibility into what’s happening as changes roll out.

Key benefits:

  • Restart deployments directly from the UI
  • Rolling restarts avoid downtime
  • Real-time feedback shows progress and status
  • No need to monitor kubectl or access individual clusters
  • Changes become visible almost instantly
4-Operate deployments without touching the command line

Visualize and Monitor Your Data

All dstore components expose Prometheus metrics via HTTP(S), enabling seamless integration into modern monitoring environments. These metrics can be collected using Prometheus, visualized through tools such as Grafana, and used to trigger alerts based on custom rules. This provides full visibility into your DNS environment and enables proactive monitoring.

Interested in learning more about PowerDNS dstore or receiving a quote?