Skip to content

PowerDNS dstore

DNS Data Storage for Reporting and Investigation 

Enhance your PowerDNS infrastructure with dstore, a high-performance data storage backend. dstore processes Protocol Buffer (protobuf) log messages from PowerDNS Recursor and DNSdist. It receives events over the network, distributes them to multiple destinations, converts them into different formats, and aggregates them into reports. This simplifies the investigation of DNS-related issues and provides valuable insights into blocked or suspicious requests.

dstore powerDNS
INVESTIGATE
DETECT AND ANALYZE SUSPICIOUS DNS BEHAVIOR

  Detailed Insights into Queries, Responses, and Decisions

The protobuf messages received by dstore provide detailed insights into DNS queries, responses, and policy decisions. The messages include key information such as the IP address of the client initiating the query, the receiving IP address, the transport protocol (UDP or TCP), a timestamp, and query details including qname, qtype, and qclass.

Response-related messages further enrich this data by including record details such as name, type, class, and rdata for A, AAAA, and CNAME records, as well as the corresponding response code. If a Response Policy Zone (RPZ) or a custom Lua policy is applied, the message also contains the policy name and associated tags. This comprehensive level of detail makes it significantly easier to detect, analyze, and respond to potentially compromised hosts.

OBSERVE
GAIN FULL VISIBILITY INTO YOUR DNS ENVIRONMENT

Visualize and Monitor Your Data 

All dstore components expose Prometheus metrics via HTTP(S), enabling seamless integration into modern monitoring environments. These metrics can be collected using Prometheus, visualized through tools such as Grafana, and used to trigger alerts based on custom rules. This provides full visibility into your DNS environment and enables proactive monitoring.
OBSERVATORY-1
tree
ROUTE
FORWARD AND FILTER DNS DATA FLEXIBLY

  Flexible Routing and Data Distribution

With its core component dstore-dist, dstore acts as a central distributor for protobuf messages generated by PowerDNS Recursor and DNSdist. Messages can be routed to multiple destinations, and each route can apply filtering before forwarding data.

A YAML-based configuration enables a simple and flexible setup. In addition, dstore-dist supports sampling and can generate Top N domain reports, providing a clear overview of the most frequently requested domains.

Curious to learn more?

Want to dive deeper into PowerDNS dstore?

Check out our documentation for full details.

COMBINE
CONNECT SPECIALIZED COMPONENTS SEAMLESSLY

Modular Architecture

dstore consists of several components that work together to collect and process DNS data across your infrastructure:

dstore-dist – primary daemon for receiving and processing events

dstore-dist-top-reporter – generates reports from protobuf messages

dstore-dist-eventforwarder – stores events related to DNS filtering

dstore-dist-report-api – provides access to filtering-related reports

dnspcap2protobuf – converts PCAP files into protobuf messages

Interested in learning more about PowerDNS dstore or receiving a quote?