Google Summer of Code

Welcome to the 'PowerDNS GSoC 2022' idea page. This page gives an overview of a number of projects and ideas that we think will be beneficial for PowerDNS and the PowerDNS users, and are suitable projects for participants of Google Summer of Code. We hope to give you an idea of the improvements we propose, and of PowerDNS and its community in general.

PowerDNS has an active community, and many ideas about improvements are discussed, which often lead to new feature requests, significant improvements, or proposals. Of course, as with any Open Source software project, some are implemented quicker than others, and the speed of implementation also depends on the active participation of those who think a certain feature is worthwhile.

Introduction to PowerDNS

PowerDNS is a suite of open source DNS software, consisting of the Authoritative Server, the PowerDNS Recursor and dnsdist. These three combined span the entire DNS eco-system from end-user facing DNS services (dnsdist and Recursor), to domain name hosting (Authoritative server). DNS has gained importance in recent years, since fast, accurate and trustworthy DNS responses are vital for the functioning of the modern internet. We saw many innovations, including the advent of encrypted DNS (DoH/DoT). If you are interested, we invite you to have a look at our repository on GitHub where our development happens.

PowerDNS also has an active community, so if you are interested in getting to know PowerDNS and its community, we invite you to come to the IRC channel and meet the PowerDNS developers on #powerdns on OFTC (irc.oftc.net). Besides a very active IRC channel, we have a low traffic mailing list pdns-users and a blog.

List of proposals

See below for more details on the various proposals.

  • Rustls support in DNSDist
  • outgoing DNS over QUIC support in DNSDist
  • AF_XDP support in DNSDist
  • Refactoring of the PowerDNS Authoritative TCP stack

How to start

If you are interested in one of our proposals, please try to find a bit of time to familiarize yourself with the related software by reading the documentation, trying to install it and perhaps even compile it from source. You can also reach out to our community via IRC, as explained above, to ask questions or just to introduce yourself. If you really cannot use IRC, you can also contact our mentors directly by e-mail at remi.gacogne [at] powerdns [dot] com, but be aware that we will be a lot quicker to reply on IRC.

Once the application period has opened, you have to submit your application on the Google Summer of Code website. Your application must be written in English and contain:

  • a detailed description of your project proposal
  • your experience with the required programming language
  • your past open source contributions, if any

Note that having already contributed to the PowerDNS project, even with a small pull request fixing a typo in the documentation, goes a long way if we have to decide between several applications for the same idea.

More detailed description of proposals

Add Rustls support to DNSDist

DNSDist is an open-source DNS load-balancer, written in C++, providing support for encrypted DNS: DNS over TLS and DNS over HTTPS. It is used in front of several public resolvers, including Quad9, and sees a lot of traffic. There are currently two TLS libraries supported by DNSDist, OpenSSL and GnuTLS, and adding support for a memory-safe library like Rustls would be a great improvement. There is already an abstraction layer encapsulating TLS operations in DNSDist, but some discrepancies between the API provided by Rustls and the ones of existing libraries will likely will have to be dealt with. Ideally Rustls support could be enabled at compile time, and later selected in the configuration.

That proposal would require someone familiar enough with Rust and its build system to design a good integration into DNSDist, and familiar enough with C++ to expand the existing code abstracting TLS libraries. A basic knowledge of DNS might be useful to test the end result but should not not required.

That idea would be mentored by Rémi Gacogne, who is currently leading the development of DNSDist at PowerDNS.

The expected load is roughly 175 hours. This is an exploratory project as it would be the first integration of a Rust library into the codebase, and its difficulty should be medium.

Add outgoing DNS over QUIC support to DNSDist

DNSDist is an open-source DNS load-balancer, written in C++, providing support for encrypted DNS: DNS over TLS and DNS over HTTPS. It is used in front of several public resolvers, including Quad9, and sees a lot of traffic. Currently the DNS over TLS and DNS over HTTPS are supported between the client and DNSDist (incoming) and between DNSDist and its backend (outgoing). Some preliminary work has been done on integrating incoming DNS over QUIC using ngtcp2 but that work has not been integrated yet, and the community has been asking for an outgoing DNS over QUIC integration to improve privacy without losing performance.

That proposal would require someone familiar enough with C++ and DNS to expand the existing code base. Some experience with QUIC would help as well.

That idea would be mentored by Rémi Gacogne, who is currently leading the development of DNSDist at PowerDNS.

The expected load is roughly 350 hours. This will not be an easy project because it will require to integrate with several parts of DNSDist, and to design new parts.

Add AF_XDP support to DNSDist

DNSDist is an open-source DNS load-balancer, written in C++, often deployed in front of DNS servers to deal with denial of service attacks. It is used by several public resolvers, including Quad9, and sees a lot of traffic and often dealing with more than 100k queries per second. Knot DNS, another open-source DNS server, has been getting a very nice performance boost by implementing AF_XDP for UDP traffic, and it would make sense to see if DNSDist can benefit from that as well, which would make a lot of people happy!

That proposal would require someone familiar enough with C++ and AF_XDP or io_uring. Some experience with DNS might help but should not be required.

That idea would be mentored by Rémi Gacogne, who is currently leading the development of DNSDist at PowerDNS.

The expected load is roughly 350 hours. This will not be an easy project because it will require significant work to integrate the mechanisms of AF_XDP into the existing code of DNSDist.

Refactoring of the PowerDNS Authoritative TCP stack

The PowerDNS Authoritative server is an open-source DNS server and the leading DNSSEC implementation used by many of the world's larger domain hosters. Its current TCP implementation using one thread per connection does not scale well to today's needs, and a refactoring has been contemplated by the community for quite some time. Two design ideas have been proposed in the issue tracker: https://github.com/PowerDNS/pdns/issues/10446

That proposal would require someone familiar enough with C++ and DNS.

The idea would be mentored by Rémi Gacogne and Peter van Dijk, who have been working at PowerDNS for several years.

The expected load is roughly 350 hours. This should be a project of medium difficulty, and a lot of interest and help from the community should be expected.