The PowerDNS Platform delivers all the capabilities of our unmodified Open Source products together with powerful ready-to-use additional capabilities. This is delivered without sacrificing the modularity and flexibility of an Open Source solution, but also with guaranteed performance levels and top notch support.

In short, with the Platform, we aim to be "the most open of the commercial DNS suppliers", or the other way around "the best commercially deployable open DNS solution".

The PowerDNS Platform features:

  • The existing Open Source workhorses: Authoritative Server, dnsdist and Recursor
  • A centralized control panel for these components
    • Zone management
    • Error log searching
    • Cache flushing
  • Integrated graphing and monitoring
    • Aggregate
    • Per server
  • Operator friendly licensing that does not require additional licenses to unlock performance of more cores or more servers
  • Modest hardware requirements
    • Supports virtual machines, Network Function Virtualization (NFV) version available
    • No dedicated appliance required
  • Certified performance up to millions of queries/second
    • Guaranteed numbers for 100%, 98% and 90% cache hit rates
    • Typical production numbers per commodity (8GB ram, 8 cores) server: 400kqps of real live traffic including botnet and malware traffic
    • Under benchmarking conditions: millions of queries/second
    • We can commit to performance levels on your existing hardware
  • Full solution for malware blocking, detection, parental control, ad-blocking

Services, SLAs

  • 24/7 dedicated support
  • Optional live telemetry reporting of all statistics to PowerDNS Support which enables more rapid problem resolution and reduced staff load when diagnosing problems
  • Latency monitoring for best subscriber/customer experience

Network features, Large scale query logging/querying, Security

  • Built-in DoS protection / service assurance under malware attack
    • Deflects random domain subnet query attacks
    • Rate-limits customers making excessive queries
    • Quarantines infected users to dedicated 'abuse' pool
    • Is not a substitute for network level filtering of multi-gigabit attacks
  • Long term full query logging & rapid searching
    • Dimensioned at a trillion queries/day (1000 billion) on commodity hardware with long term retention
    • For security research, lawful intercept/data retention requirements, customer intelligence, quality assurance/diagnostics
  • Network based fail-over and load-balancing
    • ECMP
    • Anycast
    • OSPF
  • Native load balancing with DNS-specialized load-balancing rules
    • Query concentration for enhanced cache hit rate
    • Smooth server startup with no customer disruption
  • Out of the box production support for DNS64
  • Recovery of subscriber identity through (CG)NAT

Ease of management

  • Fully automated deployment & configuration management
    • Deploy new ACLs, new IP addresses, new features, new versions with ease
  • Easy deployment of (court ordered) DNS blocking lists
    • Global
    • Per region
    • Per subscriber
  • Web-based control panel

Selective filtering, parental control, malware protection & detection

  • Selective filtering based on leading categorization & filtering partners:
    • Parental control, selective parental control (DNS & URL based, per-device, per-subscriber)
    • Malware filtering, selective malware filtering (DNS & URL based, per-device, per-subscriber)
    • Ad-filtering, selective ad-filtering (DNS & URL based, per-device, per-subcriber)
    • Modest hardware requirements (8GB of RAM)
  • Comes with subscriber self-management module
    • And API to integrate with existing customer portals
  • Selective filtering options
    • Scales to tens of millions of customers
    • Preference changes communicated instantly
    • Select categories to be filtered (malware, 'child friendly', 'brand safe', advertising)
    • Per subscriber preset filter sets ('light, medium, heavy' filtering for example)
    • Time-window for filtering ('no filtering at night')
    • Per subscriber blacklist and whitelist
    • Highly modular to support any use case or existing categorization lists
    • Out of the box support for:
      • Zvelo
      • WebROOT
      • ThreatSTOP (RPZ)
      • Spamhaus (RPZ)
      • Farsight (RPZ)
  • IP/Customer tracking infrastructure that ingests from
    • Radius
    • DHCP
    • Custom sources
  • Support for CGNAT/DS-LITE port mapping to identify customers
  • Per-device instead of per-subscriber settings with aid of CPE
    • Inject MAC address or other identifier using industry standard protocols
  • NXDOMAIN redirection & advertising landing page

Subscriber communications

  • In-browser messaging
    • Inject messages in subscriber web browser to solve the problem that customers can't be reached via email
    • Can also be used to inform user of detection of infected traffic