Skip to content

PowerDNS Add-ons

For various enhancements

NEW

PowerDNS Recursor Plexus

Recursor Plexus enables seamless information sharing across multiple PowerDNS Recursors within a recursive DNS setup. It integrates NATS to distribute data such as authoritative server status among instances and supports cache sharing during startup.

Beyond data exchange, Recursor Plexus helps preserve runtime state across restarts. When a PowerDNS Recursor is restarted, Plexus automatically restores the necessary state information to ensure continuity.

NEW

Lightning Stream

PowerDNS Lightning Stream seamlessly synchronizes zone updates in the PowerDNS Authoritative Server. It aligns changes between a local LMDB and an S3-compatible bucket in near real-time, enabling fast, scalable one- or two-way replication.

Ideal for distributed, large-scale deployments, Lightning Stream simplifies DNS replication, ensuring a globally consistent data view within seconds. It also synchronizes zone data and DNSSEC keys across multiple PowerDNS servers, even in environments with concurrent write operations.


threat-intelligence-and-content-categorization

Threat Intelligence and Content Categorization

PowerDNS Recursor comes with out-of-the-box support for all major threat intelligence and content categorization providers. Various feeds are available for customers to choose from. These feeds provide block- and allow-lists to enable DNS-based filtering and blocking of malicious traffic for the Infrastructure Malware Protection add-on, as well as for PowerDNS Protect.


infrastructure-malware-protection

Infrastructure Malware Protection

Infrastructure Malware Protection enhances PowerDNS Recursor with system-wide, DNS-based threat filtering. Built on RPZ, it enables the blocking, redirection, or modification of DNS responses to protect users and ensure regulatory compliance across the entire subscriber base. Backed by comprehensive and continuously updated malware threat intelligence, this add-on defends against malware, phishing, and other malicious activity – keeping networks secure with the latest protections.

On a more granular level, per subscriber control options or per device filtering settings can be achieved by using PowerDNS Protect, instead of Infrastructure Malware Protection.


DNSdist Defender

DNSdist Defender takes the robust Lua capabilities of DNSdist to the next level, providing a user-friendly and efficient solution for filtering malicious DNS traffic. Combined with simple configuration options for per-subscriber rate-limiting and DDoS protection, it transforms DNSdist into a comprehensive DNS firewall that offers:

  • Prevention of DNS tunneling and data exfiltration
  • Mitigation of pseudo-random subdomain (PRSD) attacks
  • Protection against DNS reflection/amplification threats
  • Defense against device takeovers via command-and-control (C2) attempts
DNSdist Defender

dstore powerDNS

dstore

dstore routes and filters protobuf messages to various destinations (like Kafka) to log of DNS requests on a datastore. This helps with storing DNS events (queries, responses, latency and records) for further investigation of DNS related problems and gives insight in blocking of specific requests. Using its component dstore-dist, dstore can send protobuf messages to different destinations and acts as a distributor of the protobuf messages that are generated by PowerDNS Recursor and DNSdist. dstore-dist comes with a set of destinations, which indicate all the possible destinations for a message. It is also configured with a set of routes; each route can send messages to one or more destinations and can be configured to perform filtering on the messages. dstore-dist is configured using a YAML-based configuration file. dstore-dist can perform sampling and reports Top N domains to provide an overview of most-requested domains.

Explore the documentation to learn more about dstore.


ZoneControl

ZoneControl is the graphical web-based interface for managing domains. It provides all the features necessary to manage a large number of domains. In addition, it provides “one-click” DNSSEC. It allows role-based access so specific people or departments can manage specific domains. ZoneControl also includes version and history management to smoothly reverse changes. Reports and stats let you keep track of trends and provide a simple way to analyze your authoritative performance.

Explore the documentation to learn more about ZoneControl.

zone-control

Contact us to learn more about our products.